Jump to content

Services:Best Practices

From jb-vpn.uk Wiki

Revision as of 14:04, 16 May 2026 by Josh (talk | contribs) (Updated documentation from markdown files)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Best practices when adding hostnames to the Caddy reverse proxy.

General

Validate the Caddyfile before reload: caddy validate --config /etc/caddy/Caddyfile

Use clear subdomain names and document them in Services:Current Services

Back up /etc/caddy/Caddyfile before changes

Check journalctl -u caddy after adding a site

Use HTTPS for all public services (Caddy handles certificates automatically)

Test VPS backends with curl on 127.0.0.1 before testing the public URL

Checklist

[ ] DNS A record points to 87.106.61.62

[ ] Backend running and reachable from VPS (127.0.0.1 or 10.8.0.2 via VPN)

[ ] Site block added to /etc/caddy/Caddyfile

[ ] caddy validate succeeds

[ ] systemctl reload caddy completed

[ ] curl -I https://newservice.jb-vpn.uk succeeds

[ ] Browser test with valid certificate

[ ] Entry added to Services:Current Services

Security

Prefer VPN-backed NAS services over exposing the NAS to the internet

Restrict sensitive admin UIs where possible (e.g. phpMyAdmin basic auth in Caddyfile)

Keep OpenVPN and VPS packages updated

Related documentation

[Step By Step Step-by-Step Process]

[Prerequisites Prerequisites]

Retrieved from "https://wiki.jb-vpn.uk/index.php?title=Services:Best_Practices&oldid=254"