I wanted to clarify if what I am doing is secure or not…
I have a nodeJS expressJS server running on port 8081. I didn’t want to install an SSL certificate on nodeJS, so I wanted to install it on my apache server. So I was going to redirect the server.mydomain.com through apache2 (using VirtualHost that has a LetsEncrypt SSL/TLS certificate) to localhost:8081 which does not have SSL cert.
Is this considered good practice with regards to: security and performance? Am I right to say that all secure traffic will be hitting apache, and internally redirecting to localhost) or should I bite the bullet and install the cert on nodeJS . (It’s an active development server so I don’t want to keep re-installing certificates on it).
Thanks guys!! really appreciate your help in advance!