diff --git a/network.md b/network.md index 20a11e4..17f82de 100644 --- a/network.md +++ b/network.md @@ -1,5 +1,7 @@ # Network +## vnet List + List of vnets (latest version see Unifi console): | Name | VLAN ID | Router | Subnet | Azure vnet | @@ -26,6 +28,57 @@ Tasks: - Block outgoing DNS - Plugins wie OPNSense CrowdSec +## Traefik load balancing + +Aparently due to these issues: + +- [Traefik intercepts TLS challenge in nested architecture (with TLS passthrough)](https://community.traefik.io/t/traefik-intercepts-tls-challenge-in-nested-architecture-with-tls-passthrough/23155/4) +- [Traefik GitHub Issue #10684](https://github.com/traefik/traefik/issues/10684) + +we might need to update our approach. As far as I understood it will be required to use a primary Traefik that does no ACME challanging at all. And thus either create an additional instance for handling separate connections to Proxmox und what all is overarching. + + +::: mermaid +graph LR + A[Internet] -->|ISP Connection| TRA[Traefik
*.amp.jambor.pro
Old version 2.11.0] + + TRA --> TRB[Traefik Dashboard] + TRA --> PRX[Proxmox Servers] + TRA --> LX1[LXC CouchDB] + TRA --> LX2[LXC Flightradar] + + subgraph "direct connections" + TRB + PRX + LX1 + LX2 + end + + TRA --> TRVO[Traefik] + + subgraph "*.volt.jambor.pro Development" + TRVO --> DCD[Docker host] + TRVO --> LXD[LXC Container] + end + + TRA --> TRVA[Traefik] + + subgraph "*.var.jambor.pro Testing" + TRVA --> DCT[Docker host] + TRVA --> LXT[LXC Container] + end + + TRA --> TRW[Traefik ] + + subgraph "*.watt.jambor.pro Production" + TRW --> DCP[Docker host] + TRW --> LXW[LXC Container] + end + +::: + +## Network diagram + ::: mermaid graph LR @@ -85,7 +138,3 @@ graph LR ::: - -Legacy diagram for reference: - -![Basic network structure](resources/diagrams/network.png)