Re: Can HAProxy function as a firewall?

2022-05-04 Thread Tom Browder
On Wed, May 4, 2022 at 08:51 Shawn Heisey wrote: ... > Some things that I can think of that I don't think haproxy can do that > you'd expect from a firewall: > > * Permit or deny any traffic other than TCP or UDP. > ** Examples: ICMP, IGMP, GRE, ESP. > * Examine certain application protocols to

Re: Can HAProxy function as a firewall?

2022-05-04 Thread Tom Browder
On Wed, May 4, 2022 at 06:30 Tom Browder wrote: > ... > From what I've seen of HAProxy's configuration, it seems it may be able to > be used as an easy-to-configure firewall immediately downstream from my > ISP's router and inside a small Debian computer feeding another router.

Can HAProxy function as a firewall?

2022-05-04 Thread Tom Browder
I am embarking on a journey to move my remote website servers into a single server inside my home and accessible via DNS to my static IPv4 address. I have been cautioned by fellow Debian users to completely block IPv6 traffic. Additionally, I see conflicting advice about what firewall software to

Re: Question about http compression

2022-02-21 Thread Tom Browder
On Mon, Feb 21, 2022 at 08:21 Lukas Tribus wrote: > Hello, > > > On Mon, 21 Feb 2022 at 14:25, Tom Browder wrote: > > > > I'm getting ready to try 2.5 HAProxy on my system > > and see http comression is recommended. > > I'm not sure we are actively en

Question about http compression

2022-02-21 Thread Tom Browder
I'm getting ready to try 2.5 HAProxy on my system and see http comression is recommended. I am running Apache 2.4.52 and have for years tried to keep its TLS security as good as possible according to what advice I get from the Apache docs and SSL Labs. From those sources I thought https should

Newbie question

2022-02-19 Thread Tom Browder
I am running a single Apache httpd server (2.4.52) with multiple virtual sites, all under TLS with individual Let's Encrypt certs using Apache's managed domain feature. The setup has worked well for years (mostly static, but some using CGI). Now I want to be able to use a reverse proxy to enable

Any cookbook recipes for: Apache+Letsencrypt+ReverseProxy

2020-10-23 Thread Tom Browder
I have a working Apache httpd server (2.4.43 with OpenSSL 1.1.1g) with multiple virtual hosts using SNI on one IPv4, and I would like to have a working reverse proxy behind one or more of those hosts. I am happy to share the configuration for one of my hosts if I could get help in adding HA Proxy

Re: HAProxy and Apache reverse proxy with TLS passthrough

2020-09-03 Thread Tom Browder
On Thu, Sep 3, 2020 at 15:40 Илья Шипицин wrote: > seems, you are talking about SNI routing. i.e. L7 routing based on server > name extension sent in SSL Client Helo. > > will the following work for you ? > >

HAProxy and Apache reverse proxy with TLS passthrough

2020-09-02 Thread Tom Browder
I'm trying to cobble together the following https data flow: <== public internet ==> A. a single IPv4 Apache server with multiple virtual hosts identified by SNI 1. for each virtual host with its unique domain: a. use Apache's managed domain capability to get and keep current a