| Subnet | Gateway | Purpose |
|---|---|---|
| 192.168.9.0/24 | 192.168.9.1 (pfSense WAN-side) | Primary — Proxmox nodes, most VMs |
| 192.168.8.0/24 | 192.168.8.1 (pfSense LAN) | Secondary — DB replicas, some VMs |
| 192.168.8.0/23 | pfSense | Flat L2 — NetBox ARP sweeps this range |
| VM | IP | Role | Proxmox Node |
|---|---|---|---|
| VM 521 (primary) | LAN: 192.168.8.1, WAN: 103.240.222.x | Primary, all config lives here | bm01 |
| VM 522 (secondary) | LAN: 192.168.8.2, WAN: 192.168.9.200 | Backup, synced from primary | bm04 |
Login: manoj / Mnjkumar@429 (both nodes)
hasync / HasyncProx1289CARP failover not yet active. Requires ISP VLAN bridged to bm04 for secondary's WAN interface. Current public IPs are IP aliases on WAN (not CARP) — manual failover only.
Public IP 103.240.222.132 → VIP 192.168.9.114 (HAProxy+Keepalived) → OpenResty → Apps
| VIP | Protocol | Managed By | Purpose |
|---|---|---|---|
| 192.168.9.114 | Keepalived | haproxy-01 (MASTER: 8.112) / haproxy-02 (BACKUP: 8.113) | Client entry → HAProxy → OpenResty |
| 192.168.9.92 | Keepalived | haproxy-k3s (VM 508) | k3s API + Traefik ingress |
Internet
→ pfSense NAT (103.240.222.x → 192.168.9.114)
→ Keepalived VIP 192.168.9.114
→ HAProxy (MASTER: 8.112 OR BACKUP: 8.113)
TCP passthrough, balance source (sticky by client IP)
health check every 5s, ~4s failover
→ prod-web01 (9.160) OR prod-web02 (8.111)
OpenResty — SSL termination, proxy_cache
→ k3s Traefik (192.168.9.92:80, Host header)
→ App pods
admin / haproxy123All *.smartb.com.au domains resolve to 103.240.222.132 (pfSense NAT → 9.114 VIP).
Key domains: smartb.com.au, wiki.smartb.com.au, backup.smartb.com.au, plane.smartb.com.au, monitor.smartb.com.au, logger.smartb.com.au