diff --git a/docs/presentations/2026-06-28-tappaas-vps-publishing.md b/docs/presentations/2026-06-28-tappaas-vps-publishing.md index b4eaa8c..776dac5 100644 --- a/docs/presentations/2026-06-28-tappaas-vps-publishing.md +++ b/docs/presentations/2026-06-28-tappaas-vps-publishing.md @@ -6,12 +6,20 @@ paginate: true --- # Routing TaPPaaS through the VPS @@ -120,17 +128,24 @@ After this, **new services need zero VPS change** — exposure is decided at Cad --- -## Phasing — five verifiable steps +## Phasing — VPS edge (steps 1–3) -1. **Tunnel** — FLOSSFirewall up as `wg1` peer; ping `10.13.0.1 ↔ 10.13.0.9`. +1. **Tunnel** — FLOSSFirewall up as `wg1` peer; ping + `10.13.0.1 ↔ 10.13.0.9`. 2. **Caddy backend** — from the VPS, - `curl -H 'Host: .tappaas.makerfloss.eu' http://10.13.0.9:80`. + `curl -H 'Host: …tappaas…' 10.13.0.9:80`. 3. **VPS edge** — add cert + route + DNS; off-site - `curl https://.tappaas.makerfloss.eu` with a valid cert. -4. **Internal DNS** — add `*.tappaas` override; a cluster node resolves to - Caddy's local IP and gets Caddy's own cert. -5. **(Later)** makerspace LAN view — conditional-forward + firewall pinhole on - the OrangeMakers router. + `curl https://.tappaas.makerfloss.eu` returns a valid cert. + +--- + +## Phasing — internal & later (steps 4–5) + +4. **Internal DNS** — add the `*.tappaas` override on the FLOSSFirewall; a + cluster node resolves to Caddy's local IP and gets Caddy's own cert (no + VPS round-trip). +5. **(Later)** makerspace LAN view — conditional-forward + firewall pinhole + on the OrangeMakers router. --- @@ -167,4 +182,3 @@ After this, **new services need zero VPS change** — exposure is decided at Cad and execute phases 1–4. _Design: `MakerFLOSS_Troubleshooting/docs/superpowers/specs/2026-06-28-tappaas-vps-publishing-design.md`_ -