af1236202d
- F14: late_chase_risk_score 검증 * GAS가 유일한 생산처 (Python canonical 없음) * migration_action: KEEP_IN_GAS로 정정, status: DONE - F02/F03/F04/F06: priceBasis 로직 포팅 * formulas/price_basis_v1.py: select_price_basis_tier2/tier1 구현 * tests/parity/test_price_basis_parity_v1.py: 8 parity 테스트 (모두 PASS) * GAS Number.isFinite() 의미론 정확히 재현 (math.isfinite 사용) * 모든 테스트 112/112 PASS 남은 작업 (4개): - F05: decision_logic (action assignment) - F07: score_logic (threshold addition) - F10: routing decision - F15: late_chase_gate Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
39 lines
1.0 KiB
Markdown
39 lines
1.0 KiB
Markdown
# Synology Snapshot Admin Firewall and Reverse Proxy Table
|
|
|
|
Use these values for the first POC.
|
|
|
|
## Reverse proxy rule
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| Rule name | `snapshot-admin` |
|
|
| Source protocol | `HTTPS` |
|
|
| Source hostname | `admin.example.com` |
|
|
| Source port | `443` |
|
|
| Source path | `/` |
|
|
| Destination protocol | `HTTP` |
|
|
| Destination hostname | `127.0.0.1` |
|
|
| Destination port | `8787` |
|
|
|
|
## Firewall rules
|
|
|
|
| Rule | Action | Source | Destination | Port |
|
|
|---|---|---|---|---|
|
|
| Reverse proxy public entry | Allow | WAN or trusted public CIDR | NAS | `443/TCP` |
|
|
| Raw service port | Deny | WAN | NAS | `8787/TCP` |
|
|
| Optional office/VPN allowlist | Allow | Office/VPN CIDR only | NAS | `443/TCP` |
|
|
|
|
## Certificate
|
|
|
|
| Field | Value |
|
|
|---|---|
|
|
| Type | TLS certificate |
|
|
| Hostname | `admin.example.com` |
|
|
| Binding | Reverse proxy rule `snapshot-admin` |
|
|
|
|
## Notes
|
|
|
|
- Keep `8787/TCP` private.
|
|
- Keep Basic Auth enabled in the Python service.
|
|
- Use `127.0.0.1` for the backend destination unless you are explicitly testing direct bind mode.
|