Jump to content

System:Security

From jb-vpn.uk Wiki
Revision as of 14:04, 16 May 2026 by Josh (talk | contribs) (Updated documentation from markdown files)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document describes the security architecture of the reverse proxy system.

Defense in Depth

The system uses multiple layers of security:

Public Layer: Caddy with SSL/TLS encryption (Let's Encrypt)

VPN Layer: Encrypted tunnel between VPS and NAS

Internal Layer: Services only accessible via VPN

Certificate Security: Automatic renewal prevents expired certificates

Security Benefits

  • No Direct Exposure: Synology NAS is not directly accessible from the internet
  • Encrypted Traffic: All public traffic uses HTTPS
  • Isolated Network: Internal services communicate over VPN
  • Certificate Management: Automatic SSL certificate renewal

Security Components

SSL/TLS Encryption

  • All public-facing traffic uses HTTPS
  • Let's Encrypt certificates automatically renew
  • HTTP traffic is redirected to HTTPS

VPN Encryption

  • OpenVPN provides encrypted tunnel between VPS and NAS
  • All internal traffic is encrypted through VPN
  • Certificate-based authentication for VPN clients

Network Isolation

  • Internal services only accessible via VPN
  • No direct internet exposure of Synology NAS
  • Firewall rules control traffic flow
  • [Network Architecture](network-architecture.md) - Network topology
  • [Key Components](components.md) - Component details
  • [OpenVPN Server](index.md) - VPN security configuration
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=System:Security&oldid=249"