Skip to content

ShiniDev/infra-docs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
nodes
nodes
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Infrastructure Documentation

This repository contains my personal specification, current network topology, and current node information. It provides better understanding and easier accessiblity for myself.

Infrastructure Overview

I use wireguard vpn to securely access servers and host websites, only the cloud server is accessible publicly.

Network Diagram

Reverse Proxy

I self host my web server without opening any ports on my home network. As you can see from the diagram below, I have a VPS that acts as a gateway to my home. Traffic is only allowed if the Wireguard interface is active.

graph LR
    internet(internet)
    subgraph cloud-hub-01 
        shini.dev --> 
        nginx --> 
        |proxy_pass<br>http://10.0.0.3| wg([Wireguard Peer<br>10.0.0.1])
    end
    subgraph home
        subgraph home-svr-01
            wg-1([Wireguard Peer<br>10.0.0.3]) -->
            |HTTP<br>80| nginx-1[nginx]
        end
        subgraph home-stn-01
            wg-2([Wireguard Peer<br>10.0.0.2])
        end
    end

    wg <==> |Encrypted Tunnel<br>UDP| wg-1
    wg <==> |Encrypted Tunnel<br>UDP| wg-2
    internet -->|HTTPS<br>443| shini.dev
Loading

Wireguard VPN

In this setup, I route all traffic from both home nodes to my VPS, improving my network stability, privacy and security.

graph RL
    subgraph home
        subgraph home-stn-01
            wg-1([Wireguard Client<br>10.0.0.2])
        end
        subgraph home-svr-01
            wg-2([Wireguard Client<br>10.0.0.3])
        end

        wg-1 <--> |Peer to Peer<br>10.0.0.2 & 10.0.0.3| wg-2
    end
    subgraph cloud-hub-01
        wg([Wireguard Server<br>10.0.0.1])
        public(Public Interface<br>1.2.3.4)
    end

    wg-1 ==> |Route all traffic<br>to 10.0.0.1| wg
    wg-2 ==> |Route all traffic<br>to 10.0.0.1| wg
    wg --> |Routing & Masquerade <br> Used firewalld| public
    public --> internet
Loading

Infrastructure Nodes

1. Device Inventory

Hardware roles and operating systems.

Hostname Role OS
home-stn-01 Main Workstation Arch Linux
home-svr-01 Homelab Server Arch Linux
cloud-hub-01 VPN Hub & Proxy Debian
phone-01 Main Phone Android

2. Network Topology

IP allocation and access methods.

Hostname LAN IP WG IP Public Access Domain
home-stn-01 192.168.0.11 10.0.0.2 VPN -
home-svr-01 192.168.0.10 10.0.0.3 VPN -
cloud-hub-01 N/A 10.0.0.1 VPN but listening udp port shini.dev
phone-01 192.168.0.12 10.0.0.4 N/A -

Server Port Specifications

1. Active Allocations

Currently assigned ports for running services.

Service Port Protocol Type
DNS 53 TCP/UDP System
Nginx 80, 443 TCP System
SSH [Custom] TCP Infra
WireGuard [Custom] UDP Infra
Cockpit [Custom] TCP Service

2. Port Range Strategy

Port assignments are categorized by layer to simplify firewall rules.

Category Range Description Examples
Infra Ports 40000 - 40999 Critical access & networking (VPN, SSH). SSH, WireGuard
Service Ports 41000 - 41999 Management tools & vendor software. Cockpit, Portainer
App Ports 42000 - 42999 Custom internal workloads & APIs. Bragboard, Docker Containers

About

Documentation of my self hosted infrastructure.

shini.dev

Topics

portfolio arch-linux self-hosted reverse-proxy homelab wireguard wireguard-vpn

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors