Jump to content

System:Network Architecture

From jb-vpn.uk Wiki
Revision as of 13:15, 1 January 2026 by Josh (talk | contribs) (Added troubleshooting guide: Network Architecture)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Network Architecture

This document describes the network architecture of the reverse proxy system.

Network Topology

Internet → VPS (87.106.61.62) → OpenVPN Tunnel (tun0) → Synology NAS (10.8.0.2)

Network Components

VPS Public IP: 87.106.61.62 VPN Network: 10.8.0.0/24 VPN Interface: tun0 (10.8.0.1) Synology NAS IP: 10.8.0.2 (via VPN) Web Server: Nginx (reverse proxy) SSL Certificates: Let's Encrypt (managed by Certbot)

Traffic Flow

Client Request: User accesses a subdomain (e.g., wiki.jb-vpn.uk)

DNS Resolution: DNS resolves to VPS public IP (87.106.61.62)

Nginx Receives: Nginx listens on ports 80 (HTTP) and 443 (HTTPS)

SSL Termination: If HTTPS, SSL is terminated at the VPS

Reverse Proxy: Nginx forwards the request through the VPN tunnel to the Synology NAS

Service Response: Synology service responds back through the tunnel

Client Response: Nginx sends the response back to the client

Network Diagram

┌─────────────┐
│   Client    │
│  (Browser)  │
└──────┬──────┘
       │ HTTPS (443)
       │
       ▼
┌─────────────────────────────────────┐
│         VPS (87.106.61.62)          │
│  ┌───────────────────────────────┐  │
│  │      Nginx (Reverse Proxy)    │  │
│  │  - SSL Termination            │  │
│  │  - Request Routing            │  │
│  │  - Header Rewriting           │  │
│  └───────────┬───────────────────┘  │
│              │                       │
│              │ OpenVPN Tunnel        │
│              │ (tun0: 10.8.0.1)      │
└──────────────┼───────────────────────┘
               │
               │ HTTP (Internal)
               ▼
┌─────────────────────────────────────┐
│      Synology NAS (10.8.0.2)        │
│  ┌───────────────────────────────┐  │
│  │    Internal Services          │  │
│  │  - Port 8080 (Wiki)          │  │
│  │  - Port 8081 (Werbs-Wiki)    │  │
│  │  - Port 5001 (DSM)           │  │
│  │  - Port 32400 (Plex)         │  │
│  └───────────────────────────────┘  │
└─────────────────────────────────────┘

Network Ports

Public Ports (VPS)

Port 80 (HTTP): Redirects to HTTPS Port 443 (HTTPS): SSL/TLS encrypted traffic Port 22 (SSH): Server administration Port 1194 (UDP): OpenVPN server

Internal Ports (Synology NAS via VPN)

Port 8080: Wiki service Port 8081: Werbs-Wiki service Port 5001: Synology DSM Port 32400: Plex Media Server Port 22: SSH (forwarded via iptables on port 22222)

[Key Components](components.md) - Detailed component information [OpenVPN Server](index.md) - VPN configuration Troubleshooting - Network troubleshooting

Retrieved from "https://wiki.jb-vpn.uk/index.php?title=System:Network_Architecture&oldid=157"