Jump to content

SSH Port Forwarding:Best Practices

From jb-vpn.uk Wiki

Revision as of 14:04, 16 May 2026 by Josh (talk | contribs) (Updated documentation from markdown files)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document outlines best practices when adding new services to the reverse proxy system.

General Best Practices

Always validate Caddy before reloading (`caddy validate`) when changing public hostnames

Use descriptive subdomain names that indicate the service

Document your services in [Current Services](current-services.md)

Backup configurations before making changes

Monitor logs after adding new services

Use HTTPS for all public-facing services

Test thoroughly before marking service as complete

Checklist

Use this checklist when adding a new service:

[ ] DNS A record created and propagated

[ ] Service running on Synology NAS

[ ] Service accessible from VPN network

[ ] Nginx configuration file created

[ ] Site enabled (symlink created)

[ ] Nginx configuration tested (nginx -t)

[ ] Nginx reloaded

[ ] HTTP access verified

[ ] SSL certificate obtained

[ ] HTTPS access verified

[ ] Browser testing completed

[ ] Service documented in [Current Services](current-services.md)

Security Considerations

Always use HTTPS for public-facing services

Keep SSL certificates up to date (automatic renewal via Certbot)

Use strong authentication for services that require it

Monitor access logs for unusual activity

Related Documentation

[Step-by-Step Process](step-by-step.md) - Setup process

Troubleshooting - Common issues

Retrieved from "https://wiki.jb-vpn.uk/index.php?title=SSH_Port_Forwarding:Best_Practices&oldid=252"