I never deployed a REST Api on a real server. I am wondering how TLS get implemented. I read that a lot of crazy stuff go on in TLS handshake. It includes asymmetrical encryption (RSA), Diffie-Hellmen Key Exchange and many other things as well. I am wondering how hard it actually is to implement on the backend? Are all things done manually?

Often you would let something else do TLS for you and the API service would just do plain HTTP - so something like a load balancer would strip off TLS

If you want to go the ‘external route’, here's the Docker Compose config to use Caddy as a reverse proxy: https://gitlab.com/clovis-ai/formulaide/-/blob/main/docker/docker-compose.prod.yml#L20 The idea is that incoming HTTPS traffic is sent to Caddy, which decodes it and transmits it to Ktor as HTTP. I like this approach because it is much easier to setup and maintain (Caddy refreshes certificates automatically), however it means that internal traffic is unencrypted.

Why do you want to implement it yourself, if the existing server engines support TLS (except CIO)? And yes, of course, at the end one person has to implement it :D

You can find the related information in the documentation.