[bot403]

Not to mention losing load balancing and failover.

[throw0101a]

Failover can be done with something like keepalived. VRRP/CARP are a thing.

For LB you'll need something in front of your service to bounce connections around, which is replacing one point of failure (DNS) for another (HAproxy, IPVS). Though I guess you can run the LB stack on your app service servers.

[dzr0001]

And making TLS more difficult, especially for HA systems. Guess you would just need one cert for 127.0.0.1 for all local services.

[louwrentius]

Certs support ip addresses? However, /etc/hosts would solve the issue probably, unless I’m missing something

[flumpcakes]

What has /etc/hosts got to do with valid TLS certificates? I think that’s a non-sequitur.

[louwrentius]

You don't need to setup one cert for 127.0.0.1 as stated by the parent comment.