====== Ingress ======

===== Purpose =====

''ingress.hackeriet.no'' is the nginx-based web front for Hackeriet services. It terminates public web traffic and reverse-proxies service hostnames to their upstream applications.

Known service hostnames in the nginx configuration include:

  * ''ip.hackeriet.no'' - [[infra:services:netbox|NetBox]]
  * ''hula.hackeriet.no''
  * ''events.hackeriet.no''
  * ''nms.hackeriet.no'' - LibreNMS
  * ''docs.hackeriet.no''
  * ''ping.hackeriet.no''
  * ''pad.hackeriet.no'' and ''pad2.hackeriet.no''

Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and hosting information.

===== Access =====

Normal access:

  * ''ssh <your-hacker-id-username>@ingress.hackeriet.no''

Access is managed through Hacker-ID / Kanidm. The relevant group is documented on [[infra:services:hacker-id|Hacker-ID]]:

  * ''service-webingress-sysops'' - SSH + sudo + docker for ''ingress''

===== Nginx configuration =====

Main observed configuration file:

  * ''/etc/nginx/conf.d/hackeriet.no.conf''

The file contains an operator note for adding new proxied services.


===== Credentials =====

Relevant ''hackeriet/pass'' entries:

  * ''root@ingress.hackeriet.no.gpg''

===== Checks during incidents =====

Basic host checks:

<code>
hostname -f
id
systemctl --failed --no-pager
df -h -x tmpfs -x devtmpfs
ip -br addr show scope global
</code>

Service checks:

<code>
systemctl status nginx firewalld kanidm-unixd sshd
nginx -t
grep -n "server_name" /etc/nginx/conf.d/hackeriet.no.conf
journalctl -u nginx --since "1 hour ago"
journalctl -u sshd --since "1 hour ago"
</code>

DNS checks from another machine:

If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth.