geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-lab/machines/reverse-proxy/About.org
Geir Okkenhaug Jerstad d112f28ac9
Some checks are pending
🏠 Home Lab CI/CD Pipeline / 🔍 Validate Configuration (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🔨 Build Configurations (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔒 Security Audit (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📚 Documentation & Modules (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 🔄 Update Dependencies (push) Waiting to run
Details
🏠 Home Lab CI/CD Pipeline / 🚀 Deploy Configuration (push) Blocked by required conditions
Details
🏠 Home Lab CI/CD Pipeline / 📢 Notify Results (push) Blocked by required conditions
Details
docs: add content to reverse-proxy About.org 
Complete documentation for reverse-proxy machine:
- Role: SSL/TLS termination and external traffic routing
- Services: Nginx/Traefik, Let's Encrypt, Fail2ban, monitoring
- Security: Edge server with minimal attack surface
- Routing: External traffic to grey-area, sleeper-service, etc.
- Network: Static IP, firewall rules, Tailscale integration
2025-06-04 16:36:44 +02:00

43 lines
1.3 KiB
Org Mode
Raw Blame History

#+TITLE: Reverse Proxy Server
#+AUTHOR: Geir Okkenhaug Jerstad
#+DATE: [2025-06-04 Wed]
* Machine Overview
** Role
- **Primary Function**: Reverse proxy and SSL/TLS termination
- **Secondary Functions**: Load balancing, external access gateway
- **Network Position**: Edge server handling external connections
** Services
- Nginx or Traefik reverse proxy
- Let's Encrypt SSL certificate management
- Fail2ban security protection
- Basic system monitoring
- Firewall management for external access
** Architecture Notes
- Headless operation (no desktop environment)
- SSH-only access
- Minimal attack surface
- High availability requirements
- SSL/TLS offloading for internal services
** Routing Configuration
Routes external traffic to internal services:
- =grey-area= (Forgejo, web applications)
- =sleeper-service= (file sharing, if exposed externally)
- =congenital-optimist= (development services, if needed)
** Security Considerations
- First point of contact for external traffic
- Rate limiting and DDoS protection
- Automated security updates
- Log monitoring and alerting
- Certificate renewal automation
** Network Configuration
- Static IP assignment
- Firewall rules for ports 80, 443, 22
- Internal network access to other machines
- Tailscale integration for management
Reference in a new issue View git blame Copy permalink