Jump to content

OpenVPN:Integration: Difference between revisions

From jb-vpn.uk Wiki
Added configuration guide: OpenVPN Integration with Reverse Proxy
 
Updated documentation from markdown files
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= OpenVPN Integration with Reverse Proxy =
This document describes how the OpenVPN server integrates with the reverse proxy system.
This document describes how the OpenVPN server integrates with the reverse proxy system.


Line 7: Line 5:
The OpenVPN server is essential for the reverse proxy system:
The OpenVPN server is essential for the reverse proxy system:


= '''Synology NAS connects''' via VPN (10.8.0.2) =
=== '''Synology NAS connects''' via VPN (10.8.0.2) for DSM, Plex, and SSH ===
= '''Nginx reverse proxy''' forwards requests to 10.8.0.2 =
== '''Caddy reverse proxy''' forwards public hostnames to local VPS services or to 10.8.0.2 via VPN ==
= '''Services are accessible''' via public subdomains without direct internet exposure =
== '''Services are accessible''' via HTTPS without exposing the NAS directly to the internet ==
= '''All traffic is encrypted''' through the VPN tunnel =
== '''All traffic is encrypted''' through the VPN tunnel ==


== Network Flow ==
== Network Flow ==


<pre>
<pre>
Internet → VPS (87.106.61.62)  
Internet → VPS (87.106.61.62)
   → Nginx Reverse Proxy
   → Caddy
   → OpenVPN Tunnel (tun0: 10.8.0.1 → 10.8.0.2)
   → (local) MediaWiki / WebApp on 127.0.0.1
  Synology NAS Services
  → (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex
</pre>
</pre>


== How It Works ==
== How It Works ==


= Client accesses a public subdomain (e.g., <code>wiki.jb-vpn.uk</code>) =
=== Client accesses a public subdomain (e.g., <code>dsm.jb-vpn.uk</code> or <code>wiki.jb-vpn.uk</code>) ===
= DNS resolves to VPS public IP (87.106.61.62) =
== DNS resolves to VPS public IP (87.106.61.62) ==
= Nginx receives the request on port 443 (HTTPS) =
== Caddy receives the request on port 443 (HTTPS) and terminates TLS ==
= SSL is terminated at the VPS =
== For VPS-hosted services (wiki, WebApp), Caddy proxies to <code>127.0.0.1</code> ==
= Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2) =
== For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to <code>10.8.0.2</code> ==
= The service on the Synology NAS responds =
== The backend responds; Caddy returns the response to the client ==
= The response travels back through the VPN tunnel =
= Nginx sends the response to the client =


== Benefits ==
== Benefits ==


'' '''No Direct Exposure''': Synology NAS is not directly accessible from the internet
* '''No Direct Exposure''': Synology NAS is not directly accessible from the internet
'' '''Encrypted Tunnel''': All traffic between VPS and NAS is encrypted via OpenVPN
 
'' '''Secure Access''': Services are accessible via HTTPS while remaining isolated
* '''Encrypted Tunnel''': All traffic between VPS and NAS is encrypted via OpenVPN
'' '''Centralized Management''': All services accessible through a single VPS
 
* '''Secure Access''': Services are accessible via HTTPS while remaining isolated
 
* '''Centralized Management''': All services accessible through a single VPS


== Requirements ==
== Requirements ==
Line 43: Line 42:
For the integration to work:
For the integration to work:


= '''OpenVPN server must be running''' on the VPS =
=== '''OpenVPN server must be running''' on the VPS ===
= '''Synology NAS must be connected''' to the VPN (10.8.0.2) =
== '''Synology NAS must be connected''' to the VPN (10.8.0.2) for DSM/Plex/SSH forwards ==
= '''VPN tunnel must be active''' (tun0 interface up) =
== '''VPN tunnel must be active''' (tun0 interface up) for Synology-backed hostnames ==
= '''Nginx must be configured''' to forward to 10.8.0.2 =
== '''Caddy must be configured''' in <code>/etc/caddy/Caddyfile</code> ==


== Verification ==
== Verification ==
Line 53: Line 52:


<pre class="lang-bash">
<pre class="lang-bash">
= Check VPN is running =
=== Check VPN is running ===
systemctl status openvpn
systemctl status openvpn


= Check VPN interface =
== Check VPN interface ==
ip addr show tun0
ip addr show tun0


= Check Synology is connected =
== Check Synology is connected ==
ping -c 2 10.8.0.2
ping -c 2 10.8.0.2


= Check Nginx can reach Synology =
== Check wiki on VPS ==
curl http://10.8.0.2:8080
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/
 
== Check DSM on Synology (via VPN) ==
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1
</pre>
</pre>


== Related Documentation ==
== Related Documentation ==


'' [System Overview](index.md) - Overall system architecture
* [System Overview](index.md) - Overall system architecture
'' [Server Configuration](server-configuration.md) - OpenVPN server setup
 
* [Server Configuration](server-configuration.md) - OpenVPN server setup
 
* [Adding Services](index.md) - Configuring services
* [Adding Services](index.md) - Configuring services


[[Category:Documentation]]
[[Category:Documentation]]
[[Category:Documentation/OpenVPN]]
[[Category:Documentation/OpenVPN]]

Latest revision as of 14:04, 16 May 2026

This document describes how the OpenVPN server integrates with the reverse proxy system.

Integration Overview

[edit]

The OpenVPN server is essential for the reverse proxy system:

Synology NAS connects via VPN (10.8.0.2) for DSM, Plex, and SSH

[edit]

Caddy reverse proxy forwards public hostnames to local VPS services or to 10.8.0.2 via VPN

[edit]

Services are accessible via HTTPS without exposing the NAS directly to the internet

[edit]

All traffic is encrypted through the VPN tunnel

[edit]

Network Flow

[edit]
Internet → VPS (87.106.61.62)
  → Caddy
  → (local) MediaWiki / WebApp on 127.0.0.1
  → (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex

How It Works

[edit]

Client accesses a public subdomain (e.g., dsm.jb-vpn.uk or wiki.jb-vpn.uk)

[edit]

DNS resolves to VPS public IP (87.106.61.62)

[edit]

Caddy receives the request on port 443 (HTTPS) and terminates TLS

[edit]

For VPS-hosted services (wiki, WebApp), Caddy proxies to 127.0.0.1

[edit]

For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to 10.8.0.2

[edit]

The backend responds; Caddy returns the response to the client

[edit]

Benefits

[edit]
  • No Direct Exposure: Synology NAS is not directly accessible from the internet
  • Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN
  • Secure Access: Services are accessible via HTTPS while remaining isolated
  • Centralized Management: All services accessible through a single VPS

Requirements

[edit]

For the integration to work:

OpenVPN server must be running on the VPS

[edit]

Synology NAS must be connected to the VPN (10.8.0.2) for DSM/Plex/SSH forwards

[edit]

VPN tunnel must be active (tun0 interface up) for Synology-backed hostnames

[edit]

Caddy must be configured in /etc/caddy/Caddyfile

[edit]

Verification

[edit]

Check that the integration is working: 

=== Check VPN is running ===
systemctl status openvpn

== Check VPN interface ==
ip addr show tun0

== Check Synology is connected ==
ping -c 2 10.8.0.2

== Check wiki on VPS ==
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/

== Check DSM on Synology (via VPN) ==
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1
[edit]
  • [System Overview](index.md) - Overall system architecture
  • [Server Configuration](server-configuration.md) - OpenVPN server setup
  • [Adding Services](index.md) - Configuring services
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=OpenVPN:Integration&oldid=260"