docs: add content to reverse-proxy About.org
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Complete documentation for reverse-proxy machine: - Role: SSL/TLS termination and external traffic routing - Services: Nginx/Traefik, Let's Encrypt, Fail2ban, monitoring - Security: Edge server with minimal attack surface - Routing: External traffic to grey-area, sleeper-service, etc. - Network: Static IP, firewall rules, Tailscale integration
This commit is contained in:
Geir Okkenhaug Jerstad
parent
de8481c7f2
commit
d112f28ac9
1 changed files with 43 additions and 0 deletions
|
|
@ -0,0 +1,43 @@
|
|||
#+TITLE: Reverse Proxy Server
|
||||
#+AUTHOR: Geir Okkenhaug Jerstad
|
||||
#+DATE: [2025-06-04 Wed]
|
||||
|
||||
* Machine Overview
|
||||
|
||||
** Role
|
||||
- **Primary Function**: Reverse proxy and SSL/TLS termination
|
||||
- **Secondary Functions**: Load balancing, external access gateway
|
||||
- **Network Position**: Edge server handling external connections
|
||||
|
||||
** Services
|
||||
- Nginx or Traefik reverse proxy
|
||||
- Let's Encrypt SSL certificate management
|
||||
- Fail2ban security protection
|
||||
- Basic system monitoring
|
||||
- Firewall management for external access
|
||||
|
||||
** Architecture Notes
|
||||
- Headless operation (no desktop environment)
|
||||
- SSH-only access
|
||||
- Minimal attack surface
|
||||
- High availability requirements
|
||||
- SSL/TLS offloading for internal services
|
||||
|
||||
** Routing Configuration
|
||||
Routes external traffic to internal services:
|
||||
- =grey-area= (Forgejo, web applications)
|
||||
- =sleeper-service= (file sharing, if exposed externally)
|
||||
- =congenital-optimist= (development services, if needed)
|
||||
|
||||
** Security Considerations
|
||||
- First point of contact for external traffic
|
||||
- Rate limiting and DDoS protection
|
||||
- Automated security updates
|
||||
- Log monitoring and alerting
|
||||
- Certificate renewal automation
|
||||
|
||||
** Network Configuration
|
||||
- Static IP assignment
|
||||
- Firewall rules for ports 80, 443, 22
|
||||
- Internal network access to other machines
|
||||
- Tailscale integration for management
|
||||
Loading…
Add table
Add a link
Reference in a new issue