I’ve had a /29 block of static IPs available for the past six years, but with income down and rates up, and up, it’s time to reduce my Internet footprint. I’m moving my self-hosted mail servers to mailboxes provided by my web site hosting account and DNS to an outside provider, but that leaves several services on three NAS machines which I want to be able to access over the web. I do plan on installing a private VPN, but sometimes I need to access my data at home from computers at my day job which I can’t install a VPN client on or even specify destination port numbers. Also, I use the Video Station package on my NAS and I like the flexibility of giving someone a temporary share link to be able to watch one of my shows without having to set up long-term access.
My new 5g service is actually quite a bit faster than my old DSL service, but aside from the lack of static IPs there’s another issue: They don’t support IPv6. I know, I know, and I complained, but their answer was: (quote) “We don’t want people running call centers from behind our IP addresses.” So IPv6 is out as a possible solution, at least for now.
After asking around it seems that my best immediate solution is HaProxy. I’ve got it installed on a Raspberry Pi4 running Ubuntu Server 22.04LTS directly connected to my Mikrotik router. My question concerns configuring it, as the tutorials and instructions I’ve found so far seem to reference http web site servers. A brief summary of the servers and services I’d like to access via web follows; my question is how to configure my new HaProxy installation to recognize and forward the packets correctly (and, hopefully, without kneecapping my intranet throughput on the local LAN). Also, how to configure certificate storage to properly secure access on all of these outside services:
- Management UI on nas1 (192.168.020.201). Incoming packet https://manage.nas1.mydomain.com; forward to 192.168.020.201:5001 (or, alternately, nas1.local:5001). Similar for nas2 and nas3. NOTE: I plan to implement certificate access for the management UIs.
- Video Station on nas1 and nas2 (192.168.020.205). Incoming packet https://video.nas1.mydomain.com to 192.168.020.201:9008 (alternately :9007 for plain http); https://video.nas2.bizdomain.com to 192.168.020.205:9008 (or :9007 for plain http).
- WebDAV for calendars and other info: Incoming packet https://cald.nas1.mydomain.com to 192.168.020.201:5006; also https://cald.nas3.mydomain.com to 192.168.020.210:5006.
- I also have an Apache web server on the same RPi4 which is hosting HaProxy; I’ll be using it to store and serve certificate revocation lists and similar info for my personal CA. So https://info.mydomain.com/crl should resolve to the secure port 443 web server on the RPi4 at 192.168.010.099.
I have some other machines and services in mind as well, but if I can get the configuration up and running properly with these I believe I can figure it out from there. I’m using Mikrotik routers and switches essentially throughout, with most connected hosts (and all servers) wired to Cat5e or Cat6; I do maintain a Wi-fi network but mostly for guests and IoT. So how should my HaProxy installation be configured? Thanks for any help.
![Docker exec display the wrong $PATH in non-interactive command [migrated]](https://www.rubin.com.np/wp-content/themes/customizr/assets/front/img/thumb-standard-empty.png)
