I only access my NAS from my internal Lan. However, I want to get a certificate so that I can connect to the admin page using SSL without getting browser prompts.
I don't have a static IP or a registered domain name. I was thinking of using Synology DDNS to get an externally resolvable hostname and a Let's Encrypt certificate at the same time. I have a few questions:
1) Does the DDNS registration and auto-obtaining the Let's Encrypt certificate require me to have setup permanent inbound port forwarding to my NAS, or will this not be required as the connection is initiated outbound by the NAS?
2) Same question for keeping the DDNS registration up-to-date and auto-renewing the Let's Encrypt cert?
3) Obviously, I will need to have a port forwarded on my router to the DSM port if I wanted to administer the NAS externally. If I was administering it from the LAN, my router supports NAT loopback, so although the port forward would need to be in place (so the router knows where to direct the traffic), it would never leave the internal network, correct? Although obviously the NAS port would still be accessible from the Internet (for which I have firewall rules on the NAS to block). Is my understanding correct?
4) As an alternative to 3), I could instead setup Synology DNS Server on the NAS, create the external DDNS name zone and hostname (with the NAS internal IP address), then configure it to default forward all other queries to my router. Then configure my router DHCP to hand out the NAS DNS server address. Any potential issues with that?
All input welcome. Thanks.
I don't have a static IP or a registered domain name. I was thinking of using Synology DDNS to get an externally resolvable hostname and a Let's Encrypt certificate at the same time. I have a few questions:
1) Does the DDNS registration and auto-obtaining the Let's Encrypt certificate require me to have setup permanent inbound port forwarding to my NAS, or will this not be required as the connection is initiated outbound by the NAS?
2) Same question for keeping the DDNS registration up-to-date and auto-renewing the Let's Encrypt cert?
3) Obviously, I will need to have a port forwarded on my router to the DSM port if I wanted to administer the NAS externally. If I was administering it from the LAN, my router supports NAT loopback, so although the port forward would need to be in place (so the router knows where to direct the traffic), it would never leave the internal network, correct? Although obviously the NAS port would still be accessible from the Internet (for which I have firewall rules on the NAS to block). Is my understanding correct?
4) As an alternative to 3), I could instead setup Synology DNS Server on the NAS, create the external DDNS name zone and hostname (with the NAS internal IP address), then configure it to default forward all other queries to my router. Then configure my router DHCP to hand out the NAS DNS server address. Any potential issues with that?
All input welcome. Thanks.