Is it common for people to use Oathkeeper as a TLS proxy and just remove TLS completely from any services behind Oathkeeper? If Oathkeeper handles TLS instead, that would simplify all my services so I don’t need to worry about each getting their own certs, trust stores, etc.
You can do that if you want, other proxies however make it easier to work with TLS Termination, key rotation, etc. Most set ups use something like Nginx or Traefik in combination with ORY Oathkeeper’s Decision API
Hi, just to clarify, I mean service to service communication, not end user to service. From what I understood, Traefik being an edge router wouldn’t intercept any service to service communication, and only works with requests coming from exposed ports on the host.
I’m saying do you think it is a good idea from a security perspective to still use TLS to communicate between services on the same machine, whether that’s within a private Docker network or the host machine’s ports on localhost?