Skip to main content

A-062 - Reverse Proxy (VPS-01)

Purpose

Act as the main entry point for all publicly exposed services.

Asset Type

Platform

Description

Reverse proxy (Nginx/Traefik) deployed on VPS-01
Handles HTTP/HTTPS traffic routing to backend services
Provides TLS termination and basic request filtering

Criticality

Critical

Sensitivity

Sensitive

Exposure Level

Public

Trust Zone

Heaven

Dependencies

VPS-01 infrastructure
Backend services (Gitea, web services)

Relationships

Routes traffic to Gitea and documentation services
Exposes application endpoints to the internet

Security Position (Architecture Context)

Primary attack surface of the lab
Entry point for all external interactions
Misconfiguration may expose internal services or sensitive endpoints

Existing Protective Measures

HTTPS enforcement (TLS)
Controlled routing rules
Limited exposed ports (80/443)

Owner / Responsibility

Operations Role (Ops)

Notes

No advanced WAF currently implemented
Critical component for exposure control and service isolation

Purpose
Asset Type
Description
Criticality
Sensitivity
Exposure Level
Trust Zone
Dependencies
Relationships
Security Position (Architecture Context)
Existing Protective Measures
Owner / Responsibility
Notes