We have Front-End application(site) that is already exposed to the world with HTTPS+SSL certificate. So here we are ok.
When Front-End Site gets requests , then it sends to back-up application (Written on Java), that is sitting on the same server.
Do i need also to encrypt with SSL the data between the Front-End and Back-End that are actually on the same server?
Also, connection should be done with https or http between them? Or because we want to make it secure then it’s better to do with https between all components in the chain
I think your problem could be abstracted into following questions:
- Is your server secure ?
- Is there any chance, in the future, you will scale up your application?
So, let’s think about answers to these questions together.
Is your server secure?
If you have done things the way it should be, your server is supposed to be well-protected. If so, you don’t need to secure the communication between fron and back end.
Will you scale up your application in the future ?
Hopefully you will have a lot of traffic for your application and will consider scaling up your application in the future. But do you really model the future right now? Possibly not.
Don’t fix anything that ain’t broken.
So, IMHO, you don’t need to do anything at the moment.
There seems to be confusions around the terminologies used in the question. I assumed more than 1 micro-applications, one facing outward (front-end), and another one which is handling back end (back up??) operations. If you are confused FRONT-END with BACK-END as luk2302 suggested, this answer is not relevant at all.