Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Role: Internal Ingress

Purpose: Route HTTPS traffic to internal services accessible only from LAN or VPN.

Responsibilities:

  • Terminate TLS for *.risu.tech internal domains.
  • Enforce authentication before routing.
  • Reject traffic originating from public internet.

Guarantees:

  • No internal service is reachable without LAN/VPN presence.
  • Hostname-based routing is deterministic.

Out of Scope:

  • User identity storage.
  • Application-level authorization.