---
owner: gmikcon
status: active
last_reviewed: 2026-05-09
review_interval: 90d
confidence: medium
source_of_truth: owner-confirmed
---

# Public gnexus.space Traffic To Internal nginx

This route describes the main public traffic path into the local infrastructure.

## Route

```text
Internet
  -> gnexus.space
  -> external VPS
  -> external OpenVPN server
  -> OpenVPN tunnel
  -> internal OpenVPN client
  -> internal proxy VPS
  -> internal nginx reverse proxy
  -> target VPS or internal machine
  -> target service
```

## Exposure

- Exposure: public.
- Public-facing entry: `external-vps`.
- Internal routing: OpenVPN tunnel to `internal-proxy-vps`.
- Proxy layer: `internal-nginx-proxy`.
- Main public web ports: `80`, `443`.

## Purpose

The route lets public traffic terminate on an external VPS and then pass into selected internal services through a VPN tunnel. The internal nginx proxy decides which target VPS or machine receives the request.

## Known Public Domains

- `git.gnexus.space`
- `jellyfin.gnexus.space`
- `lytvak.gnexus.space`
- `minecraft.gnexus.space`
- `auth.gnexus.space`
- `cloud.gnexus.space`
- `files.gnexus.space`
- `gnexus.space`
- `navi.gnexus.space`
- `transmission.gnexus.space`

## Known Hosts

- External VPS: `external-vps`, s-host.com.ua, Ukraine, Ubuntu Server 22.04.
- Internal proxy VPS: `internal-proxy-vps`, VM `ovpn_reserv`, LAN address `192.168.1.226`, libvirt address `192.168.105.181/24`.

## Confirmed Enabled Proxy Targets

| Domain | Upstream |
| --- | --- |
| `auth.gnexus.space` | `http://192.168.1.167` |
| `cloud.gnexus.space` | `http://192.168.1.152` |
| `files.gnexus.space` | `http://192.168.1.157` |
| `git.gnexus.space` | `http://192.168.1.156` |
| `gnexus.space` | `http://192.168.1.151` |
| `jellyfin.gnexus.space` | `http://192.168.1.153:8096` |
| `navi.gnexus.space` | `http://192.168.1.168:8000` |
| `transmission.gnexus.space` | `http://192.168.1.154:3000` |

## Available But Not Confirmed Enabled

These nginx site files exist on `internal-proxy-vps`, but they were not listed as enabled symlinks during the last check:

- `lytvak.gnexus.space` -> `http://192.168.1.167`
- `minecraft.gnexus.space` -> `tcp://192.168.1.218:25565`

## Unknowns

- OpenVPN public port.
- nginx configuration file paths.
- SSH forwarding details to the internal `alex` VPS.