Today I started with HAProxy on my Pi at home, read my share of the docs and ventured composing a config.
I feel insecure, especially because I want to keep my SSH access. Therefore I would appreciate any help, and pointers to good resources for help.
- A DSL line with a fixed IPv4 and IPv6, and a router opening certain ports to my Pi
- A Pi with Debian Jessie up to date and secured with IPTables
- The Pi serves SSH, Apache (80 & 443), home automation 1 (ports x-z) and 2 (port w), Webmin
I have been advised to use HAProxy to ReverseProxy my home automation server.
I want https://mi_ip/bla/bli specifically go to http://localhost:y/blo/blu.
My questions beforehand:
- Ports I don’t mention in the HAProxy config, are they untampered passed on? E.g., will I have full SSH access if I don’t mention the SSH port?
- Does HAProxy have any other advantages on a single Pi? Can it enhance performance and security?
- Is HAProxy acting before or after IPTables?
I made this draft config file:
listen apache mode http bind *:443 server web localhost listen home_automation.1 mode http bind http://*:x/bla/bli server server1 http://localhost:y/blo/blu listen home_automation.2 mode tcp bind *:z server server2 localhost:p
Apologies if I understand something completely wrong, and thanks for any replies!