Categories
Ansible Computing Git HAProxy HowTo Linux Web Services

Continuous Deployment of Load Balancer Configurations

I thought I’d describe some optimizations I’ve made to my load balancers at work, both for the good of the older me, and in case someone would benefit from some of my ideas. Background The load balancers are based on four software packages that integrate to create a powerful whole: Keepalive Daemon provides a common […]

Categories
Computing HAProxy Linux Security Web Services

Securing an Internet accessible server – Part 3

This post is part of a series. Part 1, Part 2. In the last part I briefly mentioned load balancers and proxies. After thinking about it for a while, I realized I see no reason not to run one, since it simplifies things a bit when setting up secure web services. In this part, we […]

Categories
Computing HAProxy Linux Security Web Services

WordPress behind HAProxy with TLS termination

My current project has been to set up a publicly accessible web server with a decent level of security. It has been an interesting exercise in applying “old” knowledge and gathering some new. This weekend I finished this project for now. The current setup is as follows: Behind my firewall, where I NAT port 80 and […]

Categories
Computing Linux Security Web Services

Securing an Internet accessible server – Part 2

In part 1 we made it significantly harder to gain access to our server once it is opened up to the Internet – but we’re not quite ready for that yet. In this post we’re exploring a firewall in Ubuntu, ufw, which stands for “uncomplicated firewall”, and we’ll set up some additional hardening using Fail2Ban to protect ourselves […]

Categories
Computing Linux Security Web Services

Securing an Internet accessible server – Part 1

This article is part of a series. Part 2. Let’s look at a simple scenario, and see how common tools in the Linux and BSD world can help us: We want to be able to remote control a server from wherever in the world, but we really don’t want others to be able to log […]