Regarding access perimeter, I have a small company with myself and my partner being the managers (manager role), 2 devops personnels (devops role), a few devs (dev role), 2 product owners / scrum masters (product role), 2 qa personnels (qa role), a few interested individuals/ prospective investors (shareholder role)
Review my files and the fact for your reference that I already got Portainer works through this setup with dokploy-traefik, meaning that I can access Portainer on the browser at docker.zingastay.com
to help me update these files to achieve the following requirements:
- Strictly adhere to dnschallenge (DNS-01) through dokploy-traefik to serve 80/443 for public access to teleport.zingastay.com for Teleport connect, tsh and teleport web ui to work.
Hence, other services: Forgejo (git.infra.zingastay.com), dokploy-traefik UI (dashboard), Dokploy UI, to be guarded post-Teleport successful auth. After a successful auth with Teleport, users can view and launch infra services through Teleport dashboard (web ui / Teleport Connect), and also push code through Forgejo git.
-
Advise me on the use of WireGuard and how to use and leverage WG-Easy to configure for best implementation with my infra setup?
-
Allow public access *.apps.zingastay.com for deployed apps through Traefik