Failing in my attempts at reverse proxy

Currently reading
Failing in my attempts at reverse proxy

Just "jellyfin".

Once the dns record is replicated to your isp's dns server (or whichever one you configured), you should be able to access it using https://jellyfin.thebroughfamily.com. As far as I have seen jellyfin.thebroughfamily.com was configured as hostname in your reverse proxy rule. I assume you already created a Letsencrypt certificate and assigned it to that "hostname" (actually it is a full qualified domain name, aka. fqdn)
 
At least part of your problem is that you have given your certificate the same common name (thebroughfamily.com) and alternative name (thebroughfamily.com). Give it the common name thebroughfamily.com and, as alternative names, jellyfin.thebroughfamily.com , transmission.thebroughfamily.com , etc. Eventually you can shoot for a wildcard domain, which will cover anyhostname.thebroughfamily.com , but for now let's try to get it working with alternative names for your various hostnames. Also, your DSM is responding to https on port 5252, not 5001, so you'll need to port forward to 5252.
 
I don't seem to be able to do that, it says name conflict?
 

Attachments

  • Screenshot_20210516-215047.png
    Screenshot_20210516-215047.png
    312.8 KB · Views: 78
thebroughfamily said:
I don't seem to be able to do that, it says name conflict?
Click to expand...
Please try to make clear which post you're responding to. Not clear what you are unable to do when you say "i'm unable to do THAT." Do what? If you're responding to my post about your certificate, then you've misunderstood it. I am suggesting that you re-create your Letsencrypt certificate using thebroughfamily.com as the "main" domain, and jellyfish.thebroughfamily.com etc. as Alternative names.
 
akahan said:
At least part of your problem is that you have given your certificate the same common name (thebroughfamily.com) and alternative name (thebroughfamily.com). Give it the common name thebroughfamily.com and, as alternative names, jellyfin.thebroughfamily.com , transmission.thebroughfamily.com , etc. Eventually you can shoot for a wildcard domain, which will cover anyhostname.thebroughfamily.com , but for now let's try to get it working with alternative names for your various hostnames. Also, your DSM is responding to https on port 5252, not 5001, so you'll need to port forward to 5252.
Click to expand...
I'm fairly sure on the certificate I put the common name as thebroughfamily.com, and in the alternative I put, jellyfin.thebroughfamily.com;transmission.thebroughfamily.com

I can see them both on my certificate if I click on the arrow next to the certificate.

I moved to 5252 for DSM, as another topic said it was wise to do so for security reasons. It is port forwarded already, and works I think.
 
The screenshot is not depicting what you ought to be doing.
The A record should be thebroughfamily.com .
Jellyfish should then be a CNAME record, which you already have.
So enter thebroughfamily.com (NOT thebroughfamily) where you currently have jellyfish as the A record.
 
akahan said:
Please try to make clear which post you're responding to. Not clear what you are unable to do when you say "i'm unable to do THAT." Do what? If you're responding to my post about your certificate, then you've misunderstood it. I am suggesting that you re-create your Letsencrypt certificate using thebroughfamily.com as the "main" domain, and jellyfish.thebroughfamily.com etc. as Alternative names.
Click to expand...
Sorry I was replying to the previous message before yours arrived, so I didn't know you had messaged.
-- post merged: --

one-eyed-king said:
if an update of the record is not possible, delete the wrong one (the one with type cname) and then create the new one.
Click to expand...

So is this better now?
 

Attachments

  • Screenshot_20210516-220055.png
    Screenshot_20210516-220055.png
    324 KB · Views: 68
akahan said:
When I click on your certificate, I don't see the alternate names. So I don't think you've gotten them in.
View attachment 3648
Click to expand...
On my certificate it shows this...
-- post merged: --

one-eyed-king said:
Depends on wheter all you subdomains point to the same static ip which is handled by your nas...

At least nslookup to fellyfin. and transmission. resolve the ip now.
Click to expand...
Yes that IP is my static IP from my isp provider, on which the Nas is connected as a local host 192.168.1.20 static assigned.
 

Attachments

  • Screenshot_20210516-220458.png
    Screenshot_20210516-220458.png
    186.5 KB · Views: 35
Last edited:
Though, Akahan is right. The certificate currently assigned to jellyfin.thebroughfamily.com does not include the subject alternative names and seem to be a different certificate then the one from your screenshot.

Also the screenshot does not mean what you think it means. It just means you assigned to use it with those domains. It does say nothing about for which common name and subject alternative names the certificate was issued.

The common name or one of the subject alternative names must match the URL you used to access the service, in order to be considered valid. In your case, the certificates common name and suject alernative name is thebroughfamily.com, which does not match the url jellyfin.thebroughfamily.com or transmission.thebroughfamily.com.
 
Last edited:
Ah right.. I will try again then. I'm sure I've done it but must have deleted it again...

... Currently I cant get a new certificate as it says

"Invalid domain - please make sure the domain can be resolved to a public ip address"
 
o-e-k and I are in agreement here, I think - in order for your subdomains to work with https, you'll need to get a certificate issued which includes them all as alternative names. (Or get a wildcard certificate, but that's varsity level... a task for tomorrow.) So you'd do that in the Security/Certificates area of Control Panel on the NAS.
 
akahan said:
o-e-k and I are in agreement here, I think - in order for your subdomains to work with https, you'll need to get a certificate issued which includes them all as alternative names. (Or get a wildcard certificate, but that's varsity level... a task for tomorrow.) So you'd do that in the Security/Certificates area of Control Panel on the NAS.
Click to expand...
It won't let me at the minute, it gives me the error I said in my previous post.
 

Attachments

  • Screenshot_20210516-222131~2.png
    Screenshot_20210516-222131~2.png
    116.8 KB · Views: 51
  • Screenshot_20210516-222150~2.png
    Screenshot_20210516-222150~2.png
    119 KB · Views: 50

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

M
Can the Synology router detect intrusion attempts?
No. Just stay on top of things (updates, warnings, patching, etc), and it will be fine.
Replies
1
Views
990
Rusty
Rusty
B
  • Solved
Access Control Profile still allowing remote login attempts
Thank you, @Rusty! It works!) @Telos, I understand that FW and Port Forwarding are different things, The...
2
Replies
21
Views
5,327
yodasad
yodasad
D
  • Question
Web app links behind reverse proxy
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
Replies
1
Views
977
fredbert
fredbert
K
  • Question
Subdomains (and also with reverse proxy) always display the DSM login page on DSM 7.2.1
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
Replies
10
Views
1,512
Rusty
Rusty
A
  • Solved
Reverse proxy, Forbidden 403 error
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
Replies
3
Views
1,769
arcylix
A
C
SSTP and WEB with Synology Reverse Proxy
I accessed to log and when I trying connect I have message: "SSTP_DUPLEX_POST...
Replies
9
Views
1,846
CzarnyLewis
C
B
  • Solved
Please Help me with Troubleshooting Reverse Proxy
Glad it’s working. Now you can help the next person! No reward necessary 😎
Replies
14
Views
2,387
fredbert
fredbert

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top