Jump to content

Services:Current Services: Difference between revisions

From jb-vpn.uk Wiki
← Older edit
Major update - troubleshooting guide: Current Services - Service Inventory (32 sections)
Updated documentation from markdown files
 
Line 7: Line 7:
| Service || Subdomain || Internal Port || Protocol || Status || SSL
| Service || Subdomain || Internal Port || Protocol || Status || SSL
|-
|-
| Wiki || wiki.jb-vpn.uk || 8080 || HTTP || Active || ✅
| Wiki || wiki.jb-vpn.uk || 8010 || HTTP || Active || ✅
|-
|-
| Werbs-Wiki || werbs-wiki.jb-vpn.uk || 8081 || HTTP || Active || ✅
| Werbs-Wiki || werbs-wiki.jb-vpn.uk || 8011 || HTTP || Active || ✅
|-
|-
| Synology DSM || dsm.jb-vpn.uk || 5001 || HTTPS || Active || ✅
| Synology DSM || dsm.jb-vpn.uk || 5001 || HTTPS || Active || ✅
Line 26: Line 26:


'''Internal Configuration''':
'''Internal Configuration''':
* '''Target IP''': <code>10.8.0.2</code> (Synology NAS via VPN)
* '''Host''': VPS (Docker)
 
* '''Target''': <code>127.0.0.1:8010</code> (container <code>wiki-mediawiki</code>)


* '''Target Port''': <code>8080</code>
* '''Stack''': <code>/var/www/wiki.jb/</code>


* '''Protocol''': HTTP
* '''Protocol''': HTTP


'''Nginx Configuration''':
'''Reverse Proxy''':
* '''File''': <code>/etc/nginx/sites-available/wiki.jb-vpn.uk</code>
* '''Caddy''': <code>/etc/caddy/Caddyfile</code> (<code>wiki.jb-vpn.uk</code> <code>127.0.0.1:8010</code>)
 
* '''Enabled''': <code>/etc/nginx/sites-enabled/wiki.jb-vpn.uk</code>


'''SSL Certificate''':
'''SSL Certificate''':
* '''Provider''': Let's Encrypt
* '''Provider''': Let's Encrypt (via Caddy)


* '''Certificate Path''': <code>/etc/letsencrypt/live/wiki.jb-vpn.uk/</code>
* '''Status''': Valid
 
* '''Expiry Date''': 2026-02-01
 
* '''Status''': Valid (89 days remaining)


'''Traffic Flow''':
'''Traffic Flow''':
<pre>
<pre>
External Request → wiki.jb-vpn.uk:443 (HTTPS)  
External Request → wiki.jb-vpn.uk:443 (HTTPS)
   → Nginx Reverse Proxy (SSL Termination)
   → Caddy (SSL termination)
   → 10.8.0.2:8080 (HTTP on Synology NAS)
   → 127.0.0.1:8010 (MediaWiki Docker on VPS)
</pre>
</pre>


Line 79: Line 75:


'''Internal Configuration''':
'''Internal Configuration''':
* '''Target IP''': <code>10.8.0.2</code> (Synology NAS via VPN)
* '''Host''': VPS (Docker)
 
* '''Target''': <code>127.0.0.1:8011</code> (container <code>wiki-werbs-mediawiki</code>)


* '''Target Port''': <code>8081</code>
* '''Stack''': <code>/var/www/wiki.jb/</code>


* '''Protocol''': HTTP
* '''Protocol''': HTTP


'''Nginx Configuration''':
'''Reverse Proxy''':
* '''File''': <code>/etc/nginx/sites-available/werbs-wiki.jb-vpn.uk</code>
* '''Caddy''': <code>/etc/caddy/Caddyfile</code> (<code>werbs-wiki.jb-vpn.uk</code> <code>127.0.0.1:8011</code>)
 
* '''Enabled''': <code>/etc/nginx/sites-enabled/werbs-wiki.jb-vpn.uk</code>


'''SSL Certificate''':
'''SSL Certificate''':
* '''Provider''': Let's Encrypt
* '''Provider''': Let's Encrypt (via Caddy)


* '''Certificate Path''': <code>/etc/letsencrypt/live/werbs-wiki.jb-vpn.uk/</code>
* '''Status''': Valid
 
* '''Expiry Date''': 2026-02-01
 
* '''Status''': Valid (89 days remaining)


'''Traffic Flow''':
'''Traffic Flow''':
<pre>
<pre>
External Request → werbs-wiki.jb-vpn.uk:443 (HTTPS)  
External Request → werbs-wiki.jb-vpn.uk:443 (HTTPS)
   → Nginx Reverse Proxy (SSL Termination)
   → Caddy (SSL termination)
   → 10.8.0.2:8081 (HTTP on Synology NAS)
   → 127.0.0.1:8011 (MediaWiki Docker on VPS)
</pre>
</pre>


Line 137: Line 129:
* '''Protocol''': HTTPS
* '''Protocol''': HTTPS


'''Nginx Configuration''':
'''Reverse Proxy''':
* '''File''': <code>/etc/nginx/sites-available/dsm.jb-vpn.uk</code>
* '''Caddy''': <code>/etc/caddy/Caddyfile</code> (<code>dsm.jb-vpn.uk</code> <code>https://10.8.0.2:5001</code>)
 
* '''Enabled''': <code>/etc/nginx/sites-enabled/dsm.jb-vpn.uk</code>


'''SSL Certificate''':
'''SSL Certificate''':
* '''Provider''': Let's Encrypt
* '''Provider''': Let's Encrypt (via Caddy)
 
* '''Certificate Path''': <code>/etc/letsencrypt/live/vps.jb-vpn.uk/</code> (shared certificate)


* '''Status''': Valid
* '''Status''': Valid
Line 151: Line 139:
'''Traffic Flow''':
'''Traffic Flow''':
<pre>
<pre>
External Request → dsm.jb-vpn.uk:443 (HTTPS)  
External Request → dsm.jb-vpn.uk:443 (HTTPS)
   → Nginx Reverse Proxy (SSL Termination)
   → Caddy (SSL termination)
   → 10.8.0.2:5001 (HTTPS on Synology NAS)
   → 10.8.0.2:5001 (HTTPS on NAS via VPN)
</pre>
</pre>


Line 185: Line 173:
* '''Protocol''': HTTP
* '''Protocol''': HTTP


'''Nginx Configuration''':
'''Reverse Proxy''':
* '''File''': <code>/etc/nginx/sites-available/plex.jb-vpn.uk</code>
* '''Caddy''': <code>/etc/caddy/Caddyfile</code> (<code>plex.jb-vpn.uk</code> <code>http://10.8.0.2:32400</code>)
 
* '''Enabled''': <code>/etc/nginx/sites-enabled/plex.jb-vpn.uk</code>


'''SSL Certificate''':
'''SSL Certificate''':
* '''Provider''': Let's Encrypt
* '''Provider''': Let's Encrypt (via Caddy)
 
* '''Certificate Path''': <code>/etc/letsencrypt/live/vps.jb-vpn.uk/</code> (shared certificate)


* '''Status''': Valid
* '''Status''': Valid
Line 199: Line 183:
'''Traffic Flow''':
'''Traffic Flow''':
<pre>
<pre>
External Request → plex.jb-vpn.uk:443 (HTTPS)  
External Request → plex.jb-vpn.uk:443 (HTTPS)
   → Nginx Reverse Proxy (SSL Termination)
   → Caddy (SSL termination)
   → 10.8.0.2:32400 (HTTP on Synology NAS)
   → 10.8.0.2:32400 (HTTP on NAS via VPN)
</pre>
</pre>


Line 249: Line 233:
* '''Protocol''': Direct file serving
* '''Protocol''': Direct file serving


'''Nginx Configuration''':
'''Reverse Proxy''':
* '''File''': <code>/etc/nginx/sites-available/vps.jb-vpn.uk</code>
* '''Caddy''': <code>/etc/caddy/Caddyfile</code> (<code>vps.jb-vpn.uk</code> <code>file_server</code> for <code>/var/www/html</code>)
 
* '''Enabled''': <code>/etc/nginx/sites-enabled/vps.jb-vpn.uk</code>


'''SSL Certificate''':
'''SSL Certificate''':
* '''Provider''': Let's Encrypt
* '''Provider''': Let's Encrypt (via Caddy)
 
* '''Certificate Path''': <code>/etc/letsencrypt/live/vps.jb-vpn.uk/</code>


* '''Status''': Valid
* '''Status''': Valid
Line 263: Line 243:
'''Traffic Flow''':
'''Traffic Flow''':
<pre>
<pre>
External Request → vps.jb-vpn.uk:443 (HTTPS)  
External Request → vps.jb-vpn.uk:443 (HTTPS)
   → Nginx (SSL Termination)
   → Caddy (SSL termination + file_server)
   → /var/www/html (Local file serving)
   → /var/www/html
</pre>
</pre>


Line 309: Line 289:
'''Configuration File''': <code>/etc/ssh-port-forwards.conf</code>
'''Configuration File''': <code>/etc/ssh-port-forwards.conf</code>


'''Note''': This is a direct port forward via iptables, not handled by nginx.
'''Note''': This is a direct port forward via iptables, not handled by Caddy.


----
----
Line 325: Line 305:
</pre>
</pre>


=== Check SSL Certificates ===
=== Check Caddy ===
 
<pre class="lang-bash">
certbot certificates
</pre>
 
=== Check Nginx Status ===


<pre class="lang-bash">
<pre class="lang-bash">
systemctl status nginx
systemctl status caddy
</pre>
caddy validate --config /etc/caddy/Caddyfile
 
=== View Active Sites ===
 
<pre class="lang-bash">
ls -la /etc/nginx/sites-enabled/
</pre>
</pre>


Line 349: Line 318:
=== Required for All Services ===
=== Required for All Services ===


==== '''OpenVPN Tunnel''': Must be active (tun0 interface up) ====
==== '''OpenVPN Tunnel''': Must be active (tun0 interface up) for Synology-backed services ====
== '''Synology NAS''': Must be connected to VPN (10.8.0.2 reachable) ==
== '''Synology NAS''': Must be connected to VPN (10.8.0.2 reachable) for DSM/Plex ==
== '''Nginx Service''': Must be running ==
== '''Caddy''': Must be running on the VPS (ports 80/443) ==
== '''DNS Records''': Must point to VPS IP (87.106.61.62) ==
== '''DNS Records''': Must point to VPS IP (87.106.61.62) ==


=== Service-Specific Requirements ===
=== Service-Specific Requirements ===


* '''Wiki/Werbs-Wiki''': Services must be running on ports 8080/8081
* '''Wiki/Werbs-Wiki''': Docker stack at <code>/var/www/wiki.jb/</code> (<code>docker compose ps</code> healthy)


* '''DSM''': Synology DSM must be enabled
* '''DSM''': Synology DSM must be enabled
Line 369: Line 338:


=== Daily ===
=== Daily ===
* Monitor nginx error logs
* Check service availability (<code>curl -I</code> on key hostnames)


* Check service availability
* Review Caddy logs if something fails (<code>journalctl -u caddy</code>)


=== Weekly ===
=== Weekly ===
* Review access logs for anomalies
* <code>docker compose ps</code> for wiki and WebApp stacks


* Verify SSL certificate status
* Spot-check HTTPS on public hostnames


=== Monthly ===
=== Monthly ===
* Backup nginx configurations
* Backup <code>/etc/caddy/Caddyfile</code>


* Review and update documentation
* Review and update documentation
* Check for service updates


=== Quarterly ===
=== Quarterly ===
* Verify SSL certificate auto-renewal
* Verify TLS renewal via Caddy logs


* Review firewall rules
* Review firewall rules
Line 398: Line 365:
'''Total Services''': 5 web services + 1 SSH port forward
'''Total Services''': 5 web services + 1 SSH port forward


'''SSL Certificates''': 3 unique certificates (some shared)
'''Edge proxy''': Caddy (<code>/etc/caddy/Caddyfile</code>)
 
'''Configuration''': One Caddyfile for all public hostnames


'''Configuration Files''': 5 nginx site configurations
'''Internal Ports Used (VPS)''': 8010, 8011, 8008, 8009, 8080 (phpMyAdmin)


'''Internal Ports Used''': 8080, 8081, 5001, 32400, 22
'''Internal Ports Used (Synology via VPN)''': 5001, 32400, 22


----
----

Latest revision as of 14:04, 16 May 2026

This document provides a detailed inventory of all services currently configured on the reverse proxy system.

Service Summary

[edit]
Service Subdomain Internal Port Protocol Status SSL
Wiki wiki.jb-vpn.uk 8010 HTTP Active
Werbs-Wiki werbs-wiki.jb-vpn.uk 8011 HTTP Active
Synology DSM dsm.jb-vpn.uk 5001 HTTPS Active
Plex Media Server plex.jb-vpn.uk 32400 HTTP Active
VPS Default vps.jb-vpn.uk - - Active

Service Details

[edit]

1. Wiki Service

[edit]

Subdomain: wiki.jb-vpn.uk

Public Access: https://wiki.jb-vpn.uk

Internal Configuration:

  • Host: VPS (Docker)
  • Target: 127.0.0.1:8010 (container wiki-mediawiki)
  • Stack: /var/www/wiki.jb/
  • Protocol: HTTP

Reverse Proxy:

  • Caddy: /etc/caddy/Caddyfile (wiki.jb-vpn.uk127.0.0.1:8010)

SSL Certificate:

  • Provider: Let's Encrypt (via Caddy)
  • Status: Valid

Traffic Flow: 

External Request → wiki.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 127.0.0.1:8010 (MediaWiki Docker on VPS)

Configuration Details:

  • HTTP to HTTPS redirect: ✅ Enabled
  • WebSocket support: ✅ Enabled
  • Extended timeouts: ✅ 300 seconds
  • Proxy headers: ✅ Full set configured

DNS Record: wiki.jb-vpn.uk87.106.61.62

Test Command: 

curl -I https://wiki.jb-vpn.uk
== Or access directly: https://wiki.jb-vpn.uk/index.php?title=Main_Page ==

2. Werbs-Wiki Service

[edit]

Subdomain: werbs-wiki.jb-vpn.uk

Public Access: https://werbs-wiki.jb-vpn.uk

Internal Configuration:

  • Host: VPS (Docker)
  • Target: 127.0.0.1:8011 (container wiki-werbs-mediawiki)
  • Stack: /var/www/wiki.jb/
  • Protocol: HTTP

Reverse Proxy:

  • Caddy: /etc/caddy/Caddyfile (werbs-wiki.jb-vpn.uk127.0.0.1:8011)

SSL Certificate:

  • Provider: Let's Encrypt (via Caddy)
  • Status: Valid

Traffic Flow: 

External Request → werbs-wiki.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 127.0.0.1:8011 (MediaWiki Docker on VPS)

Configuration Details:

  • HTTP to HTTPS redirect: ✅ Enabled
  • WebSocket support: ✅ Enabled
  • Extended timeouts: ✅ 300 seconds
  • Proxy headers: ✅ Full set configured

DNS Record: werbs-wiki.jb-vpn.uk87.106.61.62

Test Command: 

curl -I https://werbs-wiki.jb-vpn.uk

3. Synology DSM

[edit]

Subdomain: dsm.jb-vpn.uk

Public Access: https://dsm.jb-vpn.uk

Internal Configuration:

  • Target IP: 10.8.0.2 (Synology NAS via VPN)
  • Target Port: 5001
  • Protocol: HTTPS

Reverse Proxy:

SSL Certificate:

  • Provider: Let's Encrypt (via Caddy)
  • Status: Valid

Traffic Flow: 

External Request → dsm.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 10.8.0.2:5001 (HTTPS on NAS via VPN)

Configuration Details:

  • HTTP to HTTPS redirect: ✅ Enabled
  • WebSocket support: ✅ Enabled (for DSM WebSocket features)
  • Internal HTTPS: ✅ Passes through to Synology HTTPS

DNS Record: dsm.jb-vpn.uk87.106.61.62

Test Command: 

curl -I https://dsm.jb-vpn.uk

4. Plex Media Server

[edit]

Subdomain: plex.jb-vpn.uk

Public Access: https://plex.jb-vpn.uk

Internal Configuration:

  • Target IP: 10.8.0.2 (Synology NAS via VPN)
  • Target Port: 32400
  • Protocol: HTTP

Reverse Proxy:

SSL Certificate:

  • Provider: Let's Encrypt (via Caddy)
  • Status: Valid

Traffic Flow: 

External Request → plex.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 10.8.0.2:32400 (HTTP on NAS via VPN)

Configuration Details:

  • HTTP to HTTPS redirect: ✅ Enabled
  • Plex-specific headers: ✅ Configured
 * X-Plex-Client-Identifier

 * X-Plex-Device

 * X-Plex-Product

 * X-Plex-Version

 * X-Plex-Platform

 * X-Plex-Platform-Version

 * X-Plex-Device-Name

 * X-Plex-Provides

 * X-Plex-Token

DNS Record: plex.jb-vpn.uk87.106.61.62

Test Command: 

curl -I https://plex.jb-vpn.uk

5. VPS Default Web Directory

[edit]

Subdomain: vps.jb-vpn.uk

Public Access: https://vps.jb-vpn.uk

Internal Configuration:

  • Type: Static files
  • Web Root: /var/www/html
  • Protocol: Direct file serving

Reverse Proxy:

  • Caddy: /etc/caddy/Caddyfile (vps.jb-vpn.ukfile_server for /var/www/html)

SSL Certificate:

  • Provider: Let's Encrypt (via Caddy)
  • Status: Valid

Traffic Flow: 

External Request → vps.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination + file_server)
  → /var/www/html

Configuration Details:

  • HTTP to HTTPS redirect: ✅ Enabled
  • Static file serving: ✅ Enabled
  • Index files: index.html, index.htm, index.nginx-debian.html

DNS Record: vps.jb-vpn.uk87.106.61.62

Test Command: 

curl -I https://vps.jb-vpn.uk

Additional Services (Non-Web)

[edit]

SSH Port Forwarding

[edit]

SSH port forwarding is managed through a centralized configuration system. See [SSH Port Forwarding Management](index.md) for complete documentation.

Current Forwards:

  • Synology NAS: Port 2222210.8.0.2:22
 * Access: ssh -p 22222 user@87.106.61.62

Management: 

== List all SSH port forwards ==
sudo ssh-forward list

== Add a new device ==
sudo ssh-forward add <name> <external_port> <vpn_ip> [ssh_port]

== Remove a device ==
sudo ssh-forward remove <name>

Configuration File: /etc/ssh-port-forwards.conf

Note: This is a direct port forward via iptables, not handled by Caddy.

Service Status Monitoring

[edit]

Check All Services

[edit]
==== Test all HTTPS services ====
for domain in wiki.jb-vpn.uk werbs-wiki.jb-vpn.uk dsm.jb-vpn.uk plex.jb-vpn.uk vps.jb-vpn.uk; do
    echo "Testing $domain..."
    curl -I -s https://$domain | head -1
done

Check Caddy

[edit]
systemctl status caddy
caddy validate --config /etc/caddy/Caddyfile

Service Dependencies

[edit]

Required for All Services

[edit]

OpenVPN Tunnel: Must be active (tun0 interface up) for Synology-backed services

[edit]

Synology NAS: Must be connected to VPN (10.8.0.2 reachable) for DSM/Plex

[edit]

Caddy: Must be running on the VPS (ports 80/443)

[edit]

DNS Records: Must point to VPS IP (87.106.61.62)

[edit]

Service-Specific Requirements

[edit]
  • Wiki/Werbs-Wiki: Docker stack at /var/www/wiki.jb/ (docker compose ps healthy)
  • DSM: Synology DSM must be enabled
  • Plex: Plex Media Server must be running
  • VPS Default: No dependencies (local files only)

Maintenance Schedule

[edit]

Daily

[edit]
  • Check service availability (curl -I on key hostnames)
  • Review Caddy logs if something fails (journalctl -u caddy)

Weekly

[edit]
  • docker compose ps for wiki and WebApp stacks
  • Spot-check HTTPS on public hostnames

Monthly

[edit]
  • Backup /etc/caddy/Caddyfile
  • Review and update documentation

Quarterly

[edit]
  • Verify TLS renewal via Caddy logs
  • Review firewall rules
  • Update system packages

Service Statistics

[edit]

Total Services: 5 web services + 1 SSH port forward

Edge proxy: Caddy (/etc/caddy/Caddyfile)

Configuration: One Caddyfile for all public hostnames

Internal Ports Used (VPS): 8010, 8011, 8008, 8009, 8080 (phpMyAdmin)

Internal Ports Used (Synology via VPN): 5001, 32400, 22

Retrieved from "https://wiki.jb-vpn.uk/index.php?title=Services:Current_Services&oldid=253"