← Infrastructure

Réseau — Tailscale, DNS, Nginx

Configuration réseau complète : Tailscale mesh, Cloudflare DNS, nginx reverse proxy, domaines.

# Networking ## Tailscale Mesh Tailscale est le réseau privé unifiant toutes les machines FATAPLUS. ### Nodes actifs | Machine | IP Tailscale | OS | Rôle | |---------|-------------|-----|------| | vmi3041673 (VPS) | 100.112.45.36 | linux | Serveur principal | | macbook-pro-de-fenohery-1 | 100.95.245.107 | macOS | Dev machine (Fefe) | | dell-5580-1 | 100.91.184.81 | windows | PC bureau | | ace-3-pro (Android) | 100.104.213.22 | android | Téléphone (ADB over Tailscale) | ### Services exposés sur Tailscale | Port | Service | Access | |------|---------|--------| | 443 | HTTPS (Funnel/Serve) | Public via Tailscale | | 8384 | Syncthing Web UI | Tailscale only | | 22000 | Syncthing sync | Tailscale only | | 9191/9192 | Family Dashboard API | Tailscale only | | 8088 | [TO VERIFY] | Tailscale only | | 9443 | [TO VERIFY] | Tailscale only | | 8443 | [TO VERIFY] | Tailscale only | | 4443 | [TO VERIFY] | Tailscale only | ## Cloudflare DNS ### Tokens disponibles | Fichier | Usage | |---------|-------| | `/root/.secrets/cf-api-token.txt` | Token principal — DNS Edit ✅ validé curl+écriture | | `/root/.secrets/cf-api-token-full.txt` | Token full access | | `/root/.secrets/cf-api-token-madacup.txt` | Token dédié Madacup | ### État Wrangler ⚠️ **Wrangler NON authentifié** — Cloudflare Workers/Pages déployés par autre moyen ou non configurés. ### Domaines gérés | Domaine | Usage | Proxy | |---------|-------|-------| | `nexio.work` | Nexio OS SaaS + App | Cloudflare | | `fenohery.space` | Personnel (family, memory) | Cloudflare | | `madacup.online` | Client Madacup | Cloudflare | | `fata.plus` | FATAPLUS email/domaines | o2switch | | `jpmbusiness.com` | JPM Business Training | o2switch (+ ACME cert) | ### Certificats SSL (ACME) | Domaine | Type | Status | |---------|------|--------| | `jpmbusiness.com` | ECC (acme.sh) | ✅ Installé | ## Nginx Reverse Proxy Nginx = frontdoor public sur ports 80/443. ### Sites actifs Voir [/infrastructure/main-vps.md](/infrastructure/main-vps.md) pour la config complète. ### Pattern de config ```nginx server { listen 80; server_name ; location / { proxy_pass http://127.0.0.1:; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } ``` Pour les services WebSocket (Infisical, Memory) : ```nginx proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_read_timeout 86400s; ``` # Citations [1] `tailscale status`, `/etc/nginx/sites-enabled/*`, `ls /root/.secrets/`, `/root/.acme.sh/` (2026-06-14).