Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

file sharing with customized https port doesn't create

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

5
0
NAS
716+
I've applied a customized hostname 'mydomain.com' with customized DSM ports http (6000) and https (6100). No Quickconnect for File Station. This doesn't concern Drive Station (that one has different settings).

If I create a file sharing link, I get 'http:\\mydomain.com:6000\sharing\xyz'. But what I'm looking for is 'https:\\mydomain.com:6100\sharing\xyz' as default. Obviously I can change this URL manually afterwards, but I was hoping that this could be preconfigured in DSM. Any thoughts?
 
Check:
  • Control Panel>Login Portal>DSM, enable Auto redirect HTTP -> HTTPS...
  • File Station>Settings>Shared Link> Security, enable Always use HTTPS...
Screenshot_20241201_213245_Microsoft Remote Desktop.webp
 
Check:
  • Control Panel>Login Portal>DSM, enable Auto redirect HTTP -> HTTPS...
  • File Station>Settings>Shared Link> Security, enable Always use HTTPS...
View attachment 21100

Thank! Your solution works indeed. However, this does have undesirable side effect. At home I prefer to login via its local IP address. Obviously this solution will result in a certificate warning. But it shouldn't work like this. The above setting to always enable HTTPS for shared links should be sufficient (I already had this setting enabled). Auto redirect HTTP->HTTPS should not be necessary to have HTTPS links.
 
At home I prefer to login via its local IP address. Obviously this solution will result in a certificate warning. But it shouldn't work like this.
You will not be able to get a secure certificate against an ip address.

Suggest you to use the domain name, if you could add a dns entry onto your local network pointing that domain name to the local ip, the traffic will then stay local.

Test by pinging the dns name inside the network.
 
Yes, I know. Thanks. I already have a local DNS entry. It is somewhat cumbersome, because you have to do a hairpin NAT. But it works. Nevertheless, this is a workaround and it is not my preference. But I guess there is no direct approach possible. I maintain that this is a non-intended misconfiguration by Synology which they should solve on their end.
 
I maintain that this is a non-intended misconfiguration by Synology which they should solve on their end.

Not being able to accomplish this is not something Synology can resolve. I believe this is a rule of ICANN or RFC. It is a security risk to do so because one can easily perform a MITM attack. Nonetheless there maybe a hack way of accomplishing what you’re looking for, just know it isn’t what the standard is.
 
??? A MTM attack can happen when you login to your Diskstation via http. But that's obviously allowed and generally not a security issue when doing so within your local network. I'm talking about creating a HTTPS link for other (external) purposes while being logging in via HTTP. Why does that create a security issue? I would be interested to understand this.
 
Quick reaction from Synology on my ticket. Problem solved. For others who have this problem:
  • Control Panel > External Access > Advanced.
  • Ensure that the correct HTTPS port (6100 in this case) is configured here. If the old HTTP port (6000) is still listed, it may cause the shared links to default to HTTP.
Then you need to restart the web server (or your diskstation). Thereafter you only get HTTPS shared links.
 
??? A MTM attack can happen when you login to your Diskstation via http. But that's obviously allowed and generally not a security issue when doing so within your local network. I'm talking about creating a HTTPS link for other (external) purposes while being logging in via HTTP. Why does that create a security issue? I would be interested to understand this.

All of my responses have solely been to address what I had initially replied to in the first place, which is getting a certificate warning when utilizing an ip address. You cannot get a green secured certificate notice in a browser toward an ip address period.

At home I prefer to login via its local IP address. Obviously this solution will result in a certificate warning. But it shouldn't work like this.


Seeing as you got what you needed, discussion is solved. Good luck!
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

Hi, I have connected my external WD HDD to my DS1522+ using the USB port at the front of the NAS. It was...
Replies
0
Views
584
Good morning as said in the title, the quickconnect sharing links generated on a Mac mini M2 from "file...
Replies
0
Views
836

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top