http to https redirect

Tutorial http to https redirect

This will be a quick tutorial on http to https redirect for all of you using Synology reverse proxy (usually in a combination with Docker containers) or in general any means to host any content on your NAS.
Why is http to https needed? Well for one it will force any attempts to access your content on a non secure protocol as well as allow any visitors of your sites to simply be redirected to the correct URL no matter how they type it in the address bar.
Let’s give a quick example before the actual steps that are required. For example, you are hosting a web site of some sort on your NAS. Let’s also assume that you already have it running on https (more on this later). What happens if for some reason someone types www.yoursite.domain? By default, any browser will attempt to access it using http protocol (on its default port 80). Great, so non secure communication and on top of this, the wrong URL. Visitors will get that horrible “Page can’t be displayed” and that will be the end of it. NEXT!
In order to avoid this, you need to configure http to https redirect so that this actually points users and visitors to the correct url without them typing in the correct protocol (http or https). Let’s see what needs to be done in order to get this running on your Synology NAS.
I will assume that you have several things already in place for this to make sense:

* Configured DDNS
* Configured and registered a public domain in order to maintain DNS records
* A valid domain certificate (preferably a wild card one *.mydomain.something)
* Apache HTTP Server installed on your NAS (you can use the Package center install)
* Knowledge and access to your router in order to port forward port 80 and 443

01. First we need access on ports 80 and 443 from the Internet to your NAS. Considering that this process will depend on your router of choice, please consult your manufacturer on how to port forward ports. The only thing that needs to be done here is to open port 80 and 443 and pass them to your NAS local IP address on those same ports.

02. Now we need to install Web Station and Apache (no matter what version) from the Package center.

03. Open up File Station and go to your web folder and create a subfolder of any name you would like (redirectHTTPS for example, it really doesn’t matter).

04. Next, create a file on your local computer and call it .htaccess. This file has no extension and in most cases as soon as you create it might disappear unless you have hidden files option active. Edit this file with a simple “notepad” application and add the following as its content:

Code:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

NOTE: make sure you are not using Word, WordPad or any “fancy” word processor for that matter because it will add certain special formats and characters that will make this file unusable. Once you have created this file and added the content, save it and copy/move it to the redirectedHTTPS folder that you created early.

05. Open Web Station -> navigate to Virtual Host and click the Create button. Here we will need to add the following:

Code:
a) Choose Port-Based
b) Select HTTP and input the port you want to use for rewrite of HTTP to HTTPS (1110)
c) Set Document Root to the web folder redirectHTTPS
d) Set HTTP back-end server to Apache HTTP Server
e) Set PHP to Not configured
f) Press Ok to save your chages

Screenshot 2020-04-03 at 14.26.43.png


06. Open up Revers Proxy in Control Panel > Application portal > Revers proxy tab and click Create
Let’s say that you wanna do a redirect for your www.yourdomain.something site that you are hosting on your NAS (as a Docker container). To make this work you need to make 2 entries. One for https to https redirect, and one for the actual revers towards your internal container where the site is.

07. Redirect entry steps are these:

Code:
* Enter description: REDIRECT_yourdomain.something
* Set Source protocol to HTTP
* Set Source hostname to www.yourdomain.something (this needs to be same as the public url of your web site)
* Set Source HTTP port 80
* Set Destination protocol to HTTP
* Set Destination hostname to localhost (or IP address of your NAS)
* Set Destination port to the Virtual Host port for web folder redirectHTTPS which is 1110 (or whatever you have defined in your virtual host steps).
* Click Ok

Screenshot 2020-04-03 at 14.29.28.png


Now that we have a redirect entry, it’s time to make a reverse entry that will actually lead users to your web content located in your docker container.

08. Revers proxy steps for your site are these:

Code:
* Enter description, let’s say yoursite_https
* Set Source protocol to HTTPS
* Set Source hostname to www.yourdomain.something (this needs to be same as the public url of your web site)
* Set Source HTTPS port 443
* Set Destination protocol to HTTP
* Set Destination hostname to localhost (or IP address of your NAS)
* Set Destination port to the Docker container port where your site is being hosted on (for example 8855).
* Click Ok

Screenshot 2020-04-03 at 14.32.36.png


09. Finally, open up Control Panel > Security > Certificate and make sure that you have a valid SSL certificate for your domain imported. If you have, then click the “Configure” button to configure your new reverse entry (listed here under the revers description name that you have used) in order to add your ssl certificate to it.
We have now completed all the steps needed on the Synology side. All that it's now left to do is to point Internet requests towards your web site name. To do that we will need an A host or CNAME record in your domain DNS setting. Depending on your domain provider this can also depend on how the configuration looks like, but you have 2 options here no matter what.

To add a record you will need to go to your domain DNS configuration setting and add A host OR CNAME record.

10. If you have a public static IP address provided by your ISP create a A host record with its name “www” (no need to add the full domain name here, considering that it will be added automatically) and as a value enter your public IP address. If on the other hand, you don’t have a static IP address you can enter your NAS DDNS name in the form of a CNAME (alias). Again, enter “www” as the name and as a value enter your ddns name that you have associated with your NAS. This way all Internet requests will be redirected to your NAS current public IP address.

That’s it! Well done! Now you can access your site public name without the need to specify https protocol because any request will be redirected to it anyway.



Similar resources
Resource starter Title Category
WST16 Hardening Your HTTP Security Headers Other
Top