IT notes

haproxy ssh

HTTPS and SSH on the same port Using HAProxy to server SSH and SSL available on the same port: global maxconn 1000000 spread-checks 3 log /var/run/log local0 notice daemon tune.ssl.default-dh-param 2048 defaults mode http balance roundrobin option http-server-close option abortonclose option dontlognull option redispatch timeout check 3s timeout client 30s # Client and server timeout must match the longest timeout connect 5s timeout http-keep-alive 5s timeout http-request 10s # A complete request may never take that long.


HAproxy + HTTP auth + IP SRC Use HTTP Auth when source IP is not from an allowed source: userlist TestUsers user guest insecure-password secret backend test-node acl network_allowed src acl AuthOK http_auth(TempUsers) http-request auth realm Test if !network_allowed !AuthOK server test test.server.tld:80 maxconn 50 check To only allow specific range, for example only GitHub: acl network_allowed src http-request deny if !network_allowed HAproxy + mysql First setup mysql by creating a HAproxy to do the checks: