Differences

This shows you the differences between two versions of the page.

--- infra:hosts:ingress [2026/05/25 21:43] – Create ingress host runbook atluxity_idp.hackeriet.no
+++ infra:hosts:ingress [2026/05/26 04:45] (current) – atluxity_idp.hackeriet.no
@@ Line 3: / Line 3: @@
 ===== Purpose =====
-''ingress.hackeriet.no'' is a service host used as a web ingress and reverse proxy for Hackeriet services. Known services routed through ingress include:
+''ingress.hackeriet.no'' is the nginx-based web front for Hackeriet services. It terminates public web traffic and reverse-proxies service hostnames to their upstream applications.
-  * [[infra:services:netbox|NetBox / ip.hackeriet.no]]
+Known service hostnames in the nginx configuration include:
-  * LibreNMS / nms.hackeriet.no
-Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and current placement.
+  * ''ip.hackeriet.no'' - [[infra:services:netbox|NetBox]]
+  * ''hula.hackeriet.no''
+  * ''events.hackeriet.no''
+  * ''nms.hackeriet.no'' - LibreNMS
+  * ''docs.hackeriet.no''
+  * ''ping.hackeriet.no''
+  * ''pad.hackeriet.no'' and ''pad2.hackeriet.no''
+Service-specific deployment details belong on the relevant service pages. This page is an emergency runbook and access guide, not inventory. Use NetBox for canonical VM details, IP assignments, tenant, and hosting information.
 ===== Access =====
@@ Line 20: / Line 27: @@
   * ''service-webingress-sysops'' - SSH + sudo + docker for ''ingress''
-===== Network =====
+===== Nginx configuration =====
-Observed DNS on 2026-05-25:
+Main observed configuration file:
-  * ''ingress.hackeriet.no'' A: ''185.35.202.240''
+  * ''/etc/nginx/conf.d/hackeriet.no.conf''
-  * ''ingress.hackeriet.no'' AAAA: ''2a02:ed06::240''
-Observed host addresses on 2026-05-25:
+The file contains an operator note for adding new proxied services.
-  * ''ens18'': ''185.35.202.240/32'', ''2a02:ed06::240/64''
-  * ''ens19'': ''10.10.50.50/24''
-Treat these as emergency orientation only. NetBox should remain the source of truth for address assignments.
-===== Operating system =====
-Observed over SSH on 2026-05-25:
-  * OS: ''Rocky Linux 9.5 (Blue Onyx)''
-  * Kernel: ''5.14.0-503.35.1.el9_5.x86_64''
-===== Key services =====
-Observed running services on 2026-05-25:
-  * ''nginx'' - HTTP reverse proxy
-  * ''firewalld'' - host firewall
-  * ''kanidm-unixd'' and ''kanidm-unixd-tasks'' - Hacker-ID Unix integration
-  * ''sshd'' - SSH access
-  * ''chronyd'' - time sync
-  * ''rsyslog'' - system logging
-  * ''qemu-guest-agent'' - guest integration
-No failed systemd units were observed at that time.
 ===== Credentials =====
-Do not paste secrets into the wiki.
 Relevant ''hackeriet/pass'' entries:
   * ''root@ingress.hackeriet.no.gpg''
-If root or service credentials are needed, look in ''hackeriet/pass'' and keep decrypted values out of the wiki.
 ===== Checks during incidents =====
@@ Line 81: / Line 58: @@
 <code>
 systemctl status nginx firewalld kanidm-unixd sshd
+nginx -t
+grep -n "server_name" /etc/nginx/conf.d/hackeriet.no.conf
 journalctl -u nginx --since "1 hour ago"
 journalctl -u sshd --since "1 hour ago"
@@ Line 87: / Line 66: @@
 DNS checks from another machine:
-<code>
+If SSH is unavailable, verify the console or recovery path in NetBox or another active source of truth.
-dig +short ingress.hackeriet.no A
-dig +short ingress.hackeriet.no AAAA
-dig +short ip.hackeriet.no A
-dig +short nms.hackeriet.no A
-</code>
-If SSH is unavailable, verify current placement in NetBox or another active source of truth. Do not use old host006/VM 510 placement as current recovery guidance.