---
owner: gmikcon
status: active
last_reviewed: 2026-05-09
review_interval: 90d
confidence: medium
source_of_truth: owner-confirmed-and-ssh-libvirt
---

# Internal Proxy VPS

Internal proxy VPS that receives traffic from the external VPS through OpenVPN and forwards it to internal services.

## Identity

- Inventory id: `internal-proxy-vps`.
- VM id: `ovpn_reserv`.
- Hypervisor: `hp-proliant-dl380-g6`.
- OS: Ubuntu 20.04.6 LTS.
- Kernel: `5.4.0-216-generic`.
- nginx: `nginx/1.18.0`.

## Addresses

- LAN address: `192.168.1.226`.
- Libvirt/internal address: `192.168.105.181/24`.

## Roles

- OpenVPN client.
- Internal nginx reverse proxy.
- Main internal entrypoint for public `gnexus.space` traffic.

## Active Services

- `nginx.service`
- `openvpn@client.service`
- `ssh.service`

## Listening TCP Ports

- `22`
- `80`
- `443`

## Proxy Scope

The nginx proxy handles the `gnexus.space` domain family.

Enabled nginx sites:

- `git.gnexus.space`
- `jellyfin.gnexus.space`
- `auth.gnexus.space`
- `cloud.gnexus.space`
- `files.gnexus.space`
- `gnexus.space`
- `navi.gnexus.space`
- `transmission.gnexus.space`

Available nginx site files that are not currently confirmed as enabled:

- `anicusi.gnexus.space`
- `cats.gnexus.space`
- `fdroid.gnexus.space`
- `ferumina.gnexus.space`
- `lytvak.gnexus.space`
- `mail.gnexus.space`
- `minecraft.gnexus.space`
- `ollama.gnexus.space`
- `sups.gnexus.space`
- `topics.gnexus.space`

## Confirmed Proxy Mappings

| Domain | Upstream |
| --- | --- |
| `auth.gnexus.space` | `http://192.168.1.167` |
| `cloud.gnexus.space` | `http://192.168.1.152` |
| `files.gnexus.space` | `http://192.168.1.157` |
| `git.gnexus.space` | `http://192.168.1.156` |
| `gnexus.space` | `http://192.168.1.151` |
| `jellyfin.gnexus.space` | `http://192.168.1.153:8096` |
| `navi.gnexus.space` | `http://192.168.1.168:8000` |
| `transmission.gnexus.space` | `http://192.168.1.154:3000` |

Known available but not confirmed enabled mappings:

| Domain | Upstream |
| --- | --- |
| `lytvak.gnexus.space` | `http://192.168.1.167` |
| `minecraft.gnexus.space` | `tcp://192.168.1.218:25565` |

Proxying is mixed by hostname, path, and ports. SSH forwarding to the internal `alex` VPS on a custom port is believed to exist and still needs confirmation from nginx or firewall configuration.

No raw credentials are documented here.