OSUSEC Infrastructre

Defining "Infrastructure"

  • On prem servers
  • Cloud servers
  • VMs on our servers
  • SaaS products

Network overview

Wireguard

  • VPN Protocol
  • Allows secure connections between devices

Reverse Proxies

Reverse Proxies Cont.

We use two reverse proxies:

  • Nginx Proxy Manager (NPM)
  • Caddy

TLS Certificates

  • ACME is goated
  • LetsEncrypt gives trusted certs
  • StepCA for internal certs

Docker & Podman

  • Both container engines
  • Generally compatible with eachother
  • Security tradeoffs with each

Our services

We selfhost most things!

  • WikiJS
  • Vaultwarden
  • Discord bots
  • Grafana
  • Prometheus
  • Minecraft
  • Authentik

Demo / Q&A

SaaS such as our email provider brevo

Arceus and Cosmog as wireguard hosts, show wireguard config?

Go over reverse proxy basics, example is wiki

Differences

What is a container engine, why do we like specific ones. Podman Quadlets are great. Show quadlet?