Jump to content

SSH Port Forwarding:Best Practices: Difference between revisions

From jb-vpn.uk Wiki
Added troubleshooting guide: Best Practices for Adding Services
 
Updated documentation from markdown files
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
= Best Practices for Adding Services =
This document outlines best practices when adding new services to the reverse proxy system.
This document outlines best practices when adding new services to the reverse proxy system.


== General Best Practices ==
== General Best Practices ==


= '''Always test configuration''' before reloading nginx =
=== '''Always validate Caddy''' before reloading (<code>caddy validate</code>) when changing public hostnames ===
= '''Use descriptive subdomain names''' that indicate the service =
== '''Use descriptive subdomain names''' that indicate the service ==
= '''Document your services''' in [Current Services](current-services.md) =
== '''Document your services''' in [Current Services](current-services.md) ==
= '''Backup configurations''' before making changes =
== '''Backup configurations''' before making changes ==
= '''Monitor logs''' after adding new services =
== '''Monitor logs''' after adding new services ==
= '''Use HTTPS''' for all public-facing services =
== '''Use HTTPS''' for all public-facing services ==
= '''Test thoroughly''' before marking service as complete =
== '''Test thoroughly''' before marking service as complete ==


== Checklist ==
== Checklist ==
Line 17: Line 15:
Use this checklist when adding a new service:
Use this checklist when adding a new service:


'' [ ] DNS A record created and propagated
* [ ] DNS A record created and propagated
'' [ ] Service running on Synology NAS
 
'' [ ] Service accessible from VPN network
* [ ] Service running on Synology NAS
'' [ ] Nginx configuration file created
 
'' [ ] Site enabled (symlink created)
* [ ] Service accessible from VPN network
'' [ ] Nginx configuration tested (<code>nginx -t</code>)
 
'' [ ] Nginx reloaded
* [ ] Nginx configuration file created
'' [ ] HTTP access verified
 
'' [ ] SSL certificate obtained
* [ ] Site enabled (symlink created)
'' [ ] HTTPS access verified
 
'' [ ] Browser testing completed
* [ ] Nginx configuration tested (<code>nginx -t</code>)
'' [ ] Service documented in [Current Services](current-services.md)
 
* [ ] Nginx reloaded
 
* [ ] HTTP access verified
 
* [ ] SSL certificate obtained
 
* [ ] HTTPS access verified
 
* [ ] Browser testing completed
 
* [ ] Service documented in [Current Services](current-services.md)


== Security Considerations ==
== Security Considerations ==


'' Always use HTTPS for public-facing services
* Always use HTTPS for public-facing services
'' Keep SSL certificates up to date (automatic renewal via Certbot)
 
'' Use strong authentication for services that require it
* Keep SSL certificates up to date (automatic renewal via Certbot)
'' Monitor access logs for unusual activity
 
* Use strong authentication for services that require it
 
* Monitor access logs for unusual activity


== Related Documentation ==
== Related Documentation ==


'' [Step-by-Step Process](step-by-step.md) - Setup process
* [Step-by-Step Process](step-by-step.md) - Setup process
'' [[Documentation:Index|Troubleshooting]] - Common issues
 
* [[Documentation:Index|Troubleshooting]] - Common issues


[[Category:Documentation]]
[[Category:Documentation]]
[[Category:Documentation/SSH Port Forwarding]]
[[Category:Documentation/SSH Port Forwarding]]

Latest revision as of 14:04, 16 May 2026

This document outlines best practices when adding new services to the reverse proxy system.

General Best Practices

[edit]

Always validate Caddy before reloading (caddy validate) when changing public hostnames

[edit]

Use descriptive subdomain names that indicate the service

[edit]

Document your services in [Current Services](current-services.md)

[edit]

Backup configurations before making changes

[edit]

Monitor logs after adding new services

[edit]

Use HTTPS for all public-facing services

[edit]

Test thoroughly before marking service as complete

[edit]

Checklist

[edit]

Use this checklist when adding a new service:

  • [ ] DNS A record created and propagated
  • [ ] Service running on Synology NAS
  • [ ] Service accessible from VPN network
  • [ ] Nginx configuration file created
  • [ ] Site enabled (symlink created)
  • [ ] Nginx configuration tested (nginx -t)
  • [ ] Nginx reloaded
  • [ ] HTTP access verified
  • [ ] SSL certificate obtained
  • [ ] HTTPS access verified
  • [ ] Browser testing completed
  • [ ] Service documented in [Current Services](current-services.md)

Security Considerations

[edit]
  • Always use HTTPS for public-facing services
  • Keep SSL certificates up to date (automatic renewal via Certbot)
  • Use strong authentication for services that require it
  • Monitor access logs for unusual activity
[edit]
  • [Step-by-Step Process](step-by-step.md) - Setup process
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=SSH_Port_Forwarding:Best_Practices&oldid=252"