mirror of
https://github.com/flynx/proxmox-utils.git
synced 2025-12-26 05:12:06 +00:00
Compare commits
6 Commits
f4127c3e1d
...
fc7d23b860
| Author | SHA1 | Date | |
|---|---|---|---|
| fc7d23b860 | |||
| 8c24030f6d | |||
| 26259ab386 | |||
| 2691fb7faa | |||
| 463552c3e8 | |||
| f3bd63fb21 |
42
README.md
42
README.md
@ -28,7 +28,8 @@ Ansible version will be implemented next as a direct comparison._
|
||||
|
||||
## Architecture
|
||||
|
||||
Goals:
|
||||
### Goals
|
||||
|
||||
- Separate concerns
|
||||
Preferably one service/role per CT
|
||||
- Keep things as light as possible
|
||||
@ -77,12 +78,35 @@ Goals:
|
||||
+---------------------------------------------------------------+
|
||||
```
|
||||
|
||||
XXX
|
||||
The system defines two networks:
|
||||
- LAN
|
||||
Hosts all the service CT's (`*.srv`)
|
||||
- ADMIN
|
||||
Used for administration (`*.adm`)
|
||||
|
||||
The ADMIN network is connected to the admin port.
|
||||
|
||||
### Services
|
||||
Both networks are provided DNS and DHCP services by the `ns` CT.
|
||||
|
||||
XXX
|
||||
Services on both networks are connected to the outside world (WAN) via
|
||||
a NAT router implemented by the `gate` CT (`iptables`).
|
||||
|
||||
The `gate` CT also implements a reverse proxy ([`traefik`](https://traefik.io/traefik/)),
|
||||
routing requests from the WAN (`$WAN_IP`) to appropriate service CT's on
|
||||
the LAN.
|
||||
|
||||
Services expose their administration interfaces only on the ADMIN network
|
||||
when possible.
|
||||
|
||||
The host Proxmox (`pve.adm`) is only accessible through the ADMIN network.
|
||||
|
||||
The `gate` and `ns` CT's are only accessible for administration from the
|
||||
host (i.e. via `lxc-attach ..`).
|
||||
|
||||
Three ways of access to the ADMIN network are provided:
|
||||
- `ssh` service (CT) via the `gate` reverse proxy
|
||||
- `wireguard` VPN (CT) via `gate` reverse proxy
|
||||
- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe)
|
||||
|
||||
|
||||
|
||||
@ -92,11 +116,13 @@ XXX
|
||||
|
||||
Install Proxmox and connect it to your device/network.
|
||||
|
||||
|
||||
#### Notes
|
||||
|
||||
This setup will use three IP addresses:
|
||||
1. IP address used for setup only, this is the static (usually) IP
|
||||
initially assigned to Proxmox on install and it will not be used after
|
||||
setup is done,
|
||||
2. WAN IP adress to be used for the main set of applications, this is
|
||||
1. The static (usually) IP initially assigned to Proxmox on install. This
|
||||
will not be used after setup is done,
|
||||
2. WAN IP address to be used for the main set of applications, this is
|
||||
the address that all the requests will be routed from to various
|
||||
services internally,
|
||||
3. Fail-safe ssh IP address, this is the connection used for recovery
|
||||
|
||||
@ -23,8 +23,6 @@
|
||||
# Usually this is the default bridge created in Proxmox, so there is no
|
||||
# need to touch this.
|
||||
BOOTSTRAP_BRIDGE=0
|
||||
# XXX
|
||||
#BOOTSTRAP_PORT=none
|
||||
|
||||
|
||||
# CT interface bridge configuration.
|
||||
@ -43,7 +41,6 @@ BOOTSTRAP_BRIDGE=0
|
||||
# ADMIN_BRIDGE=3
|
||||
# LAN_BRIDGE=10
|
||||
#
|
||||
# XXX revise numbering...
|
||||
ADMIN_BRIDGE=_admin
|
||||
WAN_BRIDGE=_wan
|
||||
LAN_BRIDGE=_lan
|
||||
|
||||
@ -38,7 +38,9 @@ SOFTWARE=(
|
||||
|
||||
INTERFACES=/etc/network/interfaces
|
||||
|
||||
BRIDGES_TPL=bridges.tpl
|
||||
BOOTSTRAP_PORT=${BOOTSTRAP_PORT:-none}
|
||||
|
||||
BRIDGES_TPL=${BRIDGES_TPL:-bridges.tpl}
|
||||
|
||||
# XXX
|
||||
#readVars
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user