My current suspicion is that we don't need to support SSL.
Some reasons I can come up with why SSL should be strictly required:
We want to password-protect our deployment (currently no such plans, will only be deployed internally. CENEPRED can do this protection by other means anyway)
We want to avoid CORS problems (but we'll have the proxy for that ... plus initially at least all services will be hosted behind the same IP address, so no CORS should be raised anyway)
We need to tunnel websockets across proxies (frontend doesn't use websockets anymore; also very unlikely that CENEPRED will have such a setup)
My current suspicion is that we don't need to support SSL.
Some reasons I can come up with why SSL should be strictly required: