Services:Step By Step: Difference between revisions

Revision as of 13:44, 1 January 2026

Follow these steps to add a new service to the reverse proxy system.

Step 1: Create Nginx Configuration File

Create a new configuration file in /etc/nginx/sites-available/:

sudo nano /etc/nginx/sites-available/newservice.jb-vpn.uk

Basic HTTP Configuration Template:

server {
    server_name newservice.jb-vpn.uk;

    location / {
=== Reverse Proxy to Synology's internal VPN IP and service port ===
        proxy_pass http://10.8.0.2:PORT_NUMBER;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
=== Necessary for Synology Reverse Proxy compatibility ===
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "upgrade";
=== Timeouts for long-running requests ===
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
    }

    listen 80;

}

Replace:

newservice.jb-vpn.uk with your subdomain

PORT_NUMBER with your service's port

For HTTPS Internal Services:

If your internal service uses HTTPS, change the proxy_pass line:

proxy_pass https://10.8.0.2:PORT_NUMBER;

For Services Requiring Special Headers:

Some services (like Plex) require additional headers. See [Service Examples](service-examples.md) for reference.

Step 2: Enable the Site

Create a symlink to enable the site:

sudo ln -s /etc/nginx/sites-available/newservice.jb-vpn.uk /etc/nginx/sites-enabled/newservice.jb-vpn.uk

Step 3: Test Nginx Configuration

Always test the configuration before reloading:

sudo nginx -t

Expected Output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If there are errors: Fix them before proceeding. Common issues:

Syntax errors (missing semicolons, brackets)

Duplicate server names

Invalid port numbers

Step 4: Reload Nginx

Reload nginx to apply the new configuration (graceful reload, no downtime):

sudo systemctl reload nginx

Step 5: Verify HTTP Access

Test that the service is accessible via HTTP:

curl -I http://newservice.jb-vpn.uk

You should receive an HTTP response. If you get a connection error:

Check DNS: nslookup newservice.jb-vpn.uk

Verify service is running: curl http://10.8.0.2:PORT_NUMBER

Check nginx logs: tail -f /var/log/nginx/error.log

Step 6: Set Up SSL Certificate

Use Certbot to automatically configure SSL:

sudo certbot --nginx -d newservice.jb-vpn.uk --non-interactive --agree-tos --redirect --email admin@jb-vpn.uk

What this does:

Requests SSL certificate from Let's Encrypt

Configures nginx for HTTPS

Sets up HTTP to HTTPS redirect

Configures automatic renewal

If Certbot fails:

Verify DNS is pointing to VPS: nslookup newservice.jb-vpn.uk

Ensure port 80 is open and accessible

Check firewall rules: sudo iptables -L -n -v

Step 7: Verify HTTPS Access

Test that HTTPS is working:

curl -I https://newservice.jb-vpn.uk

You should receive a 200 OK or similar response with SSL certificate details.

Step 8: Test in Browser

Open your browser and navigate to:

https://newservice.jb-vpn.uk

Verify:

SSL certificate is valid (green lock icon)

Service loads correctly

All functionality works as expected

Removing a Service

To remove a service:

Disable the site:

   sudo rm /etc/nginx/sites-enabled/service.jb-vpn.uk

Test configuration:

   sudo nginx -t

Reload nginx:

   sudo systemctl reload nginx

Optional - Remove configuration file:

   sudo rm /etc/nginx/sites-available/service.jb-vpn.uk

Optional - Revoke SSL certificate:

   sudo certbot revoke --cert-path /etc/letsencrypt/live/service.jb-vpn.uk/cert.pem
   sudo certbot delete --cert-name service.jb-vpn.uk

@@ Line 1: / Line 1: @@
-= Step-by-Step Process for Adding Services =
 Follow these steps to add a new service to the reverse proxy system.
@@ Line 18: / Line 16: @@
      location / {
-        # Reverse Proxy to Synology's internal VPN IP and service port
+=== Reverse Proxy to Synology's internal VPN IP and service port ===
          proxy_pass http://10.8.0.2:PORT_NUMBER;
          proxy_set_header Host $host;
@@ Line 24: / Line 22: @@
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
-        # Necessary for Synology Reverse Proxy compatibility
+=== Necessary for Synology Reverse Proxy compatibility ===
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
-        # Timeouts for long-running requests
+=== Timeouts for long-running requests ===
          proxy_read_timeout 300s;
          proxy_connect_timeout 75s;
@@ Line 157: / Line 155: @@
 To remove a service:
-= '''Disable the site''': =
+=== '''Disable the site''': ===
     <pre class="lang-bash">
     sudo rm /etc/nginx/sites-enabled/service.jb-vpn.uk
 </pre>
-= '''Test configuration''': =
+== '''Test configuration''': ==
     <pre class="lang-bash">
     sudo nginx -t
 </pre>
-= '''Reload nginx''': =
+== '''Reload nginx''': ==
     <pre class="lang-bash">
     sudo systemctl reload nginx
 </pre>
-= '''Optional - Remove configuration file''': =
+== '''Optional - Remove configuration file''': ==
     <pre class="lang-bash">
     sudo rm /etc/nginx/sites-available/service.jb-vpn.uk
 </pre>
-= '''Optional - Revoke SSL certificate''': =
+== '''Optional - Revoke SSL certificate''': ==
     <pre class="lang-bash">
     sudo certbot revoke --cert-path /etc/letsencrypt/live/service.jb-vpn.uk/cert.pem