# Pangolin-Tunnel: Zugriff über Hetzner42 ## Sicherheits-Setup ``` +------------------+ | Internet | +--------+---------+ | | TCP 80 / 443 v +------------------------------------------------------------------+ | Hetzner Server | | seanluc1 | | | | +------------+ shared docker network +---------------+ | | | Traefik | <--------------------------> | CrowdSec | | | | v3.4.1 | | LAPI | | | | | | | | | | :80 :443 | | Decisions | | | | :8080 | | (CAPI) | | | +------+-----+ +---------------+ | | | | | | dynamic config (file provider) | | v | | +-----------------------------------------------------------+ | | | Pangolin | | | | v1.14.1 | | | | | | | | Web UI :3002 | | | | API :3000 | | | | Internal API :3001 | | | | | | | | - generates Traefik routers | | | | - manages resources | | | | - controls Gerbil / Newt | | | +-----------+-----------------------------------------------+ | | | | | | WireGuard control | | v | | +-----------------------------------------------------------+ | | | Gerbil | | | | | | | | WireGuard Exit Node | | | | wg0: 100.89.128.1/24 | | | | Control API :3003 | | | | | | | | - terminates tunnel | | | | - forwards TCP ports | | | +-----------+-----------------------------------------------+ | | | | +---------------|--------------------------------------------------+ | | WireGuard tunnel (encrypted) v +------------------------------------------------------------------+ | Local Network (LAN) | | | | +-------------+ +------------------------------------+ | | | Newt | | Target Services | | | | | | | | | | wg IP | | Home Assistant | | | | 100.89.128.4| | 192.168.178.203:8123 | | | | | | | | | | TCP Proxy | | Wiki / Bitwarden | | | +-------------+ +------------------------------------+ | | | +------------------------------------------------------------------+ ```