OctoPrint HAProxy Config - PrusaMK2Users/MK2_Tips_and_Tricks GitHub Wiki

HAProxy (https://haproxy.org) is a lightweight load balancer that is included in the default OctoPi distribution of OctoPrint. Slack user @cova has created an HAProxy configuration file that improves security in the following ways:

• Separating inbound external connections for stream-viewing only and full OctoPrint control
• Requiring an extra level of authentication for Internet access for OctoPrint control

The enhanced haproxy config adds a second layer of authentication to all HTTPS requests, so that port-forwarding 443 through your router is much safer to do (eg. the webcam feed is protected).

Before exposing your OctoPi configuration to the Internet, you should update the software on your Raspberry Pi using the following commands:

1. run sudo apt-get update
2. run sudo apt-get dist-upgrade

To install this copy, follow the steps below:

1. Download the attached file Enhanced HAProxy Config
2. Edit the last line of the file and replace [user] with your desired user name and [password] with your desired password
3. Copy the existing /etc/haproxy/haproxy.cfg to /etc/haproxy/haproxy.old
4. Save the newly edited file to /etc/haproxy/haproxy.cfg
5. Restart the OctoPrint and haproxy services or restart the Raspberry Pi

Note that for Internet access, your Internet firewall will need to be configured for port forwarding to the OctoPrint Raspberry Pi. Port forward only TCP port 443 for secure remote OctoPrint access. You may additionally port-forward TCP 9080 if you would like to enable anonymous remote webcam viewing

Happy Secure OctoPrinting!