top | item 27803969

(no title)

ingenium | 4 years ago

You can add some protection by putting it behind a reverse proxy like HAProxy or nginx. It's mostly security through obscurity, but in this case it helps a lot unless you're being specifically targeted by someone.

Basically pick a subdomain on a domain you own and have that and only that forward to HA. So the only way to connect to the HA instance from the internet is to know the exact subdomain you've picked for it. Set the proxy to not pass any port 443 traffic unless the subdomain matches one that you've set.

discuss

No comments yet.