System:Network Architecture: Difference between revisions
Minor update - troubleshooting guide: Network Architecture (8 sections) |
Content added - troubleshooting guide: Network Architecture (15 sections) |
||
| Line 1: | Line 1: | ||
This document describes the network architecture of the reverse proxy system. | This document describes the network architecture of the reverse proxy system. | ||
| Line 25: | Line 23: | ||
== Traffic Flow == | == Traffic Flow == | ||
= '''Client Request''': User accesses a subdomain (e.g., <code>wiki.jb-vpn.uk</code>) = | === '''Client Request''': User accesses a subdomain (e.g., <code>wiki.jb-vpn.uk</code>) === | ||
= '''DNS Resolution''': DNS resolves to VPS public IP (87.106.61.62) = | == '''DNS Resolution''': DNS resolves to VPS public IP (87.106.61.62) == | ||
= '''Nginx Receives''': Nginx listens on ports 80 (HTTP) and 443 (HTTPS) = | == '''Nginx Receives''': Nginx listens on ports 80 (HTTP) and 443 (HTTPS) == | ||
= '''SSL Termination''': If HTTPS, SSL is terminated at the VPS = | == '''SSL Termination''': If HTTPS, SSL is terminated at the VPS == | ||
= '''Reverse Proxy''': Nginx forwards the request through the VPN tunnel to the Synology NAS = | == '''Reverse Proxy''': Nginx forwards the request through the VPN tunnel to the Synology NAS == | ||
= '''Service Response''': Synology service responds back through the tunnel = | == '''Service Response''': Synology service responds back through the tunnel == | ||
= '''Client Response''': Nginx sends the response back to the client = | == '''Client Response''': Nginx sends the response back to the client == | ||
== Network Diagram == | == Network Diagram == | ||
Revision as of 13:44, 1 January 2026
This document describes the network architecture of the reverse proxy system.
Network Topology
Internet → VPS (87.106.61.62) → OpenVPN Tunnel (tun0) → Synology NAS (10.8.0.2)
Network Components
- VPS Public IP: 87.106.61.62
- VPN Network: 10.8.0.0/24
- VPN Interface: tun0 (10.8.0.1)
- Synology NAS IP: 10.8.0.2 (via VPN)
- Web Server: Nginx (reverse proxy)
- SSL Certificates: Let's Encrypt (managed by Certbot)
Traffic Flow
Client Request: User accesses a subdomain (e.g., wiki.jb-vpn.uk)
DNS Resolution: DNS resolves to VPS public IP (87.106.61.62)
Nginx Receives: Nginx listens on ports 80 (HTTP) and 443 (HTTPS)
SSL Termination: If HTTPS, SSL is terminated at the VPS
Reverse Proxy: Nginx forwards the request through the VPN tunnel to the Synology NAS
Service Response: Synology service responds back through the tunnel
Client Response: Nginx sends the response back to the client
Network Diagram
┌─────────────┐
│ Client │
│ (Browser) │
└──────┬──────┘
│ HTTPS (443)
│
▼
┌─────────────────────────────────────┐
│ VPS (87.106.61.62) │
│ ┌───────────────────────────────┐ │
│ │ Nginx (Reverse Proxy) │ │
│ │ - SSL Termination │ │
│ │ - Request Routing │ │
│ │ - Header Rewriting │ │
│ └───────────┬───────────────────┘ │
│ │ │
│ │ OpenVPN Tunnel │
│ │ (tun0: 10.8.0.1) │
└──────────────┼───────────────────────┘
│
│ HTTP (Internal)
▼
┌─────────────────────────────────────┐
│ Synology NAS (10.8.0.2) │
│ ┌───────────────────────────────┐ │
│ │ Internal Services │ │
│ │ - Port 8080 (Wiki) │ │
│ │ - Port 8081 (Werbs-Wiki) │ │
│ │ - Port 5001 (DSM) │ │
│ │ - Port 32400 (Plex) │ │
│ └───────────────────────────────┘ │
└─────────────────────────────────────┘
Network Ports
Public Ports (VPS)
- Port 80 (HTTP): Redirects to HTTPS
- Port 443 (HTTPS): SSL/TLS encrypted traffic
- Port 22 (SSH): Server administration
- Port 1194 (UDP): OpenVPN server
Internal Ports (Synology NAS via VPN)
- Port 8080: Wiki service
- Port 8081: Werbs-Wiki service
- Port 5001: Synology DSM
- Port 32400: Plex Media Server
- Port 22: SSH (forwarded via iptables on port 22222)
Related Documentation
- [Key Components](components.md) - Detailed component information
- [OpenVPN Server](index.md) - VPN configuration
- Troubleshooting - Network troubleshooting