Jump to content

SSH Port Forwarding:Best Practices: Difference between revisions

From jb-vpn.uk Wiki

Latest revision as of 14:04, 16 May 2026

This document outlines best practices when adding new services to the reverse proxy system.

General Best Practices

Always validate Caddy before reloading (`caddy validate`) when changing public hostnames

Use descriptive subdomain names that indicate the service

Document your services in [Current Services](current-services.md)

Backup configurations before making changes

Monitor logs after adding new services

Use HTTPS for all public-facing services

Test thoroughly before marking service as complete

Checklist

Use this checklist when adding a new service:

[ ] DNS A record created and propagated

[ ] Service running on Synology NAS

[ ] Service accessible from VPN network

[ ] Nginx configuration file created

[ ] Site enabled (symlink created)

[ ] Nginx configuration tested (nginx -t)

[ ] Nginx reloaded

[ ] HTTP access verified

[ ] SSL certificate obtained

[ ] HTTPS access verified

[ ] Browser testing completed

[ ] Service documented in [Current Services](current-services.md)

Security Considerations

Always use HTTPS for public-facing services

Keep SSL certificates up to date (automatic renewal via Certbot)

Use strong authentication for services that require it

Monitor access logs for unusual activity

Related Documentation

[Step-by-Step Process](step-by-step.md) - Setup process

Troubleshooting - Common issues

Retrieved from "https://wiki.jb-vpn.uk/index.php?title=SSH_Port_Forwarding:Best_Practices&oldid=252"