Services:Current Services

This document provides a detailed inventory of all services currently configured on the reverse proxy system.

Service	Subdomain	Internal Port	Protocol	Status	SSL
Wiki	wiki.jb-vpn.uk	8010	HTTP	Active	✅
Werbs-Wiki	werbs-wiki.jb-vpn.uk	8011	HTTP	Active	✅
Synology DSM	dsm.jb-vpn.uk	5001	HTTPS	Active	✅
Plex Media Server	plex.jb-vpn.uk	32400	HTTP	Active	✅
VPS Default	vps.jb-vpn.uk	-	-	Active	✅

Subdomain: wiki.jb-vpn.uk

Public Access: https://wiki.jb-vpn.uk

Internal Configuration:

• Host: VPS (Docker)

• Target: 127.0.0.1:8010 (container wiki-mediawiki)

• Stack: /var/www/wiki.jb/

• Protocol: HTTP

Reverse Proxy:

• Caddy: /etc/caddy/Caddyfile (wiki.jb-vpn.uk → 127.0.0.1:8010)

SSL Certificate:

• Provider: Let's Encrypt (via Caddy)

• Status: Valid

Traffic Flow:

External Request → wiki.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 127.0.0.1:8010 (MediaWiki Docker on VPS)

Configuration Details:

• HTTP to HTTPS redirect: ✅ Enabled

• WebSocket support: ✅ Enabled

• Extended timeouts: ✅ 300 seconds

• Proxy headers: ✅ Full set configured

DNS Record: wiki.jb-vpn.uk → 87.106.61.62

Test Command:

curl -I https://wiki.jb-vpn.uk
== Or access directly: https://wiki.jb-vpn.uk/index.php?title=Main_Page ==

---

Subdomain: werbs-wiki.jb-vpn.uk

Public Access: https://werbs-wiki.jb-vpn.uk

Internal Configuration:

• Host: VPS (Docker)

• Target: 127.0.0.1:8011 (container wiki-werbs-mediawiki)

• Stack: /var/www/wiki.jb/

• Protocol: HTTP

Reverse Proxy:

• Caddy: /etc/caddy/Caddyfile (werbs-wiki.jb-vpn.uk → 127.0.0.1:8011)

SSL Certificate:

• Provider: Let's Encrypt (via Caddy)

• Status: Valid

Traffic Flow:

External Request → werbs-wiki.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 127.0.0.1:8011 (MediaWiki Docker on VPS)

Configuration Details:

• HTTP to HTTPS redirect: ✅ Enabled

• WebSocket support: ✅ Enabled

• Extended timeouts: ✅ 300 seconds

• Proxy headers: ✅ Full set configured

DNS Record: werbs-wiki.jb-vpn.uk → 87.106.61.62

Test Command:

curl -I https://werbs-wiki.jb-vpn.uk

---

Subdomain: dsm.jb-vpn.uk

Public Access: https://dsm.jb-vpn.uk

Internal Configuration:

• Target IP: 10.8.0.2 (Synology NAS via VPN)

• Target Port: 5001

• Protocol: HTTPS

Reverse Proxy:

• Caddy: /etc/caddy/Caddyfile (dsm.jb-vpn.uk → https://10.8.0.2:5001)

SSL Certificate:

• Provider: Let's Encrypt (via Caddy)

• Status: Valid

Traffic Flow:

External Request → dsm.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 10.8.0.2:5001 (HTTPS on NAS via VPN)

Configuration Details:

• HTTP to HTTPS redirect: ✅ Enabled

• WebSocket support: ✅ Enabled (for DSM WebSocket features)

• Internal HTTPS: ✅ Passes through to Synology HTTPS

DNS Record: dsm.jb-vpn.uk → 87.106.61.62

Test Command:

curl -I https://dsm.jb-vpn.uk

---

Subdomain: plex.jb-vpn.uk

Public Access: https://plex.jb-vpn.uk

Internal Configuration:

• Target IP: 10.8.0.2 (Synology NAS via VPN)

• Target Port: 32400

• Protocol: HTTP

Reverse Proxy:

• Caddy: /etc/caddy/Caddyfile (plex.jb-vpn.uk → http://10.8.0.2:32400)

SSL Certificate:

• Provider: Let's Encrypt (via Caddy)

• Status: Valid

Traffic Flow:

External Request → plex.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination)
  → 10.8.0.2:32400 (HTTP on NAS via VPN)

Configuration Details:

• HTTP to HTTPS redirect: ✅ Enabled

• Plex-specific headers: ✅ Configured

 * X-Plex-Client-Identifier

 * X-Plex-Device

 * X-Plex-Product

 * X-Plex-Version

 * X-Plex-Platform

 * X-Plex-Platform-Version

 * X-Plex-Device-Name

 * X-Plex-Provides

 * X-Plex-Token

DNS Record: plex.jb-vpn.uk → 87.106.61.62

Test Command:

curl -I https://plex.jb-vpn.uk

---

Subdomain: vps.jb-vpn.uk

Public Access: https://vps.jb-vpn.uk

Internal Configuration:

• Type: Static files

• Web Root: /var/www/html

• Protocol: Direct file serving

Reverse Proxy:

• Caddy: /etc/caddy/Caddyfile (vps.jb-vpn.uk — file_server for /var/www/html)

SSL Certificate:

• Provider: Let's Encrypt (via Caddy)

• Status: Valid

Traffic Flow:

External Request → vps.jb-vpn.uk:443 (HTTPS)
  → Caddy (SSL termination + file_server)
  → /var/www/html

Configuration Details:

• HTTP to HTTPS redirect: ✅ Enabled

• Static file serving: ✅ Enabled

• Index files: index.html, index.htm, index.nginx-debian.html

DNS Record: vps.jb-vpn.uk → 87.106.61.62

Test Command:

curl -I https://vps.jb-vpn.uk

---

SSH port forwarding is managed through a centralized configuration system. See [SSH Port Forwarding Management](index.md) for complete documentation.

Current Forwards:

• Synology NAS: Port 22222 → 10.8.0.2:22

 * Access: ssh -p 22222 user@87.106.61.62

Management:

== List all SSH port forwards ==
sudo ssh-forward list

== Add a new device ==
sudo ssh-forward add <name> <external_port> <vpn_ip> [ssh_port]

== Remove a device ==
sudo ssh-forward remove <name>

Configuration File: /etc/ssh-port-forwards.conf

Note: This is a direct port forward via iptables, not handled by Caddy.

---

==== Test all HTTPS services ====
for domain in wiki.jb-vpn.uk werbs-wiki.jb-vpn.uk dsm.jb-vpn.uk plex.jb-vpn.uk vps.jb-vpn.uk; do
    echo "Testing $domain..."
    curl -I -s https://$domain | head -1
done

systemctl status caddy
caddy validate --config /etc/caddy/Caddyfile

---

• Wiki/Werbs-Wiki: Docker stack at /var/www/wiki.jb/ (docker compose ps healthy)

• DSM: Synology DSM must be enabled

• Plex: Plex Media Server must be running

• VPS Default: No dependencies (local files only)

---

• Check service availability (curl -I on key hostnames)

• Review Caddy logs if something fails (journalctl -u caddy)

• docker compose ps for wiki and WebApp stacks

• Spot-check HTTPS on public hostnames

• Backup /etc/caddy/Caddyfile

• Review and update documentation

• Verify TLS renewal via Caddy logs

• Review firewall rules

• Update system packages

---

Total Services: 5 web services + 1 SSH port forward

Edge proxy: Caddy (/etc/caddy/Caddyfile)

Configuration: One Caddyfile for all public hostnames

Internal Ports Used (VPS): 8010, 8011, 8008, 8009, 8080 (phpMyAdmin)

Internal Ports Used (Synology via VPN): 5001, 32400, 22

---