System:Network Architecture

This document describes the network architecture of the jb-vpn.uk infrastructure.

Internet → VPS (87.106.61.62) → Caddy (443)
              ├→ 127.0.0.1 — Docker (WebApp, MediaWiki, phpMyAdmin)
              └→ OpenVPN (tun0) → NAS (10.8.0.2) — DSM, Plex, SSH

• VPS public IP: 87.106.61.62

• VPN network: 10.8.0.0/24

• VPN interface: tun0 (10.8.0.1 on VPS)

• NAS VPN IP: 10.8.0.2

• Edge proxy: Caddy (ports 80/443)

• TLS: Let's Encrypt (automatic via Caddy)

1. Client request — user opens a hostname (e.g. wiki.jb-vpn.uk)
2. DNS — record points to 87.106.61.62
3. Caddy — receives HTTPS on port 443, terminates TLS
4. Routing — Caddy proxies to a local upstream or through tun0 to 10.8.0.2
5. Response — backend → Caddy → client

Example (main wiki):

Browser → wiki.jb-vpn.uk:443 → Caddy → 127.0.0.1:8010 (wiki-mediawiki)

Example (DSM):

Browser → dsm.jb-vpn.uk:443 → Caddy → https://10.8.0.2:5001

┌─────────────┐
│   Client    │
└──────┬──────┘
       │ HTTPS (443)
       ▼
┌─────────────────────────────────────┐
│         VPS (87.106.61.62)          │
│  ┌───────────────────────────────┐  │
│  │  Caddy (TLS + routing)        │  │
│  └───────────┬───────────────────┘  │
│              │                       │
│     ┌────────┴────────┐              │
│     ▼                 ▼              │
│  127.0.0.1         tun0 → 10.8.0.2   │
│  Docker stacks     NAS services      │
│  - 8010/8011 Wiki  - 5001 DSM        │
│  - 8008/8009 App   - 32400 Plex      │
│  - 8080 phpMyAdmin                   │
└─────────────────────────────────────┘

• [Components Components] — component details

• Services:Current Services — hostname inventory

• OpenVPN Integration — VPN and proxy interaction