Can't Access Mobile Apps While On Same Network

Currently reading
Can't Access Mobile Apps While On Same Network

63
2
NAS
DS920+
Operating system
  1. macOS
Mobile operating system
  1. iOS
This group is my last resort as I haven't been able to find my answers elsewhere and I am at a complete loss. So I hope y'all can help!

I have everything set up and it is working flawlessly minus one small hurdle. Let me explain...

I am using a custom domain name and running through Cloudflare. I really, REALLY want to be as secure as possible and I have heard this is the best way.
I have subdomains set up - files.domain.com, I also have them set up in Cloudflare.
I have certificates set up and everything is working perfectly.
Using reverse proxy.

The problem and what is puzzling is this:
I can access files.domain.com on my computer and phone (web browser) while on the network and while off the network (cell).
However, I am unable to use the iOS apps while on the network using the domain and/or subdomain. This is a problem because I switch from my home network to traveling and vice versa and I dont want to have to update the login box every time I come on and off my home network.

I hope this makes sense because I have been pulling my hair out scouring the internet looking for an answer.
 
Solution
Everyone will be glad to know that I got this resolved. It seemed that for some reason the , "under attack mode" in Cloudflare was causing an issue. I was just thinking about it last night and turned it off and EVERYTHING works now.

A big shout out to @Gerard , @Rusty and @fredbert for all your help. I couldn't have done it with out you.

Now everything is back and configured using different port numbers, etc than what was sent in the screenshots and 2FA is turned on. I even looked around a bit in Cloudflare and turned some extra security settings on in there so we should be golden!

Thanks again! I hope everyone enjoys the rest of their weekend.
I'm not clear what Cloudflare has in all this, is it just your Internet DNS service provider for your private domain? Such that client's on the Internet will get mydomain.com and sub.mydomain.com resolved by Cloudflare and directed to you router's Internet IP?

You mention reverse proxy but not who or what is providing this nor exactly what it is doing. Within DSM Control Panel there is the Application Portal area and provides two sections:
  1. Application Portal for specifying customised domains and aliases for Synology packages (e.g. File Station).
  2. Reverse Proxy for defining proxy redirects for custom domains or ports to other web addresses.
Did you use one of these or is there a Cloudflare reverse proxy being used?


That the iPhone can use Safari to browse to the customised domains should mean that the iOS mobile apps should also be able to. First I would test that the mobile apps can access the NAS by using LAN_IP:443 and use the login page's Set Up options to not validate the certificate. Does this work? If it does then it points to the resolution of the domain. (don't forget to turn on certificate validation)

I run DNS Server on NAS as an internal DNS: it resolves my personal domain for home devices and gives the local IP, for all other domains DNS Server will get the resolution from an Internet DNS service. Doing this means I don't have to rely on local loopback via my Internet router.
 
Upvote 0
I'm not clear what Cloudflare has in all this, is it just your Internet DNS service provider for your private domain? Such that client's on the Internet will get mydomain.com and sub.mydomain.com resolved by Cloudflare and directed to you router's Internet IP?
Thank you for your clarifying questions. I always like to add Cloudflare into the mix and be transparent as I can and no how to so that everyone knows the exact set up. It may or may not have anything to do with the situation. I just want to be clear.

So yeah I have A name record and CNAME all set up and they point to my external IP address.
You mention reverse proxy but not who or what is providing this nor exactly what it is doing. Within DSM Control Panel there is the Application Portal area and provides two sections:
  1. Application Portal for specifying customised domains and aliases for Synology packages (e.g. File Station).
  2. Reverse Proxy for defining proxy redirects for custom domains or ports to other web addresses.
Did you use one of these or is there a Cloudflare reverse proxy being used?
I am using the reverse proxy inside of DSM. From my understanding and watching the tutorials, this is the best option. So I have my router forwarding ports to the Synology. Then inside of the NAS I am using reverse proxy to point to the different applications. So, no I did not use Cloudflare reverse proxy.
That the iPhone can use Safari to browse to the customised domains should mean that the iOS mobile apps should also be able to. First I would test that the mobile apps can access the NAS by using LAN_IP:443 and use the login page's Set Up options to not validate the certificate. Does this work? If it does then it points to the resolution of the domain. (don't forget to turn on certificate validation)
Can you be a little more clear about this?
I have tested on the network and they can access said services using the mobile apps using the IP address, without the port number. However, I can not login to mobile app using the domain, subdomain, port number.

From my home network (the same network the nas is on), I can also log into the dsm from a web browser using subdomain.domain.com. I can also log into the files using subdomain.domain.com. I can do this both on my computer and mobile device.

I run DNS Server on NAS as an internal DNS: it resolves my personal domain for home devices and gives the local IP, for all other domains DNS Server will get the resolution from an Internet DNS service. Doing this means I don't have to rely on local loopback via my Internet router.
Is there a good tutorial on how to do this? And, do you think this would solve the problem? I am using an Eero and they have me going through a custom dns because I pay for their "protection" program.

Thank you so much for this. It has given me a lot to chew on and hopefully with your help and others I can get this figured out once and for all.
-- post merged: --

exact error?
The exact error is one of two things:

"Logging In..." forever that results in nothing

Sign In
Unable to connect to the server.
Please check:
– the IP address is correct
– the network connection
– Synology NAS is connected
We recommend using quick connect for easier connection to your server.
 
Upvote 0
I am using the reverse proxy inside of DSM. From my understanding and watching the tutorials, this is the best option. So I have my router forwarding ports to the Synology. Then inside of the NAS I am using reverse proxy to point to the different applications.
Why didn't you use the Application Portal section (of Application Portal) for assigning customised domains to the packages that it supports, e.g. File Station, Drive, Moments?
I have tested on the network and they can access said services using the mobile apps using the IP address, without the port number. However, I can not login to mobile app using the domain, subdomain, port number.

From my home network (the same network the nas is on), I can also log into the dsm from a web browser using subdomain.domain.com. I can also log into the files using subdomain.domain.com. I can do this both on my computer and mobile device.
When you say 'the network' do you mean the Internet or home LAN/network. I had read it that the iOS apps were having the problem when your phone is connected to the home LAN but worked when connected to the Internet. To summarise what logs in correctly or not...
From InternetFrom InternetOn LANOn LAN
Client deviceApplicationUsing IP addressUsing custom domainUsing IP addressUsing custom domain
MacWeb browserYesYesYesYes
iPhoneWeb browserYesYesYesYes
iPhoneMobile appYesYesYesNo

Is there a good tutorial on how to do this? And, do you think this would solve the problem? I am using an Eero and they have me going through a custom dns because I pay for their "protection" program.
Not sure on a tutorial, I worked it out myself.

Have you tried using a different DNS service instead of Eero's to see if that is blocking it. I don't see why it would.
 
Upvote 0
Why didn't you use the Application Portal section (of Application Portal) for assigning customised domains to the packages that it supports, e.g. File Station, Drive, Moments?
I dont know. I have always seen people using reverse proxy. Do you suggest I use application portal? I have just always heard you reverse proxy. However, I have tried this and still have the same problem.
When you say 'the network' do you mean the Internet or home LAN/network.
When I say home network, I mean the internal network of computers that my computer and other devices sit on.

I had read it that the iOS apps were having the problem when your phone is connected to the home LAN but worked when connected to the Internet. To summarise what logs in correctly or not...
Client deviceApplicationUsing IP addressUsing custom domainUsing IP addressUsing custom domain
From InternetFrom InternetOn LANOn LAN
MacWeb browserYesYesYesYes
iPhoneWeb browserYesYesYesYes
iPhoneMobile appYesYesYesNo
WOW! What a great matrix. Here is my response using your matrix. I think because it's my understanding that the IP address only works while Im on my home network.
Client / DeviceApplicationUsing IP addressUsing Custom DomainUsing Custom Domain
While On Home Network/InternetWhile On Home
Network/Internet
While Off Home Network/Internet
MacWeb browserYesYesN/A
iPhoneWeb browserYesYesYes
iPhoneMobile appYesNoYes w/ Port #
Not sure on a tutorial, I worked it out myself.

Have you tried using a different DNS service instead of Eero's to see if that is blocking it. I don't see why it would.
I have not just because I can access it in every scenario except on my home network/wifi using the mobile app.

It just doesn't make any sense and no one can figure out why?
 
Upvote 0
So now I'm really confused. To translate your terminology with mine:

LAN (local area network, i.e. the private network at home) = On home network​
Internet (the public network that is beyond your LAN) = Off home network​

When you say 'while On home network / Internet = No' is that a mistake or are you saying the mobile apps don't work on the LAN and the Internet. I think you're trying to say what I tabled, i.e. that it just doesn't work for mobile apps when on the LAN / at home / home network.

I would definitely try to use different DNS servers to check that there isn't something that the Eero is introducing.

Failing that you can setup a local DNS server for you home. It would resolve local IP addresses for your personal domain and for everything else it can forward to Eero's DNS servers. I don't know how Eero's DHCP server works, it's probably one of these:
  • If DHCP clients use the Eero LAN IP as DNS server: change the Eero's Internet settings for DNS server to have the first server IP as the local DNS server
  • If DHCP clients get assigned the Eero DNS server IP: change the DHCP server's configuration to have the local DNS server's IP as the first DNS server.
 
Upvote 0
So now I'm really confused. To translate your terminology with mine:

LAN (local area network, i.e. the private network at home) = On home network​
Internet (the public network that is beyond your LAN) = Off home network​

When you say 'while On home network / Internet = No' is that a mistake or are you saying the mobile apps don't work on the LAN and the Internet. I think you're trying to say what I tabled, i.e. that it just doesn't work for mobile apps when on the LAN / at home / home network.

I would definitely try to use different DNS servers to check that there isn't something that the Eero is introducing.

Failing that you can setup a local DNS server for you home. It would resolve local IP addresses for your personal domain and for everything else it can forward to Eero's DNS servers. I don't know how Eero's DHCP server works, it's probably one of these:
  • If DHCP clients use the Eero LAN IP as DNS server: change the Eero's Internet settings for DNS server to have the first server IP as the local DNS server
  • If DHCP clients get assigned the Eero DNS server IP: change the DHCP server's configuration to have the local DNS server's IP as the first DNS server.
I am sorry for being confusing. I can see how it may have been confusing, even though I thought I was being clear... Ughh! Again, sorry and thank you for sticking with me.

Let me see if I can add clarity. When I am at home and on my wifi (which I assume includes resources from my local network (computers, printers, smart devices, etc) as well as the internet) I can not access the Synology services using Synology apps on my iPhone using my subdomain.customdomain.com, including if I use port #'s also. However, I can access these through Safari on my iPhone. Also, I can access all of these services using subdomain.customdomain.com using Safari on my laptop while connected to my wifi.

I am able to use these Synology apps if I am on another other network that provides internet access (Cell, Starbucks, My friends house, etc).

I am not sure if this is clear or adds more confusion in my efforts to clear things up.

As far as the Eero DNS, I pay for this monthly because it includes ad blocking , etc so I dont want to get rid of it; however, in an effort to troubleshoot, I did turn it off and still did not change the outcome.

Thank you again for everyones help, especially thankful to @fredbert
 
Upvote 0
:) Clear.

I agree that the DNS was unlikely to get anywhere, but I'm stumped. I just tested DS file with a few different server URL and port combinations.

Let's say my DSM HTTPS port is the default 5001, it's not but for the results below I'm translating it. This all using DS file while my phone is on WiFi at home.

Server string usedNotesResult
<NAS_LAN_IP>Fails with same error as you
<NAS_LAN_IP>:443Fails with same error as you
<NAS_LAN_IP>:5001Log in
file.mydomain.comApplication Portal customised domain for File StationFails with same error as you
file.mydomain.com:443Log in
file.mydomain.com:5001Uses DSM HTTPS portLog in
office.mydomain.comDSM Reverse Proxy redirecting to HTTPS 5001Fails with same error as you
office.mydomain.com:443Log in
office.mydomain.com:5001Log in
audio.mydomain.comApplication Portal customised domain for Audio StationFails with same error as you
audio.mydomain.com:443Fails : Invalid port
audio.mydomain.com:5001Log in
moments.mydomain.comApplication Portal customised domain for MomentsFails with same error as you
moments.mydomain.com:443Fails : Invalid port
moments.mydomain.com:5001Log in
www.mydomain.comDNS resolving to NAS IP. Not setup in NAS for any service.Fails with same error as you
www.mydomain.com:443Fails with same error as you
www.mydomain.com:5001Log in
 
Upvote 0
You have to specify port numbers when using the mobile apps. If using reverse proxy use the domain name then :443. That is how I have it setup, this is due to the apps being hard coded for 5000 & 5001 when you just enter the domain name.
 
Upvote 0
You have to specify port numbers when using the mobile apps. If using reverse proxy use the domain name then :443. That is how I have it setup, this is due to the apps being hard coded for 5000 & 5001 when you just enter the domain name.
Yup. I think this has already been said first.

If the default 5000/5001 is assumed if no port number is specified then my table for 'www.mydomain.com', and others, would also login if I wasn't translating my actual DSM HTTPS port to 5001 for this. I've never used the default ports so didn't know this.

On some newer mobile apps the port suffix isn't need when ':443'. This is definitely true for the iOS Drive app as I just tested it. So seems that Synology have fixed this for new apps but the older ones (file, cloud, etc) didn't get it.
 
Upvote 0
On some newer mobile apps the port suffix isn't need when ':443'. This is definitely true for the iOS Drive app as I just tested it.

Correct drive isn’t needed. Also you can use the application portal alias for drive. Use your dsm domain name /alias
-- post merged: --

So use this format https://subdomain.domain.com:443 and see if that will work out for you

Thank you for that. I am sorry I failed to mention that I have done that already as well.

Don’t include https in the url. Most of the apps already have an https toggle switch
 
Upvote 0
I just want to be able to leave my app logged in when I switch from my wifi to my cell signal.

I have tried what seems like every combination with no dice.

I’ll try again right now. Let’s just stick to one app for now to simplify things.

I’m using the files app on iOS on my wifi w/ https switch toggled-
subdomain.domain.com - logging in constantly and doesn’t connect
sub.domain.com:443 - immediate error
sub.domain.com:5001 - logging in for a while and then gives error
sub.domain.com:7001 -logging in for a while and then gives error

using safari on my phone:
sub.domain.com- immediate connection with login screen
 
Upvote 0
I just want to be able to leave my app logged in when I switch from my wifi to my cell signal.

I have tried what seems like every combination with no dice.

I’ll try again right now. Let’s just stick to one app for now to simplify things.

I’m using the files app on iOS on my wifi w/ https switch toggled-
subdomain.domain.com - logging in constantly and doesn’t connect
sub.domain.com:443 - immediate error
sub.domain.com:5001 - logging in for a while and then gives error
sub.domain.com:7001 -logging in for a while and then gives error

using safari on my phone:
sub.domain.com- immediate connection with login screen

Can we see the reverse proxy settings for this specific subdomain

Also the settings of application portal
 
Upvote 0
@Gerard what are you looking for specifically? I am unsure how "secure" it is to show you a screenshot of my settings; but of course I want the help.

Im just not sure why everything is connecting except the mobile apps.
 
Upvote 0
Screen Shot 2021-04-17 at 2.36.59 PM.png
Screen Shot 2021-04-17 at 2.37.38 PM.png
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top