Networking

Documentation Index

Fetch the complete documentation index at: https://docs.augustin.ai/llms.txt

Use this file to discover all available pages before exploring further.

​

Traffic Flow

No ports are exposed to the internet. All inbound traffic goes through the Cloudflare tunnel.

​

DNS

Domain *.augustin.ai managed in Cloudflare. A wildcard CNAME points at the tunnel — no per-service DNS config needed.

​

Cloudflare Tunnel

cloudflared runs on i3 as a plain compose container. It connects outbound to Cloudflare and forwards traffic to Traefik on 192.168.1.100:8880 (host-level port, published by the swarm Traefik stack).

​

Docker Swarm

Two-node swarm: i3 (debian-1) + Pentium (debian-2), both managers. A single overlay network swarm spans both nodes. All swarm stacks and plain compose containers that need public routing attach to it. Services pin to a specific node via deploy.placement.constraints: node.hostname == debian-X — typically by data locality (wherever the bind-mounted data lives).

​

Traefik

Single Traefik deployed as a swarm stack on i3, publishing :8880 (HTTP) and :8443 (HTTPS) in host mode.

• Swarm provider — auto-discovers swarm services via labels under deploy.labels:.
• Docker provider — catches plain compose containers (jellyfin, gluetun, etc.) via service-level labels.
• File provider — cross-cutting config only (insecure transports for self-signed backends).

Both providers only route for containers attached to the swarm overlay. The Traefik dashboard is at traefik.augustin.ai, protected by basic auth.

​

LAN

SSH between machines uses key-based auth with ~/.ssh/config aliases (ssh pentium from i3, ssh i3 from Pentium).