Architecture Overview
Executive Summary
Section titled “Executive Summary”The Secure Cloud Routing project is a modern, containerized infrastructure designed to host and route web traffic securely with a Zero Trust approach for administrative access.
Hosted on a Hetzner Virtual Private Server (VPS), the environment utilizes Docker to containerize all services, ensuring reliable and reproducible deployments. Traffic is routed globally through Cloudflare’s edge network, managed locally via Nginx Reverse Proxy, and secured with Let’s Encrypt SSL certificates. Furthermore, administrative endpoints are strictly isolated from the public internet using a Tailscale overlay network.
Key Capabilities
Section titled “Key Capabilities”- Public Web Hosting: Securely serves
pablorosi.devanddocs.pablorosi.dev. - Legacy Redirection: Seamlessly intercepts and redirects traffic from the
pablorosi.comdomain to the.devequivalent. - Zero Trust Administration: Restricts access to the Nginx control panel exclusively to authenticated devices on the private Tailnet.
- Automated Deployments: Utilizes GitHub Actions for CI/CD pipelines to ensure continuous, zero-downtime updates.
Documentation Directory
Section titled “Documentation Directory”This section of the documentation is divided into six sequential phases, mapping the flow of traffic from the public edge down to the private server:
- 1. Hetzner VPS & Docker Foundation Details the server provisioning process, resource allocation, and the Docker Compose configuration used as Infrastructure as Code (IaC).
- 2. Cloudflare DNS & Edge Routing Covers the external DNS configuration, proxy settings, and Page Rules used to manage the domain redirects at the edge.
- 3. Cloud Firewall & Zero Trust Covers firewall configuration and security rules for protecting the infrastructure.
- 4. Nginx Reverse Proxy & Public SSL Explains the internal traffic routing mechanism, container networking, and automated SSL certificate generation via Let’s Encrypt.
- 5. Tailscale Private Admin Access Documents the Zero Trust implementation, ensuring the Nginx control panel is only accessible through the encrypted Tailscale VPN overlay.
- 6. GitHub Actions CI/CD Pipeline Breaks down the automated deployment workflows that build and deploy the services upon pushing code to the repository.