I have a situational question regarding HAProxy and the security of the management of the server when using HAProxy to load balance SFTP servers.
With my current setup I’m running 2 ubuntu 20.04 servers. They each have their own IP and a virtual IP that floats back and forth between them with keepalived if there is a failure.
This has worked well. I’m now looking to add an SFTP cluser for HAProxy to load balance. SFTP incoming connections come in through port 22, the same port that remote management is done through ssh with. I would want to allow any IP to connect to the SFTP services but not expose the management of the my servers externally.
This could probably be solved by changing the port SSH uses, but I wanted to ask others and explore what other options there might be to solve this problem.
How have others solved this issue?