Jump to content

System:Security: Difference between revisions

From jb-vpn.uk Wiki
← Older editNewer edit →
Minor update - configuration guide: Security Architecture (7 sections)
Content added - configuration guide: Security Architecture (11 sections)
Line 1: Line 1:
= Security Architecture =
This document describes the security architecture of the reverse proxy system.
This document describes the security architecture of the reverse proxy system.


Line 7: Line 5:
The system uses multiple layers of security:
The system uses multiple layers of security:


= '''Public Layer''': Nginx with SSL/TLS encryption =
=== '''Public Layer''': Nginx with SSL/TLS encryption ===
= '''VPN Layer''': Encrypted tunnel between VPS and NAS =
== '''VPN Layer''': Encrypted tunnel between VPS and NAS ==
= '''Internal Layer''': Services only accessible via VPN =
== '''Internal Layer''': Services only accessible via VPN ==
= '''Certificate Security''': Automatic renewal prevents expired certificates =
== '''Certificate Security''': Automatic renewal prevents expired certificates ==


== Security Benefits ==
== Security Benefits ==

Revision as of 13:44, 1 January 2026

This document describes the security architecture of the reverse proxy system.

Defense in Depth

The system uses multiple layers of security:

Public Layer: Nginx with SSL/TLS encryption

VPN Layer: Encrypted tunnel between VPS and NAS

Internal Layer: Services only accessible via VPN

Certificate Security: Automatic renewal prevents expired certificates

Security Benefits

  • No Direct Exposure: Synology NAS is not directly accessible from the internet
  • Encrypted Traffic: All public traffic uses HTTPS
  • Isolated Network: Internal services communicate over VPN
  • Certificate Management: Automatic SSL certificate renewal

Security Components

SSL/TLS Encryption

  • All public-facing traffic uses HTTPS
  • Let's Encrypt certificates automatically renew
  • HTTP traffic is redirected to HTTPS

VPN Encryption

  • OpenVPN provides encrypted tunnel between VPS and NAS
  • All internal traffic is encrypted through VPN
  • Certificate-based authentication for VPN clients

Network Isolation

  • Internal services only accessible via VPN
  • No direct internet exposure of Synology NAS
  • Firewall rules control traffic flow
  • [Network Architecture](network-architecture.md) - Network topology
  • [Key Components](components.md) - Component details
  • [OpenVPN Server](index.md) - VPN security configuration
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=System:Security&oldid=219"