New direction; removed wireguard, readme update
This commit is contained in:
11
readme.md
11
readme.md
@@ -1,6 +1,6 @@
|
||||
# Keystone
|
||||
|
||||
Keystone is an opinionated Laravel deployment tool. Think of it as a middle-ground between Forge and Cloud, with Envoyer built in.
|
||||
Laravel Forge, but running with Docker instead of raw services on servers. Also zero downtime built in, ideally with the option for a dedicated build server as well as building on the server itself. (start with the latter)
|
||||
|
||||
## STUFF
|
||||
|
||||
@@ -8,8 +8,9 @@ MAKE SURE TO INSTALL sshpass on the server this is running on
|
||||
|
||||
## Overview
|
||||
|
||||
Every application has a gateway (just a load balancer), regardless of how many app servers it's running.
|
||||
We're going to install wireguard on each server to provide a secure connection between every server and manage internal connections via the firewall with ufw.
|
||||
For each server provider, we should create a private network on that provider to get the lowest latency, which means allocating the wireguard connections needs to be done intelligently. If the server provider is not the same, we should use the public IP, otherwise use the private one internally.
|
||||
If a server is created on a provider, we should create the 'keystone' network. Maybe search to see if it already exists first.
|
||||
- Each server should have a gateway (reverse proxy) at the front. This is a service, but there should only be _one_ allowed per server.
|
||||
- Service table should probably have a json column of ports that are used by the docker service (ones passed onto the host net - not internal docker ones) so we can check for conflicts before installing new services.
|
||||
|
||||
|
||||
## Networking Model
|
||||
ufw man.
|
||||
Reference in New Issue
Block a user