System:Network Architecture: Difference between revisions
Added troubleshooting guide: Network Architecture |
Minor update - troubleshooting guide: Network Architecture (8 sections) |
||
| Line 11: | Line 11: | ||
== Network Components == | == Network Components == | ||
* '''VPS Public IP''': 87.106.61.62 | |||
* '''VPN Network''': 10.8.0.0/24 | |||
* '''VPN Interface''': tun0 (10.8.0.1) | |||
* '''Synology NAS IP''': 10.8.0.2 (via VPN) | |||
* '''Web Server''': Nginx (reverse proxy) | |||
* '''SSL Certificates''': Let's Encrypt (managed by Certbot) | |||
== Traffic Flow == | == Traffic Flow == | ||
| Line 69: | Line 74: | ||
=== Public Ports (VPS) === | === Public Ports (VPS) === | ||
* '''Port 80 (HTTP)''': Redirects to HTTPS | |||
* '''Port 443 (HTTPS)''': SSL/TLS encrypted traffic | |||
* '''Port 22 (SSH)''': Server administration | |||
* '''Port 1194 (UDP)''': OpenVPN server | |||
=== Internal Ports (Synology NAS via VPN) === | === Internal Ports (Synology NAS via VPN) === | ||
* '''Port 8080''': Wiki service | |||
* '''Port 8081''': Werbs-Wiki service | |||
* '''Port 5001''': Synology DSM | |||
* '''Port 32400''': Plex Media Server | |||
* '''Port 22''': SSH (forwarded via iptables on port 22222) | |||
== Related Documentation == | == Related Documentation == | ||
* [Key Components](components.md) - Detailed component information | |||
* [OpenVPN Server](index.md) - VPN configuration | |||
* [[Documentation:Index|Troubleshooting]] - Network troubleshooting | |||
[[Category:Documentation]] | [[Category:Documentation]] | ||
[[Category:Documentation/System]] | [[Category:Documentation/System]] | ||
Revision as of 13:28, 1 January 2026
Network Architecture
This document describes the network architecture of the reverse proxy system.
Network Topology
Internet → VPS (87.106.61.62) → OpenVPN Tunnel (tun0) → Synology NAS (10.8.0.2)
Network Components
- VPS Public IP: 87.106.61.62
- VPN Network: 10.8.0.0/24
- VPN Interface: tun0 (10.8.0.1)
- Synology NAS IP: 10.8.0.2 (via VPN)
- Web Server: Nginx (reverse proxy)
- SSL Certificates: Let's Encrypt (managed by Certbot)
Traffic Flow
Client Request: User accesses a subdomain (e.g., wiki.jb-vpn.uk)
DNS Resolution: DNS resolves to VPS public IP (87.106.61.62)
Nginx Receives: Nginx listens on ports 80 (HTTP) and 443 (HTTPS)
SSL Termination: If HTTPS, SSL is terminated at the VPS
Reverse Proxy: Nginx forwards the request through the VPN tunnel to the Synology NAS
Service Response: Synology service responds back through the tunnel
Client Response: Nginx sends the response back to the client
Network Diagram
┌─────────────┐
│ Client │
│ (Browser) │
└──────┬──────┘
│ HTTPS (443)
│
▼
┌─────────────────────────────────────┐
│ VPS (87.106.61.62) │
│ ┌───────────────────────────────┐ │
│ │ Nginx (Reverse Proxy) │ │
│ │ - SSL Termination │ │
│ │ - Request Routing │ │
│ │ - Header Rewriting │ │
│ └───────────┬───────────────────┘ │
│ │ │
│ │ OpenVPN Tunnel │
│ │ (tun0: 10.8.0.1) │
└──────────────┼───────────────────────┘
│
│ HTTP (Internal)
▼
┌─────────────────────────────────────┐
│ Synology NAS (10.8.0.2) │
│ ┌───────────────────────────────┐ │
│ │ Internal Services │ │
│ │ - Port 8080 (Wiki) │ │
│ │ - Port 8081 (Werbs-Wiki) │ │
│ │ - Port 5001 (DSM) │ │
│ │ - Port 32400 (Plex) │ │
│ └───────────────────────────────┘ │
└─────────────────────────────────────┘
Network Ports
Public Ports (VPS)
- Port 80 (HTTP): Redirects to HTTPS
- Port 443 (HTTPS): SSL/TLS encrypted traffic
- Port 22 (SSH): Server administration
- Port 1194 (UDP): OpenVPN server
Internal Ports (Synology NAS via VPN)
- Port 8080: Wiki service
- Port 8081: Werbs-Wiki service
- Port 5001: Synology DSM
- Port 32400: Plex Media Server
- Port 22: SSH (forwarded via iptables on port 22222)
Related Documentation
- [Key Components](components.md) - Detailed component information
- [OpenVPN Server](index.md) - VPN configuration
- Troubleshooting - Network troubleshooting