Question Change default 443/80 ports - easy or not so much

Currently reading
Question Change default 443/80 ports - easy or not so much

Danabw

Subscriber
138
72
NAS
DS218+ 8GB RAM, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
As noted here I am trying to use a service provided by Ubiquity for managing their devices called UNMS.

I've set it up on my NAS, but have been blocked from connecting to the router from UNMS, and Ubiquity support seemed to think that using non-standard ports (required to avoid conflicting w/Synology services) could be the issue.

I have already set non-starndard HTTP/HTTPS ports on the NAS, but when I try to set UNMS container settings to map to 443/80 for its connections it tells me that the setting conflicts with other ports used by other services.

Is there a way to configure DSM so that it uses alternate ports to 443/80 for it's "other services" (and things won't blow up/get too complicated) so I can use those default ports w/the UNMS instance to see if that solves my connection problem? If the change is feasible but creates a messy management issue I don't want to go that way.

I am not using much in the way of services at the moment, UNMS in Docker, HyperBackup to a second NAS, CloudSync.

Appreciate info and advice.
 

jeyare

Subscriber
1,587
537
8443 Local port to 443 Docker port

for WAN you can use Reverse Proxy:
Control panel/App portal/Reverse proxy
conversion of 433 port incoming traffic from specific host name (subdomain) to local (NAS) port 8443
use SEARCH in this forum for detailed guide

for LAN you can use 8443 as well w/o Reverse proxy setup
 

Danabw

Subscriber
138
72
NAS
DS218+ 8GB RAM, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
Cool, haven't used reverse proxy before, I'll give that a look!
 

Danabw

Subscriber
138
72
NAS
DS218+ 8GB RAM, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
One issue...before I get going on reverse proxy wanted to confirm something that may be a bit unique in this instance.

Since the device that needs to communicate to the UNMS docker container is the router itself (required to complete the connection process that UNMS starts), if I set the reverse proxy to convert 443 to 8443 from the router, then won't all communication from the router to the NAS go to the Docker container 8443 port? Which will break anything coming from the router that needs 443? Do I understand that correctly?
 

Rusty

Moderator
NAS Support
2,353
701
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Anything coming from the router towards UNMS will be routed to 8443 but not the rest of the traffic (if there will be anything left)
 

Danabw

Subscriber
138
72
NAS
DS218+ 8GB RAM, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
Ah, need SSL cert to do RP. One thing leads to another... :)

I've often though about getting an SSL certificate, but never bothered just to get rid of the "Danger Will Robinson" page when I access my NAS. I guess now I might have a resonable reason...
 

Danabw

Subscriber
138
72
NAS
DS218+ 8GB RAM, DS212
Operating system
  1. Windows
Mobile operating system
  1. Android
  2. iOS
OK, I got a Let's Encrypt SSL certificate, used synology.me to set up the required DDNS for the NAS, and then accepted the offer to create the Let's Encrypt certificate at the end of the DDNS flow. The certificate process completed and the new SSL cert is the default.

I noticed that when I go to the DDNS address (xxxx.synology.me) from an internal computer on the network I get my router login screen. If I tack on the HTTPS port I'm using (xxxxx.synology.me:<port#> it fails to connect to anything.

I only need this to work for internal connections...I don't need to setup any port forwarding on my router to do the RP for internal access, do I? I prefer not to do port forwarding just to keep things as locked down as possible.

Also...I can't setup the RP - when I try to save the RP I get a message:
  • The domain name is already in use
For hostname I'm using:
  • unms.xxxxx.synology.me
 

Rusty

Moderator
NAS Support
2,353
701
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
OK, I got a Let's Encrypt SSL certificate, used synology.me to set up the required DDNS for the NAS, and then accepted the offer to create the Let's Encrypt certificate at the end of the DDNS flow. The certificate process completed and the new SSL cert is the default.

I noticed that when I go to the DDNS address (xxxx.synology.me) from an internal computer on the network I get my router login screen. If I tack on the HTTPS port I'm using (xxxxx.synology.me:<port#> it fails to connect to anything.

I only need this to work for internal connections...I don't need to setup any port forwarding on my router to do the RP for internal access, do I? I prefer not to do port forwarding just to keep things as locked down as possible.

Also...I can't setup the RP - when I try to save the RP I get a message:
  • The domain name is already in use
For hostname I'm using:
  • unms.xxxxx.synology.me
This will not work with xxx.yourdomainname.synology.me domains. cert is not a wild card one and you are unable to create a DNS record for that name. So redirect will not work.

You can use RP internally with port 80 > something to not have a need for a cert considering you are not planning on opening to the Internet.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top