example
this diagram explains the secure tunneling architecture between the client-side ERP and the open.fndt.xyz office hub.
[ REMOTE USER ]
|
v (public static ip)
.----------------------------------------------------.
| open.fndt.xyz office |
| ________________ ________________ |
| | [dev] | | [TS] | |
| | admin PC | <--> | tunnel server | |
| |________________| |________________| |
'---------------------------^----------|-------------'
| |
[REVERSE TUNNEL] [SECURE BRIDGE]
| |
.---------------------------|----------v-------------.
| client_site | | |
| ________________ | ________________ |
| | [router] | | | [ERP] | |
| | no port fwd |-------' | mini-PC (16GB) | |
| |________________| | (docker stack) | |
| | |________________| |
| | ^ |
| | [local lan access] | |
| '----------------------------' |
| |
| [user] employee devices |
'----------------------------------------------------'
mermaid source code (for diagrams.net):
graph TD
subgraph Office_HQ ["open.fndt.xyz office"]
TS["[TS] tunnel server"]
Dev["[dev] admin PC"]
end
subgraph client_site ["client_site"]
Router["[router] no port fwd"]
ERP["[ERP] mini-PC (16GB)"]
User["[user] employee devices"]
end
RemoteUser["[ REMOTE USER ]"]
%% Flow logic
RemoteUser -- "public static ip" --> TS
Dev <--> TS
%% The Tunnel Logic
ERP -. "REVERSE TUNNEL" .-> TS
TS == "SECURE BRIDGE" ==> ERP
Router --- ERP
User -- "local lan access" --> ERP