Self Hosted UniFi Controller Server and HA Proxy

I have a self hosted UniFi controller server with Let’s Encrypt already setup and running. Should I be using HA Proxy with my build?

if it makes you happy.

We all have our unique qualities about ourselves and I’m learning that you are unique Tom;).

I’m learning that when I post here that I must ask the right question in order to get a clear unambiguous answer from you or other forum respondents. That said, I’m not looking to have a good feeling about my controller security etc, but get a clear answer to my question. Maybe you answered me in our unique way of speaking to my question and I’m just too much of a newbie to get it or understand your answer.

Let me try again with my question. Is it best security practice to have HA Proxy with a self hosted UniFi controller server?

I don’t want people to think I am ignoring them so I usually respond in one way or another. I am not aware of any security issues in either setup but I have never use Let’s Encrypt with the UniFi controller. Unless there is a request for something different, we usually just leave the UnIFi self signed cert in place.

1 Like

Ok now I understand you, I was just thinking that having the secure lock for the controller in the browser was best security practice for the controller and pfsense etc.

I also watched your HA Proxy video thinking that it would be a good thing to do for the controller, but if it’s not needed or is overkill for a home guy like myself, I get your answer much clearer now and thanks once again Tom.

1 Like

Even with leaving the self signed certificate as is the connection between you and the controller is still encrypted. I know that probably doesn’t sound right because your browser says it’s not secure but if you do a packet capture it is indeed encrypted. If this was a public facing controller I would think to put it in HA proxy in front if you didn’t want to mess with updating the cert in the controller itself but as far as security goes it would be just as vulnerable if you are passing the same ports either from the proxy or from the firewall directly.

1 Like