docs(tunnel): allgemeines Setup
This commit is contained in:
@@ -1,5 +1,74 @@
|
||||
##Tunnel
|
||||
# Pangolin-Tunnel: Zugriff über Hetzner
|
||||
|
||||
## Sicherheits-Setup
|
||||
|
||||
```
|
||||
+------------------+
|
||||
| Internet |
|
||||
+--------+---------+
|
||||
|
|
||||
| TCP 80 / 443
|
||||
v
|
||||
+------------------------------------------------------------------+
|
||||
| Hetzner Server |
|
||||
| seanluc1 |
|
||||
| |
|
||||
| +------------+ shared docker network +---------------+ |
|
||||
| | Traefik | <--------------------------> | CrowdSec | |
|
||||
| | v3.4.1 | | LAPI | |
|
||||
| | | | | |
|
||||
| | :80 :443 | | Decisions | |
|
||||
| | :8080 | | (CAPI) | |
|
||||
| +------+-----+ +---------------+ |
|
||||
| | |
|
||||
| | dynamic config (file provider) |
|
||||
| v |
|
||||
| +-----------------------------------------------------------+ |
|
||||
| | Pangolin | |
|
||||
| | v1.14.1 | |
|
||||
| | | |
|
||||
| | Web UI :3002 | |
|
||||
| | API :3000 | |
|
||||
| | Internal API :3001 | |
|
||||
| | | |
|
||||
| | - generates Traefik routers | |
|
||||
| | - manages resources | |
|
||||
| | - controls Gerbil / Newt | |
|
||||
| +-----------+-----------------------------------------------+ |
|
||||
| | |
|
||||
| | WireGuard control |
|
||||
| v |
|
||||
| +-----------------------------------------------------------+ |
|
||||
| | Gerbil | |
|
||||
| | | |
|
||||
| | WireGuard Exit Node | |
|
||||
| | wg0: 100.89.128.1/24 | |
|
||||
| | Control API :3003 | |
|
||||
| | | |
|
||||
| | - terminates tunnel | |
|
||||
| | - forwards TCP ports | |
|
||||
| +-----------+-----------------------------------------------+ |
|
||||
| | |
|
||||
+---------------|--------------------------------------------------+
|
||||
|
|
||||
| WireGuard tunnel (encrypted)
|
||||
v
|
||||
+------------------------------------------------------------------+
|
||||
| Local Network (LAN) |
|
||||
| |
|
||||
| +-------------+ +------------------------------------+ |
|
||||
| | Newt | | Target Services | |
|
||||
| | | | | |
|
||||
| | wg IP | | Home Assistant | |
|
||||
| | 100.89.128.4| | 192.168.178.203:8123 | |
|
||||
| | | | | |
|
||||
| | TCP Proxy | | Wiki / Bitwarden | |
|
||||
| +-------------+ +------------------------------------+ |
|
||||
| |
|
||||
+------------------------------------------------------------------+
|
||||
```
|
||||
|
||||
|
||||
|
||||
#Sicherheits-Setup
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user