Services:Step By Step
Follow these steps to add a new service to the reverse proxy system.
Step 1: Create Nginx Configuration File
Create a new configuration file in /etc/nginx/sites-available/:
sudo nano /etc/nginx/sites-available/newservice.jb-vpn.uk
Basic HTTP Configuration Template:
server {
server_name newservice.jb-vpn.uk;
location / {
=== Reverse Proxy to Synology's internal VPN IP and service port ===
proxy_pass http://10.8.0.2:PORT_NUMBER;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
=== Necessary for Synology Reverse Proxy compatibility ===
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
=== Timeouts for long-running requests ===
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
listen 80;
}
Replace:
newservice.jb-vpn.ukwith your subdomain
PORT_NUMBERwith your service's port
For HTTPS Internal Services:
If your internal service uses HTTPS, change the proxy_pass line:
proxy_pass https://10.8.0.2:PORT_NUMBER;
For Services Requiring Special Headers:
Some services (like Plex) require additional headers. See [Service Examples](service-examples.md) for reference.
Step 2: Enable the Site
Create a symlink to enable the site:
sudo ln -s /etc/nginx/sites-available/newservice.jb-vpn.uk /etc/nginx/sites-enabled/newservice.jb-vpn.uk
Step 3: Test Nginx Configuration
Always test the configuration before reloading:
sudo nginx -t
Expected Output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
If there are errors: Fix them before proceeding. Common issues:
- Syntax errors (missing semicolons, brackets)
- Duplicate server names
- Invalid port numbers
Step 4: Reload Nginx
Reload nginx to apply the new configuration (graceful reload, no downtime):
sudo systemctl reload nginx
Step 5: Verify HTTP Access
Test that the service is accessible via HTTP:
curl -I http://newservice.jb-vpn.uk
You should receive an HTTP response. If you get a connection error:
- Check DNS:
nslookup newservice.jb-vpn.uk
- Verify service is running:
curl http://10.8.0.2:PORT_NUMBER
- Check nginx logs:
tail -f /var/log/nginx/error.log
Step 6: Set Up SSL Certificate
Use Certbot to automatically configure SSL:
sudo certbot --nginx -d newservice.jb-vpn.uk --non-interactive --agree-tos --redirect --email admin@jb-vpn.uk
What this does:
- Requests SSL certificate from Let's Encrypt
- Configures nginx for HTTPS
- Sets up HTTP to HTTPS redirect
- Configures automatic renewal
If Certbot fails:
- Verify DNS is pointing to VPS:
nslookup newservice.jb-vpn.uk
- Ensure port 80 is open and accessible
- Check firewall rules:
sudo iptables -L -n -v
Step 7: Verify HTTPS Access
Test that HTTPS is working:
curl -I https://newservice.jb-vpn.uk
You should receive a 200 OK or similar response with SSL certificate details.
Step 8: Test in Browser
Open your browser and navigate to:
https://newservice.jb-vpn.uk
Verify:
- SSL certificate is valid (green lock icon)
- Service loads correctly
- All functionality works as expected
Removing a Service
To remove a service:
Disable the site:
sudo rm /etc/nginx/sites-enabled/service.jb-vpn.uk
Test configuration:
sudo nginx -t
Reload nginx:
sudo systemctl reload nginx
Optional - Remove configuration file:
sudo rm /etc/nginx/sites-available/service.jb-vpn.uk
Optional - Revoke SSL certificate:
sudo certbot revoke --cert-path /etc/letsencrypt/live/service.jb-vpn.uk/cert.pem sudo certbot delete --cert-name service.jb-vpn.uk
Related Documentation
- [[Documentation:Prerequisites](Prerequisites|- Requirements before starting
- [Configuration Options]])(configuration-options.md) - Advanced configuration
- [Service Examples](service-examples.md) - Service-specific examples
- Troubleshooting - Common issues