Tunnels!

posts Java Spring Backend

AI Generated slop diagrams

Block

flowchart LR
    subgraph Internet
        User[("👤 User\n(Browser)")]
        Google["🔐 Google OAuth\n(Authentication)"]
        CF["☁️ Cloudflare Edge\n(1.appfarms.org)"]
    end

    subgraph Docker["Docker Network (proxy-net)"]
        subgraph Cloudflared["cloudflared container"]
            Tunnel["Cloudflare Tunnel\n(config.yml)"]
        end
        
        subgraph OAuth2["oauth2-proxy container"]
            Proxy["OAuth2 Proxy\n(:4180)"]
            EmailList[("📄 authorized_gmails.txt")]
        end
    end

    subgraph HomeLab["Home Lab Network"]
        Backend["🖥️ Backend Service\n(192.168.1.244)"]
    end

    User -->|"1. HTTPS Request"| CF
    CF <-->|"2. Secure Tunnel"| Tunnel
    Tunnel -->|"3. HTTP"| Proxy
    Proxy <-->|"4. OAuth Flow"| Google
    Proxy -->|"5. Check Email"| EmailList
    EmailList -->|"6. Authorized?"| Proxy
    Proxy -->|"7. Proxy Request"| Backend
    Backend -->|"8. Response"| Proxy

    style User fill:#e1f5fe
    style Google fill:#fff3e0
    style CF fill:#f3e5f5
    style Tunnel fill:#e8f5e9
    style Proxy fill:#fff8e1
    style EmailList fill:#fce4ec
    style Backend fill:#e0f2f1

Sequence Diagram

sequenceDiagram
    participant Browser as 🌐 Web Browser
    participant CF as ☁️ Cloudflare Edge<br/>(1.appfarms.org)
    participant Tunnel as 🐳 cloudflared<br/>Docker Container
    participant OAuth as 🔐 oauth2-proxy<br/>Docker Container
    participant Google as 🔑 Google OAuth
    participant Pi as 🍓 Raspberry Pi<br/>(192.168.1.244)
    participant SDR as 📻 RTL-SDR
    participant Antenna as 📡 Diamond X50A<br/>VHF/UHF Antenna

    Note over Browser,Antenna: Initial Authentication Flow
    
    Browser->>CF: HTTPS request to 1.appfarms.org
    CF->>Tunnel: Route through secure tunnel
    Tunnel->>OAuth: Forward to :4180
    OAuth->>Browser: Redirect to Google login
    Browser->>Google: Authenticate with Google
    Google->>Browser: Return OAuth token
    Browser->>OAuth: Present OAuth token
    
    Note over OAuth: Check email against<br/>authorized_gmails.txt
    
    alt Email Authorized
        OAuth->>Browser: Set session cookie
        
        Note over Browser,Antenna: Authenticated Data Flow
        
        Browser->>CF: Request SDR data
        CF->>Tunnel: Tunnel request
        Tunnel->>OAuth: Forward request
        OAuth->>Pi: Proxy to backend
        Pi->>SDR: Query SDR device
        SDR->>Antenna: Receive RF signals
        Antenna-->>SDR: VHF/UHF signals (144-148MHz, 420-450MHz)
        SDR-->>Pi: Digital IQ samples
        Pi-->>OAuth: Return data/waterfall
        OAuth-->>Tunnel: Response
        Tunnel-->>CF: Tunnel response
        CF-->>Browser: Display SDR interface
        
    else Email Not Authorized
        OAuth-->>Browser: 403 Forbidden
    end

    Note over Browser,Antenna: All traffic encrypted end-to-end<br/>No ports exposed to internet