%%{init: {'theme': 'base', 'flowchart': {'nodeSpacing': 50, 'rankSpacing': 60}}}%%
flowchart LR
subgraph internet ["Internet"]
direction TB
dns_pub["DNS public
*.arauco.online
-> IP publique
DynDNS Namecheap"]
client["Navigateur
Utilisateur"]
client --> dns_pub
end
subgraph router ["Routeur Swisscom"]
gw["Gateway 192.168.99.1"]
nat["NAT
:80 -> .50:80
:443 -> .50:443"]
end
subgraph caddy_host ["araucaria 192.168.99.50"]
direction TB
subgraph caddy_svc ["Caddy - natif systemd"]
direction TB
listen[":80 HTTP
:443 HTTPS"]
tls["TLS termination
Let's Encrypt
ACME HTTP-01"]
headers["Headers securite
HSTS, X-Content-Type-Options
X-Frame-Options, Referrer-Policy
-Server"]
listen --> tls
end
subgraph routing ["Routes reverse proxy"]
direction TB
r_www["www.arauco.online"]
r_kc["kc.arauco.online"]
r_ha["ha.arauco.online"]
r_vk["vk.arauco.online"]
r_pm["pm.arauco.online"]
r_redir["arauco.online
-> 301 www.*"]
end
end
subgraph npagnun ["npagnun .35"]
keycloak["Keycloak
:8080 HTTP"]
kc_block["/admin/* bloque
hors LAN 403"]
end
subgraph huitral ["huitral .22"]
direction TB
dt["der-topogo
:3000"]
ha["Home Assistant
:8123"]
vk["Vikunja
:3456"]
pm["Pachamama
:3030"]
ws_note["WebSocket HA
read_timeout 0"]
end
dns_pub --> nat
nat --> listen
r_www -->|"HTTP"| dt
r_kc -->|"HTTP"| keycloak
r_ha -->|"HTTP + WS"| ha
r_vk -->|"HTTP"| vk
r_pm -->|"HTTP"| pm
tls --> routing
classDef extStyle fill:#2a3a4a,stroke:#6a8aaa,color:#b0d0e8
classDef netStyle fill:#1e3a5f,stroke:#4a90d9,color:#a8d0f0
classDef svcStyle fill:#1e4a2e,stroke:#4a9a6a,color:#a8e0c0
classDef iamStyle fill:#4a1e3a,stroke:#d94a8a,color:#f0a8c8
classDef secStyle fill:#4a3a1e,stroke:#d9a84a,color:#f0d8a8
classDef routeStyle fill:#3a3a1e,stroke:#9a9a4a,color:#e0e0a8
class dns_pub,client,gw,nat extStyle
class listen,tls netStyle
class headers,kc_block secStyle
class r_www,r_kc,r_ha,r_vk,r_pm,r_redir routeStyle
class keycloak iamStyle
class dt,ha,vk,pm,ws_note svcStyle