add v6proxy docs
This commit is contained in:
goeranh
parent
18f4d0c65f
commit
6ea1a37bef
2 changed files with 353 additions and 2 deletions
11
README.md
11
README.md
|
|
@ -8,6 +8,7 @@ Declarative infrastructure management for StuRa HTW Dresden using NixOS and a fl
|
|||
|
||||
This infrastructure uses a flake-based approach with automatic host discovery:
|
||||
- **Centralized reverse proxy**: HAProxy at 141.56.51.1 routes all traffic via SNI inspection and HTTP host headers
|
||||
- **IPv6 gateway**: Hetzner VPS at 2a01:4f8:1c19:96f8::1 forwards IPv6 traffic to the IPv4 proxy
|
||||
- **Automatic host discovery**: Each subdirectory in `hosts/` becomes a NixOS configuration via `builtins.readDir`
|
||||
- **Global configuration**: Settings in `default.nix` are automatically applied to all hosts
|
||||
- **ACME certificates**: All services use Let's Encrypt certificates managed locally on each host
|
||||
|
|
@ -31,6 +32,11 @@ stura-infra/
|
|||
│ │ ├── hardware-configuration.nix
|
||||
│ │ ├── hetzner-disk.nix
|
||||
│ │ └── README.md
|
||||
│ ├── v6proxy/ # IPv6 gateway (Hetzner VPS)
|
||||
│ │ ├── default.nix
|
||||
│ │ ├── hardware-configuration.nix
|
||||
│ │ ├── hetzner-disk.nix
|
||||
│ │ └── README.md
|
||||
│ ├── git/ # Forgejo git server
|
||||
│ │ └── default.nix
|
||||
│ ├── wiki/ # MediaWiki instance
|
||||
|
|
@ -47,6 +53,7 @@ stura-infra/
|
|||
| Host | IP | Type | Services | Documentation |
|
||||
|------|-----|------|----------|---------------|
|
||||
| proxy | 141.56.51.1 | VM | HAProxy, SSH Jump | [hosts/proxy/README.md](hosts/proxy/README.md) |
|
||||
| v6proxy | 178.104.18.93 (IPv4)<br>2a01:4f8:1c19:96f8::1 (IPv6) | Hetzner VPS | HAProxy (IPv6 Gateway) | [hosts/v6proxy/README.md](hosts/v6proxy/README.md) |
|
||||
| git | 141.56.51.7 | LXC | Forgejo, Nginx | [hosts/git/README.md](hosts/git/README.md) |
|
||||
| wiki | 141.56.51.13 | LXC | MediaWiki, MariaDB, Apache | [hosts/wiki/README.md](hosts/wiki/README.md) |
|
||||
| redmine | 141.56.51.15 | LXC | Redmine, Nginx | [hosts/redmine/README.md](hosts/redmine/README.md) |
|
||||
|
|
@ -193,9 +200,9 @@ The following DNS records must be configured for the current infrastructure:
|
|||
|------|------|-----|---------|
|
||||
| *.htw.stura-dresden.de | CNAME | proxy.htw.stura-dresden.de | Reverse proxy |
|
||||
| proxy.htw.stura-dresden.de | A | 141.56.51.1 | Proxy IPv4 |
|
||||
| proxy.htw.stura-dresden.de | AAAA | 2a01:4f8:1c19:96f8::1 | Proxy IPv6 |
|
||||
| proxy.htw.stura-dresden.de | AAAA | 2a01:4f8:1c19:96f8::1 | IPv6 Gateway (v6proxy) |
|
||||
|
||||
**Note**: All public services point to the proxy IP (141.56.51.1). The proxy handles SNI-based routing to backend hosts. Backend IPs are internal and not exposed in DNS.
|
||||
**Note**: All public services point to the proxy IPs. The IPv4 proxy (141.56.51.1) handles SNI-based routing to backend hosts. The IPv6 gateway (v6proxy at 2a01:4f8:1c19:96f8::1) forwards all IPv6 traffic to the IPv4 proxy. Backend IPs are internal and not exposed in DNS.
|
||||
|
||||
Additional services managed by the proxy (not in this repository):
|
||||
- stura.htw-dresden.de → Plone
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue