| Feld | Wert |
|---|---|
| Site | Home (Proxmox VE-IO-01) |
| Hypervisor host | VE-IO-01 |
| Rolle | HM-EDGE Reverse-Proxy — Traefik + CrowdSec public ingress |
| OS | Debian 12.x |
| Primary IP | 10.150.100.101 (VLAN 1500 EDGE/LAB) |
| DNS-intern | vm-hm-edge-01.hm.blackreset.internal |
| Public-Reach | pfSense-Home WAN:80/443 → 10.150.100.101 |
| Last-changed | 2026-05-04 |
| Stack | Image | Port | Use |
|---|---|---|---|
edge-traefik |
traefik:v3.5.4 |
80, 443, 8080 (LAN-only) | Reverse-Proxy |
edge-crowdsec |
crowdsecurity/crowdsec:latest |
8080 (LAPI internal) | Bouncer + Agent |
| Public-Hostname | Backend |
|---|---|
| portainer.blackreset.com | home-hosted Portainer |
| portainer.io.blackreset.com | 301 → portainer.blackreset.com |
| smart.home.korff.wtf | http://10.100.100.95:8123 (Home Assistant auf vm-sl-43) |
| home.korff.wtf | static |
| nas.korff.wtf | http://10.100.100.30:5000 (Synology DSM) |
| uptime.* | (placeholder bis HM-SVC-PROD-01 UK fertig) |
memory/policy_pfsense_edge_to_server 2026-05-02 Lesson)policies/acme-challenge)/opt/edge/traefik/{compose.yml,.env,data/{certs,acme.json,dynamic/}}/opt/edge/crowdsec/{compose.yml,data/}acme.json mode 0600acme.json ist im VM-Image.migration/2026-05-02-vm-sl-21-archive).strip-xff middleware Workaround (HA trusted_proxies via API nicht setbar).state_2026-05-03_night_recovery).