SSH Port Forwarding:Best Practices: Difference between revisions
Minor update - troubleshooting guide: Best Practices for Adding Services (4 sections) |
Updated documentation from markdown files |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
This document outlines best practices when adding new services to the reverse proxy system. | This document outlines best practices when adding new services to the reverse proxy system. | ||
== General Best Practices == | == General Best Practices == | ||
= '''Always | === '''Always validate Caddy''' before reloading (<code>caddy validate</code>) when changing public hostnames === | ||
= '''Use descriptive subdomain names''' that indicate the service = | == '''Use descriptive subdomain names''' that indicate the service == | ||
= '''Document your services''' in [Current Services](current-services.md) = | == '''Document your services''' in [Current Services](current-services.md) == | ||
= '''Backup configurations''' before making changes = | == '''Backup configurations''' before making changes == | ||
= '''Monitor logs''' after adding new services = | == '''Monitor logs''' after adding new services == | ||
= '''Use HTTPS''' for all public-facing services = | == '''Use HTTPS''' for all public-facing services == | ||
= '''Test thoroughly''' before marking service as complete = | == '''Test thoroughly''' before marking service as complete == | ||
== Checklist == | == Checklist == | ||
Latest revision as of 14:04, 16 May 2026
This document outlines best practices when adding new services to the reverse proxy system.
General Best Practices
[edit]Always validate Caddy before reloading (caddy validate) when changing public hostnames
[edit]Use descriptive subdomain names that indicate the service
[edit]Document your services in [Current Services](current-services.md)
[edit]Backup configurations before making changes
[edit]Monitor logs after adding new services
[edit]Use HTTPS for all public-facing services
[edit]Test thoroughly before marking service as complete
[edit]Checklist
[edit]Use this checklist when adding a new service:
- [ ] DNS A record created and propagated
- [ ] Service running on Synology NAS
- [ ] Service accessible from VPN network
- [ ] Nginx configuration file created
- [ ] Site enabled (symlink created)
- [ ] Nginx configuration tested (
nginx -t)
- [ ] Nginx reloaded
- [ ] HTTP access verified
- [ ] SSL certificate obtained
- [ ] HTTPS access verified
- [ ] Browser testing completed
- [ ] Service documented in [Current Services](current-services.md)
Security Considerations
[edit]- Always use HTTPS for public-facing services
- Keep SSL certificates up to date (automatic renewal via Certbot)
- Use strong authentication for services that require it
- Monitor access logs for unusual activity
Related Documentation
[edit]- [Step-by-Step Process](step-by-step.md) - Setup process
- Troubleshooting - Common issues