Services:Step By Step
Follow these steps to expose a new service through the VPS reverse proxy (Caddy).
Step 1: Add a Caddy site block
[edit]Edit /etc/caddy/Caddyfile and add a block for your hostname.
VPS-local service (Docker on 127.0.0.1):
newservice.jb-vpn.uk {
reverse_proxy http://127.0.0.1:PORT {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}
}
NAS service (via OpenVPN at 10.8.0.2):
newservice.jb-vpn.uk {
reverse_proxy http://10.8.0.2:PORT {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
}
}
NAS HTTPS backend (e.g. DSM-style):
newservice.jb-vpn.uk {
reverse_proxy https://10.8.0.2:PORT {
transport http {
tls_insecure_skip_verify
}
header_up Host {host}
header_up X-Forwarded-Proto {scheme}
}
}
Replace PORT with the internal port and ensure DNS points to the VPS.
Step 2: Validate and reload
[edit]caddy validate --config /etc/caddy/Caddyfile systemctl reload caddy
Step 3: Verify connectivity
[edit]nslookup newservice.jb-vpn.uk curl -I https://newservice.jb-vpn.uk
For NAS backends, confirm VPN first:
ping -c 2 10.8.0.2 curl -sI -m 5 http://10.8.0.2:PORT | head -1
Step 4: TLS
[edit]Caddy obtains and renews Let's Encrypt certificates automatically when:
- DNS for the hostname points to
87.106.61.62
- Ports 80 and 443 are reachable on the VPS
Check logs if HTTPS fails on first request:
journalctl -u caddy -n 50
Step 5: Browser test
[edit]Open https://newservice.jb-vpn.uk and confirm the service loads with a valid certificate.
Removing a service
[edit]- Remove the site block from
/etc/caddy/Caddyfile caddy validate --config /etc/caddy/Caddyfilesystemctl reload caddy
Related documentation
[edit]- [Prerequisites Prerequisites]
- [Service Examples Service Examples]
- [Configuration Options Configuration Options]