Question HowTo connect with DS Note to Notestation LOCALY via HTTPS

[Witzker]

Hi

Tried with IP, @synology.me, domain with NoIp& Let's encrypt, quick connect ID all with different certificate setting...
SO

What has to be configured Where that an INTERNAL connection via HTTPS is possible
from Tablet (android) & iPhone to Note Station

 

[fredbert]

I can use the access methods that are defined in Control Panel / Application Portal:

www.mydomain.com/<mynote-alias>
<mynote-subdomain>.mydomain.com

I'm guessing that the certificate must have to be valid for the address that you're using. Also, I run an internal DNS Server that resolves my personal domain to local IPs, and externally the same domain resolves to my ISP assigned IP.

 

[Witzker]

THX for taking care

Certificate is valid!

I guess the problem is that internally it's not possible that certificate is assigned to the IP or domain? - so no HTTPS? - With HTTP it connects without problems.

Yes DNS! But I don't want my DS online with the DNS all the time.

I'm new with this
So is it possible to run a DNS for internal use only??

 

[fredbert]

Unless you allow port forwarding from the Internet to the DNS Server on UDP/TCP port 53 then it will not be accessible from outside.

My home DNS Server (that's the Synology package) only has resolution for my home domain and everything else then gets sent onto the normal DNS servers I would use (that'll be OpenDNS). In my router's DHCP configuration I just put the NAS's IP as the primary DNS server (secondary can be your normal external DNS) and this gets all my local devices to use the NAS.

Yes DNS! But I don't want my DS online with the DNS all the time.

If you mean 'online' as in 'switched on/powered up' then you'll have to stick to HTTP or use an internal DNS server that's always on. Otherwise the DNS resolutions will try the NAS first to find it's not available and then use the external DNS, and this might cause latency that's noticeable.

 

[akahan]

I do not have any special DNS setup, and https for DS Note works fine for me from within my LAN on iPhone.
I have a certificate from Let's Encrypt for my domain name.
Entering the domain name in DS Note on the iPhone, connected to home wireless and not to cellular service, and selecting the HTTPS option works 100%.

 

[Witzker]

OK
Do You mean to put my domain with certificate from Let's Encrypt here in note station?

And log in with the same domain??

When I do so on android It says the certificate is not trusted and doesnot login
BUT - You are right on iPhone it works!

HowTo solve on Android?

 

[akahan]

I apologize, I don't use Android, so I have no answer on that.

 

[fredbert]

@Witzker If your certificate covers www.example.com then you can use Aliasname so you can access with www.example.com/<aliasname>. This works on my Mac on home LAN.

But my work Android phone won't work with the aliasname but will work with the customised domain (ticked in your screenshot). So <notes-subdomain>.example.com does work. I also enabled DS note to check certificate validity (the DS note 'cog' icon on the login screen).

I have various LE certificates due to Synology's 255 character limit on Subject Alternative Name field. I have a certificate for Application Portal customised domains and have to assign this certificate from the Certifcate page in Control Panel (the Configure button).

@akahan on your LAN what do you use to access Note Station? externally resolved URL, LAN, QC?

If the router doesn't support loopback for URLs that resolve to it's WAN IP which then needs forwarding to the NAS ... then external URLs will fail when trying to access from the LAN.

 

[akahan]

@akahan on your LAN what do you use to access Note Station? externally resolved URL, LAN, QC?

I use domainname.com to access notestation. No port number, no subdomain. I have no static routes and no internal DNS resolver.

I think it would be helpful to know from the OP:

Can you reach notestation via https from OUTSIDE your LAN?
Can you reach notestation VIA HTTP using your domain name (not IP address) from inside your LAN?

If the answer to the first question is "yes," then the problem is probably that the router isn't doing loopback.
If the answer to the second question is "yes," then the problem is probably a certificate issue.

If OP is right that he can reach Notestation using https from inside his LAN using iPhone but not Android phone, then I suspect that the certificate needs to be installed somehow on the Android phone.

 

[Rusty]

Hi

Tried with IP, @synology.me, domain with NoIp& Let's encrypt, quick connect ID all with different certificate setting...
SO

What has to be configured Where that an INTERNAL connection via HTTPS is possible
from Tablet (android) & iPhone to Note Station

If your router support nat loopback, you will be able to use https internally. Considering that you have mentioned synology.me, I'm guessing you are not using a custom domain and in that case, I guess with https, you are using a custom port. If that's the case then be sure to connect using your ddns name and then the port number.

your_ddns_name:port

That should work in case your NAS does support FQDN name resolution within LAN.

 

[Witzker]

your NAS does support FQDN name resolution within LAN.

My NAS is Synology DS 418 do I have FQDN ? And how to use it?

 

[Rusty]

Fqdn is your nas public name. something.synology.me. Do you have that registered as a ddns? If so then just try and access your nas while you are in your lan.

 

[Witzker]

I have both something.synology.me & something.ddns.net (registered as ddns with LE certificate which is in my fritzbox)
Shell I get a LE for something.synology.me too?

Wher do i have to put the Fqdn?

 

[Rusty]

Cert atm is not important. Just use your fqdn and add a port at the end in your dsnote login parameter. Then try and log in