The principle architecture can be implemented in different ways to serve distinct needs. They all vary with regard to number of internet gateways, number of servers on the edge, number of virtual private networks (VPN).
Some of the basic variations that we have been running productively for long time are described below.
A Linux virtual private server (VPS) that is accessible on the Internet through a public (and a static) IP address. It needs to be fully managed by you, i.e. you need to have means to connect to the Internet Gateway via SSH and root access.
In our experience Internet Gateways serve three distinct purposes.
Thus, Internet Gateways turn out to be exposing certain TCP/UDP ports of the Servers on the Edge on the Internet making them accessible. They also provide support for web applications published on Servers on the Edge to be exposed to the Internet through a reverse proxy on standard ports, e.g. 443.
The Servers on the Edge are also nodes in the VPN. They are not visible or accessible to the Internet in any direct way. Some selected services running on the Servers on the Edge may be exposed to the Internet through Internet Gateways.
The Servers on the Edge usually expose more than one applications through Internet Gateways. Each application is fully isolated in its own Linux container running on the respective Server on the Edge.
Here we maintain the technical decisions that are fundamental to the architecture and technical design for self hosting applications proposed by The Liberated Edge.