On Wed, May 4, 2022 at 08:51 Shawn Heisey wrote:
> Some things that I can think of that I don't think haproxy can do that
> you'd expect from a firewall:
> * Permit or deny any traffic other than TCP or UDP.
> ** Examples: ICMP, IGMP, GRE, ESP.
> * Examine certain application protocols to
On Wed, May 4, 2022 at 06:30 Tom Browder wrote:
> From what I've seen of HAProxy's configuration, it seems it may be able to
> be used as an easy-to-configure firewall immediately downstream from my
> ISP's router and inside a small Debian computer feeding another router.
I am embarking on a journey to move my remote website servers into a single
server inside my home and accessible via DNS to my static IPv4 address. I
have been cautioned by fellow Debian users to completely block IPv6
traffic. Additionally, I see conflicting advice about what firewall
On Mon, Feb 21, 2022 at 08:21 Lukas Tribus wrote:
> On Mon, 21 Feb 2022 at 14:25, Tom Browder wrote:
> > I'm getting ready to try 2.5 HAProxy on my system
> > and see http comression is recommended.
> I'm not sure we are actively en
I'm getting ready to try 2.5 HAProxy on my system and see http comression
I am running Apache 2.4.52 and have for years tried to keep its TLS
security as good as possible according to what advice I get from the Apache
docs and SSL Labs. From those sources I thought https should
I am running a single Apache httpd server (2.4.52) with multiple virtual
sites, all under TLS with individual Let's Encrypt certs using Apache's
managed domain feature. The setup has worked well for years (mostly static,
but some using CGI).
Now I want to be able to use a reverse proxy to enable
I have a working Apache httpd server (2.4.43 with OpenSSL 1.1.1g) with
multiple virtual hosts using SNI on one IPv4, and I would like to have a
working reverse proxy behind one or more of those hosts.
I am happy to share the configuration for one of my hosts if I could get
help in adding HA Proxy
On Thu, Sep 3, 2020 at 15:40 Илья Шипицин wrote:
> seems, you are talking about SNI routing. i.e. L7 routing based on server
> name extension sent in SSL Client Helo.
> will the following work for you ?
I'm trying to cobble together the following https data flow:
<== public internet ==>
A. a single IPv4 Apache server with multiple virtual hosts
identified by SNI
1. for each virtual host with its unique domain:
a. use Apache's managed domain capability to get
and keep current a
Mail list logo