update: Network diagramms added for Traefik.

network.md

@@ -1,5 +1,7 @@
 # Network
 
+## vnet List
+
 List of vnets (latest version see Unifi console):
 
 | Name | VLAN ID | Router | Subnet | Azure vnet |
@@ -26,6 +28,57 @@ Tasks:
   - Block outgoing DNS
   - Plugins wie OPNSense CrowdSec
 
+## Traefik load balancing
+
+Aparently due to these issues:
+
+- [Traefik intercepts TLS challenge in nested architecture (with TLS passthrough)](https://community.traefik.io/t/traefik-intercepts-tls-challenge-in-nested-architecture-with-tls-passthrough/23155/4)
+- [Traefik GitHub Issue #10684](https://github.com/traefik/traefik/issues/10684)
+
+we might need to update our approach. As far as I understood it will be required to use a primary Traefik that does no ACME challanging at all. And thus either create an additional instance for handling separate connections to Proxmox und what all is overarching.
+
+<!-- markdownlint-disable MD033 -->
+::: mermaid
+graph LR
+    A[Internet] -->|ISP Connection| TRA[Traefik</br>*.amp.jambor.pro</br>Old version 2.11.0]
+
+    TRA --> TRB[Traefik Dashboard]
+    TRA --> PRX[Proxmox Servers]
+    TRA --> LX1[LXC CouchDB]
+    TRA --> LX2[LXC Flightradar]
+
+    subgraph "direct connections"
+        TRB
+        PRX
+        LX1
+        LX2
+    end
+
+    TRA --> TRVO[Traefik]
+
+    subgraph "*.volt.jambor.pro Development"
+        TRVO --> DCD[Docker host]
+        TRVO --> LXD[LXC Container]
+    end
+
+    TRA --> TRVA[Traefik]
+
+    subgraph "*.var.jambor.pro Testing"
+        TRVA --> DCT[Docker host]
+        TRVA --> LXT[LXC Container]
+    end
+
+    TRA --> TRW[Traefik ]
+
+    subgraph "*.watt.jambor.pro Production"
+        TRW --> DCP[Docker host]
+        TRW --> LXW[LXC Container]
+    end
+
+:::
+
+## Network diagram
+
 <!-- markdownlint-disable MD033 -->
 ::: mermaid
 graph LR
@@ -85,7 +138,3 @@ graph LR
 :::
 
 <!-- markdownlint-enable MD033 -->
-
-Legacy diagram for reference:
-
-![Basic network structure](resources/diagrams/network.png)