Accès Distant
Infrastructure d'accès distant déployée sur LXC 103.
Architecture
Internet (82.64.239.176)
|
├─ Port 80/443 → Freebox DMZ → LXC 103 Caddy → Services web
└─ Port 51820/UDP → Freebox DMZ → LXC 103 WireGuard → VPN admin
- DNS & NAT — domaine ncls.ltd, redirections Freebox
- Proxy & SSL — domaines exposés, certificats Let's Encrypt
- SSO Authelia — authentification centralisée services admin
- VPN WireGuard — accès admin distant
- SSH — accès SSH direct (LAN/VPN uniquement)
Sécurité LXC 103
Fail2ban
| Jail |
maxretry |
bantime |
sshd |
3 |
1h |
authelia |
5 |
1h |
# Status global
pct exec 103 -- fail2ban-client status
# IPs bannies
pct exec 103 -- fail2ban-client banned
# Débannir une IP
pct exec 103 -- fail2ban-client set sshd unbanip 1.2.3.4
# Logs
pct exec 103 -- tail -f /var/log/fail2ban.log
UFW
| Port |
Protocole |
Accès |
| 22 |
TCP |
LAN (192.168.1.0/24) |
| 80 |
TCP |
Anywhere |
| 443 |
TCP |
Anywhere |
| 51820 |
UDP |
Anywhere |
pct exec 103 -- ufw status verbose