NAS Remote Access for Newbies: Part 3 - Accessing Mobile Apps via Reverse Proxy

Tutorial NAS Remote Access for Newbies: Part 3 - Accessing Mobile Apps via Reverse Proxy

Preface​

This tutorial is a continuation of the Remote Access for Newbies series of tutorials, and continues the discussion started in Parts 1&2. While parts of this tutorial can stand on their own, it does reference an office building analogy used to describe your LAN in Part 1. If you are unfamiliar with the basics of your LAN or how to configure a reverse proxy, it’d be best to start with Parts 1&2 of the series.
  1. Tutorial - NAS Remote Access for Newbies: Part 1 - LAN Overview & Port Forwarding
  2. Tutorial - NAS Remote Access for Newbies: Part 2 - Port 443 & Reverse Proxy

Configuring Mobile Apps for use with Reverse Proxy​

Something that I’ve avoided discussing so far is how ports, DDNS, and reverse proxy work when you are trying to access an application via a Synology mobile app on your phone. At the end of Part 1 (before setting up our reverse proxies in Part 2), we would have been able to access apps such as File Station or Moments by selecting the app on our phone and entering only “yourname.synology.me” as the destination address. Note that the port number is not included at the end of the DDNS.

This is because most (though not all) Synology mobile apps by default access your NAS via ports 5000&5001. They will automatically tag the “:5001” to the end of your address when they try to connect to your NAS. This does get a little confusing because DSM as well as multiple Synology apps all access the NAS via 5001 by default.

However, now that we have closed up ports 5000/5001 and are forwarding all traffic through port 443, we need a new way to access our applications. The simple solution would seem to be to create another rule in RP for the application we want remote access to, and that is partially the correct answer. Let’s suppose we want to create an RP for File Station. We use 443 as the source port and 5001 as the destination port. We would end up with a URL that looks something like: FileStation.yourname.synology.me.

This is fine, except that now we have 2 RP rules (File Station & DSM) that are pointing to the same port on our NAS. As far as the reverse proxy switchboard knows, we are accessing the same room, and both RP rules will direct us to the DSM room. We need to be able to customize the internal port for our applications.

In order to do this, we will go DSM>>Control Panel>>Application Portal. Once in the application portal, you will see a list of applications that are installed on your NAS. If you select one and click Edit, a window will open where you can enable a customized HTTPS port. You can use the port Synology suggests, or you can use any port that is not on the DSM port list that was linked earlier. Either way, keep a list of the ports you are using, as you will need to assign a unique port to every app you wish to access remotely. In my case, I’ll use port 38400. This is basically the same as changing the number on the door to the room of File Station.
1610121491259.png

Figure 3-1: Customizing Application Ports

Now we need to go back into our File Station RP rule and change the destination port to 38400. Once we do that, our FileStation.yourname.synology.me URL will come through our router on port 443 and be forwarded to port 443 of our NAS. From there, the reverse proxy “switchboard” routes the connection according to the File Station RP rule and makes connection to NAS port 38400. At this point, you would see the login screen for File Station appear.

We would then need to repeat creating reverse proxies for all applications that need remote access. The main benefits of using a reverse proxy instead of forwarding ports directly to the NAS application is that we only have to forward/open one port, and I find a name like FileStation.yourname.synology.me to be much easier to remember than yourname.synology.me:38400. Both methods would give the same access when set up correctly, although Reverse Proxy does give an extra layer of security.

This concludes our discussion on configuring applications for remote access via mobile apps using reverse proxy. Please see Part 4: Reverse Proxy for Multiple NAS on a Single LAN for a discussion of how to set up reverse proxies to remotely access multiple NAS when they are all on the same LAN.
Related resources
Part 1:

Part 2:

Part 4:



  • Like
Reactions: silverj and Shoop
Top