using encryption in backend if you want to use encryption between proxy and backend there is a few things to watch out for.
Both hosts need valid SSL certificate
either copy the letsencrypt cert to both servers from time to time.
or use your own CA in the backend and only run letsencrypts certbot on the proxy.
on the proxy you could server .well-known locally so certbots verification process works.
Install Certbot sudo apt install snapd sudo snap install core; sudo snap refresh core remove preinstalled certbot versions sudo apt-get remove certbot
install certbo sudo snap install --classic certbot
prepare Certbot command sudo ln -s /snap/bin/certbot /usr/bin/certbot
Troubleshooting certbot doesn’t let you choose domain nginx server proprely configured?
server_name = srv10.kitetrail.net blog.kitetrail.net;
Debians interface config is in: /etc/network/interfaces
# The primary network interface auto ens192 allow-hotplug ens192 iface ens192 inet static address 192.168.1.140/24 gateway 192.168.1.254 # This is an autoconfigured IPv6 interface iface ens192 inet6 auto restart interface:
sudo ifdown ens192
sudo ifup ens192
for bigger changes use: sudo systemctl restart networking