Failing in my attempts at reverse proxy

Currently reading
Failing in my attempts at reverse proxy

Just "jellyfin".

Once the dns record is replicated to your isp's dns server (or whichever one you configured), you should be able to access it using https://jellyfin.thebroughfamily.com. As far as I have seen jellyfin.thebroughfamily.com was configured as hostname in your reverse proxy rule. I assume you already created a Letsencrypt certificate and assigned it to that "hostname" (actually it is a full qualified domain name, aka. fqdn)
 
At least part of your problem is that you have given your certificate the same common name (thebroughfamily.com) and alternative name (thebroughfamily.com). Give it the common name thebroughfamily.com and, as alternative names, jellyfin.thebroughfamily.com , transmission.thebroughfamily.com , etc. Eventually you can shoot for a wildcard domain, which will cover anyhostname.thebroughfamily.com , but for now let's try to get it working with alternative names for your various hostnames. Also, your DSM is responding to https on port 5252, not 5001, so you'll need to port forward to 5252.
 
I don't seem to be able to do that, it says name conflict?
 

Attachments

  • Screenshot_20210516-215047.png
    Screenshot_20210516-215047.png
    312.8 KB · Views: 79
I don't seem to be able to do that, it says name conflict?
Please try to make clear which post you're responding to. Not clear what you are unable to do when you say "i'm unable to do THAT." Do what? If you're responding to my post about your certificate, then you've misunderstood it. I am suggesting that you re-create your Letsencrypt certificate using thebroughfamily.com as the "main" domain, and jellyfish.thebroughfamily.com etc. as Alternative names.
 
At least part of your problem is that you have given your certificate the same common name (thebroughfamily.com) and alternative name (thebroughfamily.com). Give it the common name thebroughfamily.com and, as alternative names, jellyfin.thebroughfamily.com , transmission.thebroughfamily.com , etc. Eventually you can shoot for a wildcard domain, which will cover anyhostname.thebroughfamily.com , but for now let's try to get it working with alternative names for your various hostnames. Also, your DSM is responding to https on port 5252, not 5001, so you'll need to port forward to 5252.
I'm fairly sure on the certificate I put the common name as thebroughfamily.com, and in the alternative I put, jellyfin.thebroughfamily.com;transmission.thebroughfamily.com

I can see them both on my certificate if I click on the arrow next to the certificate.

I moved to 5252 for DSM, as another topic said it was wise to do so for security reasons. It is port forwarded already, and works I think.
 
The screenshot is not depicting what you ought to be doing.
The A record should be thebroughfamily.com .
Jellyfish should then be a CNAME record, which you already have.
So enter thebroughfamily.com (NOT thebroughfamily) where you currently have jellyfish as the A record.
 
Please try to make clear which post you're responding to. Not clear what you are unable to do when you say "i'm unable to do THAT." Do what? If you're responding to my post about your certificate, then you've misunderstood it. I am suggesting that you re-create your Letsencrypt certificate using thebroughfamily.com as the "main" domain, and jellyfish.thebroughfamily.com etc. as Alternative names.
Sorry I was replying to the previous message before yours arrived, so I didn't know you had messaged.
-- post merged: --

if an update of the record is not possible, delete the wrong one (the one with type cname) and then create the new one.

So is this better now?
 

Attachments

  • Screenshot_20210516-220055.png
    Screenshot_20210516-220055.png
    324 KB · Views: 69
When I click on your certificate, I don't see the alternate names. So I don't think you've gotten them in.
View attachment 3648
On my certificate it shows this...
-- post merged: --

Depends on wheter all you subdomains point to the same static ip which is handled by your nas...

At least nslookup to fellyfin. and transmission. resolve the ip now.
Yes that IP is my static IP from my isp provider, on which the Nas is connected as a local host 192.168.1.20 static assigned.
 

Attachments

  • Screenshot_20210516-220458.png
    Screenshot_20210516-220458.png
    186.5 KB · Views: 37
Last edited:
Though, Akahan is right. The certificate currently assigned to jellyfin.thebroughfamily.com does not include the subject alternative names and seem to be a different certificate then the one from your screenshot.

Also the screenshot does not mean what you think it means. It just means you assigned to use it with those domains. It does say nothing about for which common name and subject alternative names the certificate was issued.

The common name or one of the subject alternative names must match the URL you used to access the service, in order to be considered valid. In your case, the certificates common name and suject alernative name is thebroughfamily.com, which does not match the url jellyfin.thebroughfamily.com or transmission.thebroughfamily.com.
 
Last edited:
Ah right.. I will try again then. I'm sure I've done it but must have deleted it again...

... Currently I cant get a new certificate as it says

"Invalid domain - please make sure the domain can be resolved to a public ip address"
 
o-e-k and I are in agreement here, I think - in order for your subdomains to work with https, you'll need to get a certificate issued which includes them all as alternative names. (Or get a wildcard certificate, but that's varsity level... a task for tomorrow.) So you'd do that in the Security/Certificates area of Control Panel on the NAS.
 
o-e-k and I are in agreement here, I think - in order for your subdomains to work with https, you'll need to get a certificate issued which includes them all as alternative names. (Or get a wildcard certificate, but that's varsity level... a task for tomorrow.) So you'd do that in the Security/Certificates area of Control Panel on the NAS.
It won't let me at the minute, it gives me the error I said in my previous post.
 

Attachments

  • Screenshot_20210516-222131~2.png
    Screenshot_20210516-222131~2.png
    116.8 KB · Views: 52
  • Screenshot_20210516-222150~2.png
    Screenshot_20210516-222150~2.png
    119 KB · Views: 51

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
Replies
1
Views
1,126
  • Question
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
Replies
10
Views
1,891
  • Solved
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
Replies
3
Views
2,304

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top