4.1 KiB
4.1 KiB
Pangolin-Tunnel: Zugriff über Hetzner42
Sicherheits-Setup
+------------------+
| Internet |
+--------+---------+
|
| TCP 80 / 443
v
+------------------------------------------------------------------+
| Hetzner Server |
| seanluc1 |
| |
| +------------+ shared docker network +---------------+ |
| | Traefik | <--------------------------> | CrowdSec | |
| | v3.4.1 | | LAPI | |
| | | | | |
| | :80 :443 | | Decisions | |
| | :8080 | | (CAPI) | |
| +------+-----+ +---------------+ |
| | |
| | dynamic config (file provider) |
| v |
| +-----------------------------------------------------------+ |
| | Pangolin | |
| | v1.14.1 | |
| | | |
| | Web UI :3002 | |
| | API :3000 | |
| | Internal API :3001 | |
| | | |
| | - generates Traefik routers | |
| | - manages resources | |
| | - controls Gerbil / Newt | |
| +-----------+-----------------------------------------------+ |
| | |
| | WireGuard control |
| v |
| +-----------------------------------------------------------+ |
| | Gerbil | |
| | | |
| | WireGuard Exit Node | |
| | wg0: 100.89.128.1/24 | |
| | Control API :3003 | |
| | | |
| | - terminates tunnel | |
| | - forwards TCP ports | |
| +-----------+-----------------------------------------------+ |
| | |
+---------------|--------------------------------------------------+
|
| WireGuard tunnel (encrypted)
v
+------------------------------------------------------------------+
| Local Network (LAN) |
| |
| +-------------+ +------------------------------------+ |
| | Newt | | Target Services | |
| | | | | |
| | wg IP | | Home Assistant | |
| | 100.89.128.4| | 192.168.178.203:8123 | |
| | | | | |
| | TCP Proxy | | Wiki / Bitwarden | |
| +-------------+ +------------------------------------+ |
| |
+------------------------------------------------------------------+