diff --git a/docs/deployment.md b/docs/deployment.md index 2e7bc54..aaac1b5 100644 --- a/docs/deployment.md +++ b/docs/deployment.md @@ -8,15 +8,34 @@ Self-hosted on a single Linux box (Proxmox LXC / VM / bare metal). Four layers, 4. **External reverse proxy** (off-box, e.g. at the network edge) — does TLS termination for the public hostname; forwards to LAN IP:8080 ``` - ┌─ Internet ──→ TLS proxy ──┐ - │ │ - Tor peer ───┼─ onion ──→ tor daemon ──┤ - │ ├──→ Caddy:8080 ──→ Node:3000 -Yggdrasil peer ─┼─ ygg ──→ ygg IPv6 ──┤ - │ │ - NetBird peer ──┼─ WG ──→ netbird IP ──┘ +┌────────────────┐ ┌─────────────────────┐ ┌──────────────────────┐ ┌────────────────┐ +│ │ │ │ │ │ │ │ +│ Internet user ├────►│ External TLS proxy ├────►│ Internal Caddy :8080 ├────►│ Node app :3000 │ +│ │ │ │ │ │ │ │ +└────────────────┘ └─────────────────────┘ └──────────────────────┘ └────────────────┘ + ▲ + │ +┌────────────────┐ ┌─────────────────────┐ │ +│ │ │ │ │ +│ Tor peer ├────►│ tor daemon (.onion) ├─────────────────┤ +│ │ │ │ │ +└────────────────┘ └─────────────────────┘ │ + │ +┌────────────────┐ ┌─────────────────────┐ │ +│ │ │ │ │ +│ Yggdrasil peer ├────►│ Yggdrasil IPv6 ├─────────────────┤ +│ │ │ │ │ +└────────────────┘ └─────────────────────┘ │ + │ +┌────────────────┐ ┌─────────────────────┐ │ +│ │ │ │ │ +│ NetBird peer ├────►│ NetBird IP ├─────────────────┘ +│ │ │ │ +└────────────────┘ └─────────────────────┘ ``` +_Diagram rendered from a Mermaid source via [beautiful-mermaid](https://github.com/lukilabs/beautiful-mermaid)._ + All non-TLS: the external proxy terminates TLS, Tor encrypts its own path, Yggdrasil/NetBird are encrypted overlays. Caddy and the node app speak plain HTTP. ---