1 files changed, 74 insertions, 0 deletions
diff --git a/micro/reseau/caddy_reverse_proxy.mmd b/micro/reseau/caddy_reverse_proxy.mmd
new file mode 100644
index 0000000..3cddb40
--- /dev/null
+++ b/micro/reseau/caddy_reverse_proxy.mmd
@@ -0,0 +1,74 @@
+%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 50, 'rankSpacing': 60}}}%%
+flowchart LR
+    subgraph internet ["Internet"]
+        direction TB
+        dns_pub["DNS public<br/>*.arauco.online<br/>-> IP publique<br/>DynDNS Namecheap"]
+        client["Navigateur<br/>Utilisateur"]
+        client --> dns_pub
+    end
+
+    subgraph router ["Routeur Swisscom"]
+        gw["Gateway 192.168.99.1"]
+        nat["NAT<br/>:80 -> .50:80<br/>:443 -> .50:443"]
+    end
+
+    subgraph caddy_host ["araucaria 192.168.99.50"]
+        direction TB
+
+        subgraph caddy_svc ["Caddy - natif systemd"]
+            direction TB
+            listen[":80 HTTP<br/>:443 HTTPS"]
+            tls["TLS termination<br/>Let's Encrypt<br/>ACME HTTP-01"]
+            headers["Headers securite<br/>HSTS, X-Content-Type-Options<br/>X-Frame-Options, Referrer-Policy<br/>-Server"]
+            listen --> tls
+        end
+
+        subgraph routing ["Routes reverse proxy"]
+            direction TB
+            r_www["www.arauco.online"]
+            r_kc["kc.arauco.online"]
+            r_ha["ha.arauco.online"]
+            r_vk["vk.arauco.online"]
+            r_pm["pm.arauco.online"]
+            r_redir["arauco.online<br/>-> 301 www.*"]
+        end
+    end
+
+    subgraph npagnun ["npagnun .35"]
+        keycloak["Keycloak<br/>:8080 HTTP"]
+        kc_block["/admin/* bloque<br/>hors LAN 403"]
+    end
+
+    subgraph huitral ["huitral .22"]
+        direction TB
+        dt["der-topogo<br/>:3000"]
+        ha["Home Assistant<br/>:8123"]
+        vk["Vikunja<br/>:3456"]
+        pm["Pachamama<br/>:3030"]
+        ws_note["WebSocket HA<br/>read_timeout 0"]
+    end
+
+    dns_pub --> nat
+    nat --> listen
+
+    r_www -->|"HTTP"| dt
+    r_kc -->|"HTTP"| keycloak
+    r_ha -->|"HTTP + WS"| ha
+    r_vk -->|"HTTP"| vk
+    r_pm -->|"HTTP"| pm
+
+    tls --> routing
+
+    classDef extStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8
+    classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
+    classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
+    classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
+    classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
+    classDef routeStyle fill:#3a3a1e,stroke:#9a9a4a,color:#e0e0a8
+
+    class dns_pub,client,gw,nat extStyle
+    class listen,tls netStyle
+    class headers,kc_block secStyle
+    class r_www,r_kc,r_ha,r_vk,r_pm,r_redir routeStyle
+    class keycloak iamStyle
+    class dt,ha,vk,pm,ws_note svcStyle