OpenVPN:Integration: Difference between revisions
Minor update - configuration guide: OpenVPN Integration with Reverse Proxy (7 sections) |
Major update - configuration guide: OpenVPN Integration with Reverse Proxy (27 sections) |
||
| Line 1: | Line 1: | ||
This document describes how the OpenVPN server integrates with the reverse proxy system. | This document describes how the OpenVPN server integrates with the reverse proxy system. | ||
| Line 7: | Line 5: | ||
The OpenVPN server is essential for the reverse proxy system: | The OpenVPN server is essential for the reverse proxy system: | ||
= '''Synology NAS connects''' via VPN (10.8.0.2) = | === '''Synology NAS connects''' via VPN (10.8.0.2) === | ||
= '''Nginx reverse proxy''' forwards requests to 10.8.0.2 = | == '''Nginx reverse proxy''' forwards requests to 10.8.0.2 == | ||
= '''Services are accessible''' via public subdomains without direct internet exposure = | == '''Services are accessible''' via public subdomains without direct internet exposure == | ||
= '''All traffic is encrypted''' through the VPN tunnel = | == '''All traffic is encrypted''' through the VPN tunnel == | ||
== Network Flow == | == Network Flow == | ||
| Line 23: | Line 21: | ||
== How It Works == | == How It Works == | ||
= Client accesses a public subdomain (e.g., <code>wiki.jb-vpn.uk</code>) = | === Client accesses a public subdomain (e.g., <code>wiki.jb-vpn.uk</code>) === | ||
= DNS resolves to VPS public IP (87.106.61.62) = | == DNS resolves to VPS public IP (87.106.61.62) == | ||
= Nginx receives the request on port 443 (HTTPS) = | == Nginx receives the request on port 443 (HTTPS) == | ||
= SSL is terminated at the VPS = | == SSL is terminated at the VPS == | ||
= Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2) = | == Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2) == | ||
= The service on the Synology NAS responds = | == The service on the Synology NAS responds == | ||
= The response travels back through the VPN tunnel = | == The response travels back through the VPN tunnel == | ||
= Nginx sends the response to the client = | == Nginx sends the response to the client == | ||
== Benefits == | == Benefits == | ||
| Line 46: | Line 44: | ||
For the integration to work: | For the integration to work: | ||
= '''OpenVPN server must be running''' on the VPS = | === '''OpenVPN server must be running''' on the VPS === | ||
= '''Synology NAS must be connected''' to the VPN (10.8.0.2) = | == '''Synology NAS must be connected''' to the VPN (10.8.0.2) == | ||
= '''VPN tunnel must be active''' (tun0 interface up) = | == '''VPN tunnel must be active''' (tun0 interface up) == | ||
= '''Nginx must be configured''' to forward to 10.8.0.2 = | == '''Nginx must be configured''' to forward to 10.8.0.2 == | ||
== Verification == | == Verification == | ||
| Line 56: | Line 54: | ||
<pre class="lang-bash"> | <pre class="lang-bash"> | ||
= Check VPN is running = | === Check VPN is running === | ||
systemctl status openvpn | systemctl status openvpn | ||
= Check VPN interface = | == Check VPN interface == | ||
ip addr show tun0 | ip addr show tun0 | ||
= Check Synology is connected = | == Check Synology is connected == | ||
ping -c 2 10.8.0.2 | ping -c 2 10.8.0.2 | ||
= Check Nginx can reach Synology = | == Check Nginx can reach Synology == | ||
curl http://10.8.0.2:8080 | curl http://10.8.0.2:8080 | ||
</pre> | </pre> | ||
Revision as of 13:44, 1 January 2026
This document describes how the OpenVPN server integrates with the reverse proxy system.
Integration Overview
The OpenVPN server is essential for the reverse proxy system:
Synology NAS connects via VPN (10.8.0.2)
Nginx reverse proxy forwards requests to 10.8.0.2
Services are accessible via public subdomains without direct internet exposure
All traffic is encrypted through the VPN tunnel
Network Flow
Internet → VPS (87.106.61.62) → Nginx Reverse Proxy → OpenVPN Tunnel (tun0: 10.8.0.1 → 10.8.0.2) → Synology NAS Services
How It Works
Client accesses a public subdomain (e.g., wiki.jb-vpn.uk)
DNS resolves to VPS public IP (87.106.61.62)
Nginx receives the request on port 443 (HTTPS)
SSL is terminated at the VPS
Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2)
The service on the Synology NAS responds
The response travels back through the VPN tunnel
Nginx sends the response to the client
Benefits
- No Direct Exposure: Synology NAS is not directly accessible from the internet
- Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN
- Secure Access: Services are accessible via HTTPS while remaining isolated
- Centralized Management: All services accessible through a single VPS
Requirements
For the integration to work:
OpenVPN server must be running on the VPS
Synology NAS must be connected to the VPN (10.8.0.2)
VPN tunnel must be active (tun0 interface up)
Nginx must be configured to forward to 10.8.0.2
Verification
Check that the integration is working:
=== Check VPN is running === systemctl status openvpn == Check VPN interface == ip addr show tun0 == Check Synology is connected == ping -c 2 10.8.0.2 == Check Nginx can reach Synology == curl http://10.8.0.2:8080
Related Documentation
- [System Overview](index.md) - Overall system architecture
- [Server Configuration](server-configuration.md) - OpenVPN server setup
- [Adding Services](index.md) - Configuring services