git/gitea-homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document edge routing updates and align Nextcloud proxy target

Browse Source 
Co-Authored-By: Oz <oz-agent@warp.dev>
This commit is contained in:
Raghav
2026-04-20 18:56:54 +05:30
parent 5dd8eee1dc
commit 71f6d374a2
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
README.md
View File

@ -64,6 +64,18 @@ Automated Docker-based setup for a self-hosted Gitea server with PostgreSQL, per
- Host HTTP: `3000` -> container `3000`
- Host SSH: `2222` -> container `22`
- TLS profile ports: `80`, `443` -> Caddy
## Current edge endpoint map (verified 2026-04-19)
Caddy routes on `443/tcp`:
- `git.bhatfamily.in` -> `gitea:3000`
- `chat.bhatfamily.in` -> `gemma3-chat-ui:8080`
- `openvpn.bhatfamily.in` -> `https://<lan-host>:8445`
- `nxt.bhatfamily.in` -> `https://<lan-host>:8447`
- `vpn.bhatfamily.in` -> `https://<lan-host>:943`
Public TCP ports observed reachable on the shared WAN edge:
- `80`, `443`, `2222`, `3000`, `8000`, `8082`, `8445`, `8447`, `943`
## Firewall behavior
When UFW is active:
- install always adds:

5
caddy/Caddyfile
View File

@ -26,7 +26,6 @@ chat.bhatfamily.in {
}
}
openvpn.bhatfamily.in {
encode zstd gzip
reverse_proxy https://172.17.0.1:8445 {
@ -43,10 +42,9 @@ openvpn.bhatfamily.in {
}
}
nxt.bhatfamily.in {
encode zstd gzip
reverse_proxy https://172.17.0.1:8446 {
reverse_proxy https://172.17.0.1:8447 {
transport http {
tls_insecure_skip_verify
}
@ -60,7 +58,6 @@ nxt.bhatfamily.in {
}
}
vpn.bhatfamily.in {
encode zstd gzip
reverse_proxy https://172.17.0.1:943 {

12
docs/cloudflare-networking.md
View File

@ -18,6 +18,18 @@ Create forwards to this server's LAN IP:
- TCP 80 -> `<server_lan_ip>:80` (ACME challenge + redirect)
- TCP 443 -> `<server_lan_ip>:443` (HTTPS via Caddy)
- TCP 2222 -> `<server_lan_ip>:2222` (Git SSH)
## Shared edge ports currently in use (verified 2026-04-19)
On this homelab WAN edge, additional TCP ports are currently reachable for other `*.bhatfamily.in` services:
- `3000` (Gemma Open WebUI direct)
- `8000` (vLLM API direct)
- `8082` (Nextcloud HTTP direct)
- `8445` (OpenVPN-AS admin/direct)
- `8447` (Nextcloud HTTPS direct)
- `943` (OpenVPN-AS client web/direct)
If you want `git.bhatfamily.in` to be the only internet-exposed service on this host, close the extra forwards/firewall allows above.
## Firewall alignment
If UFW is active, use install flag to open public web ports:
- `./scripts/install.sh --with-tls --open-public-web`