flowchart LR
INTERNET(Public Internet) --> ROUTER(Router)
ROUTER --> NAT(NAT)
subgraph IBOX[Internet box]
ROUTER
NAT
NATCFG[NAT configuration
HTTPS: 443 -> 4430
HTTP: 80 -> 8000
VPN: 51820 -> 51820
SSH: 22 -> 22]
end
subgraph SERVER[Server - Fedora Linux]
FW(Firewall)
SSHHOST(SSH on host server)
CADDY(Caddy - Podman)
VPN(vpn.ar-philipot.fr - Podman)
SITE(ar-philipot.fr - Podman)
ARTEMIS(artemis.ar-philipot.fr - Podman)
AUTH(auth.ar-philipot.fr - Podman)
LLDAP(lldap.ar-philipot.fr - Podman)
PGADMIN(pgadmin.ar-philipot.fr - Podman)
PORTAINER(portainer.ar-philipot.fr - Podman)
NTFY(ntfy.ar-philipot.fr - Podman)
COCKPIT(cockpit.ar-philipot.fr - HostApp)
JENKINS(jenkins.ar-philipot.fr - HostApp)
subgraph WORKERS[App workers - Podman]
W1(worker 1)
W2(worker 2)
WN(worker N)
end
end
NAT --- NATCFG
NAT -->|SSH| FW
NAT -->|HTTP/HTTPS| FW
NAT -->|VPN| FW
FW -->|SSH| SSHHOST
FW -->|HTTP/HTTPS| CADDY
FW -->|VPN| VPN
CADDY --> SITE
CADDY --> ARTEMIS
CADDY --> AUTH
CADDY --> LLDAP
CADDY --> PGADMIN
CADDY --> PORTAINER
CADDY --> NTFY
CADDY --> VPN
CADDY --> COCKPIT
CADDY --> JENKINS
classDef edge fill:#f8fafc,stroke:#94a3b8,stroke-width:1.5px,color:#111827;
classDef config fill:#fffbeb,stroke:#d97706,stroke-width:2px,color:#7c2d12;
classDef security fill:#f3f4f6,stroke:#4b5563,stroke-width:2px,color:#111827;
classDef ingress fill:#ecfdf5,stroke:#059669,stroke-width:2px,color:#064e3b;
classDef vpnsvc fill:#eff6ff,stroke:#2563eb,stroke-width:2px,color:#1e3a8a;
classDef podman fill:#faf5ff,stroke:#7c3aed,stroke-width:1.5px,color:#4c1d95;
classDef hostapp fill:#fff1f2,stroke:#e11d48,stroke-width:1.5px,color:#881337;
classDef workers fill:#f5f3ff,stroke:#8b5cf6,stroke-width:1.5px,color:#4c1d95;
class INTERNET,ROUTER,NAT edge;
class NATCFG config;
class FW,SSHHOST security;
class CADDY ingress;
class VPN vpnsvc;
class SITE,ARTEMIS,AUTH,LLDAP,PGADMIN,PORTAINER,NTFY podman;
class COCKPIT,JENKINS hostapp;
class W1,W2,WN workers;