diff --git a/docs/network/tunnel.md b/docs/network/tunnel.md new file mode 100644 index 0000000..cf1f664 --- /dev/null +++ b/docs/network/tunnel.md @@ -0,0 +1,75 @@ +##Tunnel + +#Sicherheits-Setup + +# Sicherheits-Setup +- Stand 3.1.26: Crowsec bislang noch ohne ban + +
   					
+                        +------------------+
+                        |     Internet     |
+                        +--------+---------+
+                                 |
+                                 | TCP 80 / 443
+                                 v
++------------------------------------------------------------------+
+|                        Hetzner Server                            |
+|                        seanluc1                                  |
+|                                                                  |
+|   +------------+     shared docker network     +---------------+ |
+|   |  Traefik   | <-------------------------->  |   CrowdSec    | |
+|   |  v3.4.1    |                               |   LAPI        | |
+|   |            |                               |               | |
+|   | :80 :443   |                               | Decisions     | |
+|   | :8080      |                               | (CAPI)        | |
+|   +------+-----+                               +---------------+ |
+|          |                                                       |
+|          | dynamic config (file provider)                        |
+|          v                                                       |
+|   +-----------------------------------------------------------+  |
+|   |                         Pangolin                          |  |
+|   |                         v1.14.1                           |  |
+|   |                                                           |  |
+|   | Web UI        :3002                                       |  |
+|   | API           :3000                                       |  |
+|   | Internal API  :3001                                       |  |
+|   |                                                           |  |
+|   | - generates Traefik routers                               |  |
+|   | - manages resources                                       |  |
+|   | - controls Gerbil / Newt                                  |  |
+|   +-----------+-----------------------------------------------+  |
+|               |                                                  |
+|               | WireGuard control                                |
+|               v                                                  |
+|   +-----------------------------------------------------------+  |
+|   |                          Gerbil                           |  |
+|   |                                                           |  |
+|   | WireGuard Exit Node                                       |  |
+|   | wg0: 100.89.128.1/24                                      |  |
+|   | Control API :3003                                         |  |
+|   |                                                           |  |
+|   | - terminates tunnel                                       |  |
+|   | - forwards TCP ports                                      |  |
+|   +-----------+-----------------------------------------------+  |
+|               |                                                  |
++---------------|--------------------------------------------------+
+                |
+                | WireGuard tunnel (encrypted)
+                v
++------------------------------------------------------------------+
+|                     Local Network (LAN)                          |
+|                                                                  |
+|   +-------------+        +------------------------------------+  |
+|   |   Newt      |        |           Target Services          |  |
+|   |             |        |                                    |  |
+|   | wg IP       |        | Home Assistant                     |  |
+|   | 100.89.128.4|        | 192.168.178.203:8123               |  |
+|   |             |        |                                    |  |
+|   | TCP Proxy   |        | Wiki / Bitwarden                   |  |
+|   +-------------+        +------------------------------------+  |
+|                                                                  |
++------------------------------------------------------------------+
+
+ + + diff --git a/mkdocs.yml b/mkdocs.yml index 5b3f02f..764cdf2 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -9,11 +9,15 @@ theme: nav: - Übersicht: index.md - Netzwerk: - - Topologie: network/topology.md + - Topologie: network/topology.md + - Tunnel: network/tunnel.md + - Proxmox: - VMs: proxmox/vms.md - Docker: - Adguardhome: docker/adguardhome/adguardhome.md - Wikijs: docker/wikijs/wikijs.md - Architektur: docker/architecture.md - + - Backup & Storage: + - Backup: backup/backup.md + - Storage: backup/storage.md