Leon's questions

Currently I'm using nginx as a reverse proxy over https and everything that is proxied is itself over https. SSL termination happens at Nginx and since the traffic is over https it get encrypted again before going on its way.

My first instinct was that my public facing servers must use a signed certificate and use SSL passthrough from nginx. Turns out nginx does not allow you to do that. So I started looking at haproxy since it can do SSL passthrough.

And after a lot of reading I started wondering if any of this really matters. I can use self signed certificated once inside my own network.

Is there a reason to use the same certificate on nginx / haproxy as on my servers? Is there any reason not to use self signed certificates for internal traffic?

I have 2 dsl accounts. One is general use which is setup on my router and the second is setup on a server. My router is secured nicely, but I noticed after setting up PPPoe on my server that the router security is completely bypassed and all ports on my server are essentially open to the world.

So I tried this do block all connections on PPP

iptables -A INPUT -i ppp0 -p tcp -j DROP
iptables -I INPUT -i ppp0 -p tcp --dport 563 -j ACCEPT

But now I cannot connect to or from port 563.

I suspect that I am fundamentally misunderstanding how iptables work.

My Development Couchbase server has been stuck rebalancing for 3 days. It has worked its way up to 93% complete on 2 servers and 87% on the last.

How does one go about diagnosing and fixing problems like this?