http to https redirect

http to https redirect

Currently reading
http to https redirect

162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Will try it, just one question: is it just one file for all the apps?
My example is for one specific app but to redirect every thing coming on port 80 no matter what fqdn was targeted, the configuration below should be ok as it would redirect all HTTP traffic to HTTPS (haven't tried though)

Code:
server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}
 
162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Will try it, just one question: is it just one file for all the apps?
Not sure if I really replied to your question so here is a more precise reply.
If I had more applications with more than one domain or subdomain, I would opt for 1 file per domain or subdomain I think so the content of /etc/nginx/sites-enabled would contain :
- synowstransfer.conf (which seems to be syno default conf)
- subdom1_redirect.conf
- subdom2_redirect.conf
- subdom3_redirect.conf
... and so on
 
141
36
NAS
DS1815+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. iOS
Last edited:
When I do "nginx -s reload" i get following warn no error.
Code:
nginx: [warn] conflicting server name "nas.mysite.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "heimdall.mysite.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "nas.mysite.com" on [::]:443, ignored
nginx: [warn] conflicting server name "heimdall.mysite.com" on [::]:443, ignored
Already configured 2 sites.
 
162
45
NAS
DS918+ (8GB RAM, 4x WD RED 4TB SHR) ; EATON Ellipse PRO 1200FR
Operating system
  1. Windows
Mobile operating system
  1. Android
Short update regarding the hosts and containers not able to communicate together with the set IP in the macvlan.
While searching the internets for some other way to set the iprange other than IP/Mask to have a more ganular control of the possible IPs in a macvlan, I stumbled on this tutorial on how to configure macvlans and it seems to cover the whole process including allowing the host and containers to communicate with the macvlan IPs.
Saddly, it looks like the only way to set the iprange is IP/Mask.
 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Rusty submitted a new resource:

http to https redirect - A short tutorial on http to https redirect

Thanks for another idiot-proof tutorial! Is there a way to tweak it to handle all subdomains with a single http rule in the reverse proxy? I tried a wildcard in the hostname but that gets rejected. I have a bunch of containers each with their subdomain and would rather not create two rules by subdomain if I can avoid it.
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Thanks for another idiot-proof tutorial! Is there a way to tweak it to handle all subdomains with a single http rule in the reverse proxy? I tried a wildcard in the hostname but that gets rejected. I have a bunch of containers each with their subdomain and would rather not create two rules by subdomain if I can avoid it.
I hear you, but I have tested a few solutions and never got a working one that would cover all the settings/RP settings. So ended up settling with one per record. Haven't looked back after that.
 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Related question: is there a way to redirect requests with the ipaddress: port syntax to their respective subdomain.domain.tld URLs? Reverse proxy rules don't accept IP addresses as the host name (I guess by design).
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Related question: is there a way to redirect requests with the ipaddress: port syntax to their respective subdomain.domain.tld URLs? Reverse proxy rules don't accept IP addresses as the host name (I guess by design).
Use web station virtual host feature. This is a classic web binding feature
 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
I'm not sure I can do this from the web station GUI, and when I tried to add my own httpd-vhost-user.conf file to /usr/local/etc/apache24/sites-enabled, Apache refused to restart even though my file had a valid format (and I couldn't see anything relevant in the error log). You don't happen to have a tutorial around for this, do you?
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I'm not sure I can do this from the web station GUI, and when I tried to add my own httpd-vhost-user.conf file to /usr/local/etc/apache24/sites-enabled, Apache refused to restart even though my file had a valid format (and I couldn't see anything relevant in the error log). You don't happen to have a tutorial around for this, do you?
Is the ip in question here your nas ip or some other one on the network?
 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Is the ip in question here your nas ip or some other one on the network?
The IP is the NAS IP. I don't want services to work from the IP, I want to force a redirect to their FQDNs which will in turn enforce any access control profiles I might have set in the reverse proxy.
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
The IP is the NAS IP. I don't want services to work from the IP, I want to force a redirect to their FQDNs which will in turn enforce any access control profiles I might have set in the reverse proxy.
Then use the virtual host option to bind the app and it’s root folder to a specific http or https port. After that use your nas ip and that custom port in the reverse proxy entry and map it to a custom subdomain name.
 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Sorry I feel very stupid but I can't figure it out. When I try to create a named-based virtual host, it tells me the port is already used, which I guess it's picking up from the Docker container of the destination app.
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Sorry I feel very stupid but I can't figure it out. When I try to create a named-based virtual host, it tells me the port is already used, which I guess it's picking up from the Docker container of the destination app.
Don't worry about it.

So the idea is this. You want to get to your subdomain.domain.com location that will present some content right?

That content is placed on your NAS, so the idea is to host that content using WebStation on a custom, non-used port of your choice. It doesn't matter what port it is internally (on your NAS). That port will be used with your reverse proxy that will eventually push that content back on 443/https.

So it would like like this:

Internet request > subdomain.domain.com:443 (this is your reverse responding) > virtualhost on NASIPaddress:customport

To make this work, create a virtual host that will point to your content on your NAS and simply apply it a custom port:

Screenshot 2021-03-31 at 08.23.22.png


As you can see on this image, you can apply a custom HTTP (or HTTPS if you want, but no need if you will push it via reverse later on), and select the document root of your app (this web/web_images is just an example).

Now that you have your app fixed on a custom port, this app is accessible on http://nasipaddress:2335.

The next and final step is to create a reverse proxy for this. So create a RP entry like this:
Screenshot 2021-03-31 at 08.27.22.png


So as a result you have a subdomain.domain.com URL pointing to your NAS:customport location.
 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
As always, I really appreciate your help. In this instance I think I explained poorly what I'm trying to accomplish. I have various apps already set up as docker containers (via Portainer most of the time) and they already have their reverse proxy rules. What I want to do is to force the redirect of http://nasip: port to http://sub.domain.tld, i.e. I don't want Calibre-Web, Plex, Organizr etc. to be accessible by IP address but only by FQDN.
 

Rusty

Moderator
NAS Support
6,095
1,785
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
As always, I really appreciate your help. In this instance I think I explained poorly what I'm trying to accomplish. I have various apps already set up as docker containers (via Portainer most of the time) and they already have their reverse proxy rules. What I want to do is to force the redirect of http://nasip: port to http://sub.domain.tld, i.e. I don't want Calibre-Web, Plex, Organizr etc. to be accessible by IP address but only by FQDN.
Aha.

Then you will need to edit (backup 1st) nginx.conf file on your nas and add redirect rules to it. Or add those rules to htaccess file.

It is similar to the process of pure http to https redirect like this

 
12
9
NAS
DS920+ (44TB), DS213j
Router
  1. RT2600ac
Operating system
  1. Windows
Mobile operating system
  1. Android
Thank you, I'm pursuing the nginx route. Still struggling but I posted a follow up in a more relevant thread.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

WST16 submitted a new resource: Hardening Your HTTP Security Headers - Security headers Read more about...
Replies
0
Views
1,106

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top