Mautic behind reverse proxy: http or https?

Your software
My Mautic version is: 5.0.3
My PHP version is: 8.1.27
My Database type and version is: 10.6.16-MariaDB-0ubuntu0.22.04.1

What is the proper way to run Mautic behind a reverse proxy? Right now, I have generated an SSL certificate in NPM, and left the Mautic webserver listening on port 80. It appears to be functioning fine, but should I also generate a certificate on the Mautic server and run https between Mautic and NPM?

IMHO you should be fine, no need for “backhand SSL” as of today. All critical things where SSL is required are browser-side and thus agnostic of what is behind the load balancer or other reverse proxy.

2 possibilities;
First, the webserver is on a private LAN
SSL offloading is fine (depending on your internal security policies)

Second, the webserver and the proxy are using a public network (i.e. you’re using CloudFlare)
You’ll need to use 2 SSL. One at the edge. And one on your web server.