[MichaelGG]

I don't get point 3. Microservices are for the backend usually, right? You don't want multiple TCP/HTTP[S] connections from the client to all your services - pointless overhead. Worst case scenario, if you need direct client-microservice connectivity, then throw all the services behind nginx and terminate SSL there.

[waqas-]

im talking about when microservices expose apis consumed via ajax. then https-http connections dont work.

[nugator]

As the parent suggested I would terminate the HTTPS connection in an Nginx in front of all your microservices. No microservice needs to handle HTTPS then.

[dx034]

I thought it was recommended to use https between microservices for all communication? Otherwise the user might think their data is encrypted even though it travels plain-text through networks after the first server, as not all services will run in a separated network.

[MichaelGG]

That's entirely up to the app. With Cloudflare it's not even normal for HTTPS to mean your data got to the server encrypted.

And anyways you can solve it in the same way: nginx LBs to terminate SSL internally.

[adaml_623]

Maybe it's such a large publisher that they need separate Nginx instances in front of each of the micro-services.

[philplckthun]

That goes against the basics of load balancing... And it shouldn't even be an issue to have multiple Nginx instances with similar HTTPS configs.