From e4506d6a07510327dc90516c254b197225c5367a Mon Sep 17 00:00:00 2001 From: kavren Date: Sun, 28 Dec 2025 22:00:45 -0500 Subject: [PATCH] Auto-commit: 2025-12-28 22:00 session changes --- docs/CHANGELOG.md | 7 +++++++ docs/DECISIONS.md | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index e1d93b1..d3d9a3e 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -4,6 +4,13 @@ ## 2025-12-28 +### Internal .kav Routing via Traefik +- Added Traefik `internal` entrypoint on port 8080 for .kav domain routing +- Created `/etc/traefik/conf.d/internal-kav.yaml` with routes for all services +- Updated Pi-hole DNS to point service .kav domains to Traefik (10.4.2.10) +- Services now accessible at `http://.kav:8080/` without per-service ports +- Direct access retained for: Proxmox nodes, kavnas, docker hosts, mqtt, zwave + ### Guest VLAN Media Access - Added firewall rules allowing Guest VLAN to access Jellyseerr (10.4.2.25) and Jellyfin (10.4.2.26) - Rules inserted before "Block Guest to LAN" to allow media streaming for guests diff --git a/docs/DECISIONS.md b/docs/DECISIONS.md index b0c8a66..b30fc58 100644 --- a/docs/DECISIONS.md +++ b/docs/DECISIONS.md @@ -55,7 +55,13 @@ - `.local` - Conflicts with mDNS/Bonjour - `.home.arpa` - RFC 8375 compliant but verbose -**Usage**: All services accessible via `.kav` (e.g., traefik.kav, sonarr.kav) +**Usage**: Services accessible via `http://.kav:8080/` (routed through Traefik) + +**Internal Routing via Traefik**: +- Pi-hole resolves `.kav` domains to Traefik (10.4.2.10) +- Traefik `internal` entrypoint on port 8080 routes to backend services +- No port numbers needed per-service, just use `:8080` for all +- Direct access (no Traefik): pm1-4.kav, elantris.kav, kavnas.kav, docker hosts, mqtt.kav, zwave.kav ### SSH Access Policy