OpenVPN:Integration
This document describes how the OpenVPN server integrates with the reverse proxy system.
Integration Overview
The OpenVPN server is essential for the reverse proxy system:
Synology NAS connects via VPN (10.8.0.2)
Nginx reverse proxy forwards requests to 10.8.0.2
Services are accessible via public subdomains without direct internet exposure
All traffic is encrypted through the VPN tunnel
Network Flow
Internet → VPS (87.106.61.62) → Nginx Reverse Proxy → OpenVPN Tunnel (tun0: 10.8.0.1 → 10.8.0.2) → Synology NAS Services
How It Works
Client accesses a public subdomain (e.g., wiki.jb-vpn.uk)
DNS resolves to VPS public IP (87.106.61.62)
Nginx receives the request on port 443 (HTTPS)
SSL is terminated at the VPS
Nginx forwards the request through the OpenVPN tunnel to the Synology NAS (10.8.0.2)
The service on the Synology NAS responds
The response travels back through the VPN tunnel
Nginx sends the response to the client
Benefits
- No Direct Exposure: Synology NAS is not directly accessible from the internet
- Encrypted Tunnel: All traffic between VPS and NAS is encrypted via OpenVPN
- Secure Access: Services are accessible via HTTPS while remaining isolated
- Centralized Management: All services accessible through a single VPS
Requirements
For the integration to work:
OpenVPN server must be running on the VPS
Synology NAS must be connected to the VPN (10.8.0.2)
VPN tunnel must be active (tun0 interface up)
Nginx must be configured to forward to 10.8.0.2
Verification
Check that the integration is working:
=== Check VPN is running === systemctl status openvpn == Check VPN interface == ip addr show tun0 == Check Synology is connected == ping -c 2 10.8.0.2 == Check Nginx can reach Synology == curl http://10.8.0.2:8080
Related Documentation
- [System Overview](index.md) - Overall system architecture
- [Server Configuration](server-configuration.md) - OpenVPN server setup
- [Adding Services](index.md) - Configuring services