Jump to content

System:Security

From jb-vpn.uk Wiki
Revision as of 13:15, 1 January 2026 by Josh (talk | contribs) (Added configuration guide: Security Architecture)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Security Architecture

This document describes the security architecture of the reverse proxy system.

Defense in Depth

The system uses multiple layers of security:

Public Layer: Nginx with SSL/TLS encryption

VPN Layer: Encrypted tunnel between VPS and NAS

Internal Layer: Services only accessible via VPN

Certificate Security: Automatic renewal prevents expired certificates

Security Benefits

No Direct Exposure: Synology NAS is not directly accessible from the internet Encrypted Traffic: All public traffic uses HTTPS Isolated Network: Internal services communicate over VPN Certificate Management: Automatic SSL certificate renewal

Security Components

SSL/TLS Encryption

All public-facing traffic uses HTTPS Let's Encrypt certificates automatically renew HTTP traffic is redirected to HTTPS

VPN Encryption

OpenVPN provides encrypted tunnel between VPS and NAS All internal traffic is encrypted through VPN Certificate-based authentication for VPN clients

Network Isolation

Internal services only accessible via VPN No direct internet exposure of Synology NAS Firewall rules control traffic flow

[Network Architecture](network-architecture.md) - Network topology [Key Components](components.md) - Component details [OpenVPN Server](index.md) - VPN security configuration

Retrieved from "https://wiki.jb-vpn.uk/index.php?title=System:Security&oldid=155"