I've decided to open my DiskStation so I can access it externally and think I finally have grasped the fundamentals needed to accomplish this yet can't seem to get this working right despite reviewing countless forums, tutorials, and of course syno docs.
Prior to now, I have simply been able to connect to DSM locally or via Quick Connect
My current setup:
Current DSM firewall rules
Eventually, I plan to move away from the built-in reverse proxy that DSM offers but am simply experimenting for now and am curious to see what the experience is like using a VM from my own remote server without a VPN connection. Maybe I completely missed an important point (several times) in my research but any thoughts or comments will be greatly appreciated.
Prior to now, I have simply been able to connect to DSM locally or via Quick Connect
My current setup:
- I've decided to disable Quick Connect and just use DDNS (myaccount.synology.me), which gets a "green light" connected status
- Changed default DS ports (5000 and 5001) to 7100 and 7200
- Forwarded port 443 on my router to 443 of the static IP 192.168.1.300 (which I've set for the DiskStation in my router)
- Enabled the firewall within DSM and enabled all services associated with 7100 and 7200, HTTPS and reverse proxy, and 3389 for remote desktop (RDC)
- Generated a Let's Encrypt cert for myaccount.synology.me making sure to include "*.myaccount.synology.me" in the SAN for wildcards
- Have added two domains to the reverse proxy section:
→ https://dsm.myaccount.synology.me:443 that forwards to http://192.168.1.300:7100
→ https://rdc.myaccount.synology.me:443 that forwards to http://192.168.1.400:3389
(400 is the static IP I assigned within a virtual machine, which I can connect to locally with the Windows RDC client) - Configured the LE certs for both additions to reverse proxy to be on the myaccount.synology.me cert
- I can no longer connect to DSM (dsm.myaccount.synology.me) externally from WAN since I have disabled Quick Connect
- I cannot connect to the Windows VM that has been set up via Syno VMM
- I can connect to DSM locally with 192.168.1.300
- I can connect to the VM using RDC (Mac and PC clients) locally with 192.168.1.400
- I've noticed when connecting to https://myaccount.synology.me that it does not connect securely but does connect to web station (it's installed but not set up, so the default landing page is there)
- I am under the impression that I do not need to use a VPN since I'm using a reverse proxy
- I don't have port 80 forwarded from my router (which I've tried) since I want to connect securely
- I've tried generating a LE cert without SAN but want to use future subdomains without generating a new cert every time
- One PC that I will be using to access the VM remotely does not have admin access so I cannot install a VPN client but will allow me to enter RDC info, hence why I'm trying to avoid VPN (plus I have plenty of reverse proxy use cases I'd like to be available in the future)
Current DSM firewall rules
Eventually, I plan to move away from the built-in reverse proxy that DSM offers but am simply experimenting for now and am curious to see what the experience is like using a VM from my own remote server without a VPN connection. Maybe I completely missed an important point (several times) in my research but any thoughts or comments will be greatly appreciated.