OpenVPN Integration with Reverse Proxy

This document describes how the OpenVPN server integrates with the reverse proxy system.

Integration Overview

The OpenVPN server is essential for the reverse proxy system:

Synology NAS connects via VPN (10.8.0.2)

Nginx reverse proxy forwards requests to 10.8.0.2

Services are accessible via public subdomains without direct internet exposure

All traffic is encrypted through the VPN tunnel

Network Flow

Internet → VPS (87.106.61.62) 
  → Nginx Reverse Proxy 
  → OpenVPN Tunnel (tun0: 10.8.0.1 → 10.8.0.2)
  → Synology NAS Services

How It Works

Client accesses a public subdomain (e.g., `wiki.jb-vpn.uk`)

DNS resolves to VPS public IP (87.106.61.62)

Nginx receives the request on port 443 (HTTPS)

SSL is terminated at the VPS

Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2)

The service on the Synology NAS responds

The response travels back through the VPN tunnel

Nginx sends the response to the client

Benefits

No Direct Exposure: Synology NAS is not directly accessible from the internet

Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN

Secure Access: Services are accessible via HTTPS while remaining isolated

Centralized Management: All services accessible through a single VPS

Requirements

For the integration to work:

OpenVPN server must be running on the VPS

Synology NAS must be connected to the VPN (10.8.0.2)

VPN tunnel must be active (tun0 interface up)

Nginx must be configured to forward to 10.8.0.2

Verification

Check that the integration is working:

= Check VPN is running =
systemctl status openvpn

= Check VPN interface =
ip addr show tun0

= Check Synology is connected =
ping -c 2 10.8.0.2

= Check Nginx can reach Synology =
curl http://10.8.0.2:8080

OpenVPN:Integration

OpenVPN Integration with Reverse Proxy

Integration Overview

Synology NAS connects via VPN (10.8.0.2)

Nginx reverse proxy forwards requests to 10.8.0.2

Services are accessible via public subdomains without direct internet exposure

All traffic is encrypted through the VPN tunnel

Network Flow

How It Works

Client accesses a public subdomain (e.g., `wiki.jb-vpn.uk`)

DNS resolves to VPS public IP (87.106.61.62)

Nginx receives the request on port 443 (HTTPS)

SSL is terminated at the VPS

Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2)

The service on the Synology NAS responds

The response travels back through the VPN tunnel

Nginx sends the response to the client

Benefits

Requirements

OpenVPN server must be running on the VPS

Synology NAS must be connected to the VPN (10.8.0.2)

VPN tunnel must be active (tun0 interface up)

Nginx must be configured to forward to 10.8.0.2

Verification

Related Documentation

OpenVPN Integration with Reverse Proxy

Integration Overview

Synology NAS connects via VPN (10.8.0.2)

Nginx reverse proxy forwards requests to 10.8.0.2

Services are accessible via public subdomains without direct internet exposure

All traffic is encrypted through the VPN tunnel

Network Flow

How It Works

Client accesses a public subdomain (e.g., wiki.jb-vpn.uk)

DNS resolves to VPS public IP (87.106.61.62)

Nginx receives the request on port 443 (HTTPS)

SSL is terminated at the VPS

Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2)

The service on the Synology NAS responds

The response travels back through the VPN tunnel

Nginx sends the response to the client

Benefits

Requirements

OpenVPN server must be running on the VPS

Synology NAS must be connected to the VPN (10.8.0.2)

VPN tunnel must be active (tun0 interface up)

Nginx must be configured to forward to 10.8.0.2

Verification

Related Documentation

Client accesses a public subdomain (e.g., `wiki.jb-vpn.uk`)