Dwarfguard system entites and connected entities

1. [DT] Dwarfguard agent running on endpoint device

2. Server SSL termination point

3. Apache reverse proxy

4. [DT] Dwarfguard daemon

5. MariaDB database

6. [DT] Dwarfguard UI

7. Admin user web-browser

8. Server commandline (+ [DT] Dwarfguard cmdline integration)

9. Operating System

10. Webtunnel init (from device)

11. Webtunnel connect (from user)

12. [DT] Multi-device agent mass install Python script

Network (TCP/IP) communication initiated by Dwarfguard entities

1. -> 2.+3.+4.

7. -> 2.+3.+6.

10. -> 9.

11. -> 2.+3.+1.

12. -> 1.

Local deployed server communication (to http://127.0.0.1:8484+)

4. -> 5.

6. -> 4.

4. -> 5.

8. -> *

Data storage and encryption, certificates, auth data

1. Agent data storage

2. Server data storage

3. Server data backup


Do's and Dont's:

During deployment, use --nossl prameter when having separate SSL termination point only. (all devices access via https all the time, using --nossl without SSL termination will simply not work)

Prefer valid certificates over self-signed ones as that does not relay on distributing the crt file to the clients (while this is included in the agent archive automatically, you need to refresh it before it expires or enable support for certificate auto-exchange (setting security=1 (downgrade from default security=2) on agent))