Skip to main content

Networking

Architecture

Internet → Cloudflare Tunnel → i3:8880 (Traefik) → i3 containers (Docker network)
                                                  → Pentium containers (LAN HTTP)

DNS

Domain *.augustin.ai managed in Cloudflare. Each service gets a CNAME pointing to the tunnel.

Traefik

Single Traefik instance on i3 handles all routing:
  • i3 services: routed via Docker labels on the traefik Docker network
  • Pentium services: routed via traefik/dynamic/pentium-services.yaml over LAN to 192.168.1.16:<port>

Cloudflare Tunnel

cloudflared runs on i3 and connects to Cloudflare, forwarding traffic to Traefik on port 8880. No ports exposed to the internet.

LAN

MachineIP
i3192.168.1.100
Pentium192.168.1.16
SSH between machines is configured with key-based auth and ~/.ssh/config aliases (ssh pentium from i3, ssh i3 from Pentium).