Jump to content

System:Security: Difference between revisions

From jb-vpn.uk Wiki
Newer edit →
Added configuration guide: Security Architecture
 
Minor update - configuration guide: Security Architecture (7 sections)
Line 14: Line 14:
== Security Benefits ==
== Security Benefits ==


'' '''No Direct Exposure''': Synology NAS is not directly accessible from the internet
* '''No Direct Exposure''': Synology NAS is not directly accessible from the internet
'' '''Encrypted Traffic''': All public traffic uses HTTPS
 
'' '''Isolated Network''': Internal services communicate over VPN
* '''Encrypted Traffic''': All public traffic uses HTTPS
'' '''Certificate Management''': Automatic SSL certificate renewal
 
* '''Isolated Network''': Internal services communicate over VPN
 
* '''Certificate Management''': Automatic SSL certificate renewal


== Security Components ==
== Security Components ==
Line 23: Line 26:
=== SSL/TLS Encryption ===
=== SSL/TLS Encryption ===


'' All public-facing traffic uses HTTPS
* All public-facing traffic uses HTTPS
'' Let's Encrypt certificates automatically renew
 
'' HTTP traffic is redirected to HTTPS
* Let's Encrypt certificates automatically renew
 
* HTTP traffic is redirected to HTTPS


=== VPN Encryption ===
=== VPN Encryption ===


'' OpenVPN provides encrypted tunnel between VPS and NAS
* OpenVPN provides encrypted tunnel between VPS and NAS
'' All internal traffic is encrypted through VPN
 
'' Certificate-based authentication for VPN clients
* All internal traffic is encrypted through VPN
 
* Certificate-based authentication for VPN clients


=== Network Isolation ===
=== Network Isolation ===


'' Internal services only accessible via VPN
* Internal services only accessible via VPN
'' No direct internet exposure of Synology NAS
 
'' Firewall rules control traffic flow
* No direct internet exposure of Synology NAS
 
* Firewall rules control traffic flow


== Related Documentation ==
== Related Documentation ==


'' [Network Architecture](network-architecture.md) - Network topology
* [Network Architecture](network-architecture.md) - Network topology
'' [Key Components](components.md) - Component details
 
'' [OpenVPN Server](index.md) - VPN security configuration
* [Key Components](components.md) - Component details
 
* [OpenVPN Server](index.md) - VPN security configuration


[[Category:Documentation]]
[[Category:Documentation]]
[[Category:Documentation/System]]
[[Category:Documentation/System]]

Revision as of 13:27, 1 January 2026

Security Architecture

This document describes the security architecture of the reverse proxy system.

Defense in Depth

The system uses multiple layers of security:

Public Layer: Nginx with SSL/TLS encryption

VPN Layer: Encrypted tunnel between VPS and NAS

Internal Layer: Services only accessible via VPN

Certificate Security: Automatic renewal prevents expired certificates

Security Benefits

  • No Direct Exposure: Synology NAS is not directly accessible from the internet
  • Encrypted Traffic: All public traffic uses HTTPS
  • Isolated Network: Internal services communicate over VPN
  • Certificate Management: Automatic SSL certificate renewal

Security Components

SSL/TLS Encryption

  • All public-facing traffic uses HTTPS
  • Let's Encrypt certificates automatically renew
  • HTTP traffic is redirected to HTTPS

VPN Encryption

  • OpenVPN provides encrypted tunnel between VPS and NAS
  • All internal traffic is encrypted through VPN
  • Certificate-based authentication for VPN clients

Network Isolation

  • Internal services only accessible via VPN
  • No direct internet exposure of Synology NAS
  • Firewall rules control traffic flow
  • [Network Architecture](network-architecture.md) - Network topology
  • [Key Components](components.md) - Component details
  • [OpenVPN Server](index.md) - VPN security configuration
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=System:Security&oldid=189"