Jump to content

SSH Port Forwarding:Best Practices

From jb-vpn.uk Wiki
Revision as of 14:04, 16 May 2026 by Josh (talk | contribs) (Updated documentation from markdown files)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document outlines best practices when adding new services to the reverse proxy system.

General Best Practices

[edit]

Always validate Caddy before reloading (caddy validate) when changing public hostnames

[edit]

Use descriptive subdomain names that indicate the service

[edit]

Document your services in [Current Services](current-services.md)

[edit]

Backup configurations before making changes

[edit]

Monitor logs after adding new services

[edit]

Use HTTPS for all public-facing services

[edit]

Test thoroughly before marking service as complete

[edit]

Checklist

[edit]

Use this checklist when adding a new service:

  • [ ] DNS A record created and propagated
  • [ ] Service running on Synology NAS
  • [ ] Service accessible from VPN network
  • [ ] Nginx configuration file created
  • [ ] Site enabled (symlink created)
  • [ ] Nginx configuration tested (nginx -t)
  • [ ] Nginx reloaded
  • [ ] HTTP access verified
  • [ ] SSL certificate obtained
  • [ ] HTTPS access verified
  • [ ] Browser testing completed
  • [ ] Service documented in [Current Services](current-services.md)

Security Considerations

[edit]
  • Always use HTTPS for public-facing services
  • Keep SSL certificates up to date (automatic renewal via Certbot)
  • Use strong authentication for services that require it
  • Monitor access logs for unusual activity
[edit]
  • [Step-by-Step Process](step-by-step.md) - Setup process
Retrieved from "https://wiki.jb-vpn.uk/index.php?title=SSH_Port_Forwarding:Best_Practices&oldid=252"