OpenVPN:Integration: Difference between revisions
Minor update - configuration guide: OpenVPN Integration with Reverse Proxy (7 sections) |
Updated documentation from markdown files |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
This document describes how the OpenVPN server integrates with the reverse proxy system. | This document describes how the OpenVPN server integrates with the reverse proxy system. | ||
| Line 7: | Line 5: | ||
The OpenVPN server is essential for the reverse proxy system: | The OpenVPN server is essential for the reverse proxy system: | ||
= '''Synology NAS connects''' via VPN (10.8.0.2) = | === '''Synology NAS connects''' via VPN (10.8.0.2) for DSM, Plex, and SSH === | ||
= ''' | == '''Caddy reverse proxy''' forwards public hostnames to local VPS services or to 10.8.0.2 via VPN == | ||
= '''Services are accessible''' via | == '''Services are accessible''' via HTTPS without exposing the NAS directly to the internet == | ||
= '''All traffic is encrypted''' through the VPN tunnel = | == '''All traffic is encrypted''' through the VPN tunnel == | ||
== Network Flow == | == Network Flow == | ||
<pre> | <pre> | ||
Internet → VPS (87.106.61.62) | Internet → VPS (87.106.61.62) | ||
→ | → Caddy | ||
→ | → (local) MediaWiki / WebApp on 127.0.0.1 | ||
→ (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex | |||
</pre> | </pre> | ||
== How It Works == | == How It Works == | ||
= Client accesses a public subdomain (e.g., <code>wiki.jb-vpn.uk</code>) = | === Client accesses a public subdomain (e.g., <code>dsm.jb-vpn.uk</code> or <code>wiki.jb-vpn.uk</code>) === | ||
= DNS resolves to VPS public IP (87.106.61.62) = | == DNS resolves to VPS public IP (87.106.61.62) == | ||
= | == Caddy receives the request on port 443 (HTTPS) and terminates TLS == | ||
= | == For VPS-hosted services (wiki, WebApp), Caddy proxies to <code>127.0.0.1</code> == | ||
= | == For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to <code>10.8.0.2</code> == | ||
= The | == The backend responds; Caddy returns the response to the client == | ||
== Benefits == | == Benefits == | ||
| Line 46: | Line 42: | ||
For the integration to work: | For the integration to work: | ||
= '''OpenVPN server must be running''' on the VPS = | === '''OpenVPN server must be running''' on the VPS === | ||
= '''Synology NAS must be connected''' to the VPN (10.8.0.2) = | == '''Synology NAS must be connected''' to the VPN (10.8.0.2) for DSM/Plex/SSH forwards == | ||
= '''VPN tunnel must be active''' (tun0 interface up) = | == '''VPN tunnel must be active''' (tun0 interface up) for Synology-backed hostnames == | ||
= ''' | == '''Caddy must be configured''' in <code>/etc/caddy/Caddyfile</code> == | ||
== Verification == | == Verification == | ||
| Line 56: | Line 52: | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
= Check VPN is running = | === Check VPN is running === | ||
systemctl status openvpn | systemctl status openvpn | ||
= Check VPN interface = | == Check VPN interface == | ||
ip addr show tun0 | ip addr show tun0 | ||
= Check Synology is connected = | == Check Synology is connected == | ||
ping -c 2 10.8.0.2 | ping -c 2 10.8.0.2 | ||
= Check | == Check wiki on VPS == | ||
curl | curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/ | ||
== Check DSM on Synology (via VPN) == | |||
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1 | |||
</pre> | </pre> | ||
Latest revision as of 14:04, 16 May 2026
This document describes how the OpenVPN server integrates with the reverse proxy system.
Integration Overview
[edit]The OpenVPN server is essential for the reverse proxy system:
Synology NAS connects via VPN (10.8.0.2) for DSM, Plex, and SSH
[edit]Caddy reverse proxy forwards public hostnames to local VPS services or to 10.8.0.2 via VPN
[edit]Services are accessible via HTTPS without exposing the NAS directly to the internet
[edit]All traffic is encrypted through the VPN tunnel
[edit]Network Flow
[edit]Internet → VPS (87.106.61.62) → Caddy → (local) MediaWiki / WebApp on 127.0.0.1 → (VPN) OpenVPN tun0 → 10.8.0.2 → DSM / Plex
How It Works
[edit]Client accesses a public subdomain (e.g., dsm.jb-vpn.uk or wiki.jb-vpn.uk)
[edit]DNS resolves to VPS public IP (87.106.61.62)
[edit]Caddy receives the request on port 443 (HTTPS) and terminates TLS
[edit]For VPS-hosted services (wiki, WebApp), Caddy proxies to 127.0.0.1
[edit]For Synology services (DSM, Plex), Caddy proxies through the OpenVPN tunnel to 10.8.0.2
[edit]The backend responds; Caddy returns the response to the client
[edit]Benefits
[edit]- No Direct Exposure: Synology NAS is not directly accessible from the internet
- Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN
- Secure Access: Services are accessible via HTTPS while remaining isolated
- Centralized Management: All services accessible through a single VPS
Requirements
[edit]For the integration to work:
OpenVPN server must be running on the VPS
[edit]Synology NAS must be connected to the VPN (10.8.0.2) for DSM/Plex/SSH forwards
[edit]VPN tunnel must be active (tun0 interface up) for Synology-backed hostnames
[edit]Caddy must be configured in /etc/caddy/Caddyfile
[edit]Verification
[edit]Check that the integration is working:
=== Check VPN is running ===
systemctl status openvpn
== Check VPN interface ==
ip addr show tun0
== Check Synology is connected ==
ping -c 2 10.8.0.2
== Check wiki on VPS ==
curl -s -o /dev/null -w "%{http_code}" http://127.0.0.1:8010/
== Check DSM on Synology (via VPN) ==
curl -k -sI -m 5 https://10.8.0.2:5001/ | head -1
Related Documentation
[edit]- [System Overview](index.md) - Overall system architecture
- [Server Configuration](server-configuration.md) - OpenVPN server setup
- [Adding Services](index.md) - Configuring services