STRAGI Docs
v1.4.0

Infrastructure Fundamentals

This documentation covers the core concepts required to host websites and services. It focuses on the relationship between hardware (servers), accessibility (ports/IPs), and traffic management (proxies/tunnels).

Server

The machine running the application logic and database.

Reverse Proxy

The gateway that manages incoming traffic, SSL, and routing.

Tunnel

A method to expose local environments to the public internet securely.

Servers & Hosting Architectures

A server is strictly defined as a computer providing data to other computers. In a web context, this usually involves a Linux-based OS running daemon processes (like Nginx, Apache, or Docker containers).

Deployment Hierarchy

Choosing a hosting environment depends on access requirements and technical overhead.

Localhost / Bare Metal

Running directly on your hardware. Best for development or homelabs. Requires networking configuration (Port Forwarding) to be reachable.

VPS (Virtual Private Server)

A slice of a physical server (e.g., EC2, DigitalOcean Droplet). You get a dedicated public IPv4 address and full root access.

Managed / PaaS

Platforms like Vercel or Heroku. The underlying server and OS are abstracted away; you only deploy code.

Reverse Proxies

A reverse proxy sits in front of your application servers. It intercepts requests from clients and forwards them to the appropriate backend service.

Key Functions

  • Load Balancing: Distributing traffic across multiple servers.
  • SSL Termination: Decrypting HTTPS traffic before it reaches the app.
  • Security: Hiding the identity/topology of backend servers.

Nginx Configuration Example

A standard block configured to forward port 80 traffic to a Node.js application running on port 3000.

server {
    listen 80;
    server_name api.example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Tunneling

Tunneling encapsulates a network protocol within another. It is frequently used to bypass NAT (Network Address Translation) or firewalls, allowing a machine without a public IP address to be accessible from the internet.

Common Implementation: SSH Reverse Tunnel

Forward a port on a remote public server to a local port.

# Syntax: ssh -R [remote_port]:[local_host]:[local_port] user@remote
ssh -R 8080:localhost:80 user@vps.example.com

Result: Traffic hitting vps.example.com:8080 is routed to your local machine's port 80.

Cloudflare Tunnel (cloudflared)

A daemon-based approach where the server establishes an outbound connection to the Cloudflare edge network. This eliminates the need to open inbound ports on the router firewall.

Ports, NAT, and Firewalls

Network communication relies on IP addresses (location) and Ports (specific service at that location).

The "Well-Known" Ports (0-1023)

System ports reserved for standard services. On Linux, binding to these ports typically requires root privileges.

Diagnostic Commands (Linux)

  • ss -tuln Display all listening TCP/UDP ports.
  • ip addr Show assigned IP addresses.
  • ufw status Check the status of the Uncomplicated Firewall.
  • curl -I localhost Retrieve HTTP headers from a local service.

DNS Records

The Domain Name System maps human-readable names to IP addresses. Incorrect DNS configuration is the most common cause of downtime.

Type Usage Example Value
A Maps hostname to IPv4 192.0.2.1
AAAA Maps hostname to IPv6 2001:db8::1
CNAME Alias to another domain gh-pages.github.io

Knowledge Check

Loading...