Possible still route 5000 to 5001 when using reverse proxy?

[OWSYN]

Looking for some help solving certificate problems with my 918+ NAS before I start putting this thing to some serious use. I'm trying to get my DSM traffic to route from 5000 to 5001

Goal:
1. Accessing the NAS for local shared storage and backup, Webdav, Moments, Drive desktop sync and I want to install the web server packages to host two different Wordpress websites. Before I do that, I want to get this certificate and port situation under control. I'd like all traffic going over HTTPS and with valid SSL Certificates.
2. Be able to host multiple websites and not get "webserver is running" pages when I visit my example.com main FQDN
3. Use reverse proxy to hide port numbers.

Been using the NAS for local storage over SMB and AFP and accessing DSM and apps via the browser just fine. I have a VM running in VMM for my daily use. I've had some issues with SSL and certificates but nothing that has stopped me from using the services so I've ignored getting my certificate situation right until now. I've fooled around with these all day and I just can't figure it out.

Current situation:
Using incognito browser windows, inputting both www and non-www.Example.com resolves to the correct domain but with http and not secure. Adding https:// in front of the url gets you to the exact same site but now secure. I want it to show up with the https secure site no matter what version of the url I enter.

:::Settings as of 2/24/21:::

Custom URL (example.com) registered with Name Servers pointing to NoIP.

Home Router:
Port 80->80 tcp/udp
Port 443->443 tcp/udp

DDNS with NoIP:
Example.com -> 78.78.78.78
www.Example.com -> 78.78.78.78

Synology Reverse Proxy:
(All have websocket header of -> $http_upgrade and Connection $connection_upgrade)
Example Domain -> https://localhost:5001
Example Domain -> https://localhost:5001
Example Domain -> https://localhost:5001 - checked HSTS
Example Domain -> https://localhost:5001 - checked HSTS

Synology Certificate (Let's Encrypt):
Domain Name: Example.com
Subject Alternative Name: www.Example.com
Set as default and assigned to all applications available

DSM Settings:
Http port: 5000
Https port: 5001
Automatically redirect HTTP connection to HTTPS for DSM desktop - checked (I really thought this is what would fix it. Is the reverse proxy breaking it?)
Enable Server header in http responses NGINX - checked
Enable HTTP/2 - checked

What do I need to do here?

 

[Gerard]

Synology Reverse Proxy:
(All have websocket header of -> $http_upgrade and Connection $connection_upgrade)

What does this do? I have RP but never had to add websocket header or connection upgrade

 

[OWSYN]

What does this do? I have RP but never had to add websocket header or connection upgrade

From what I understand (which could be wrong) this is what allows the ports other than 80/5000 and 443/5001 to be accessed. For example, I couldn't access my VM on a different port until I added the web socket headers.

 

[Rusty]

What do I need to do here?

Try this method:

HTTP to HTTPS redirect

http to https redirect nas dsm synology revers proxy docker virtual host web

www.blackvoid.club

 

[OWSYN]

That did it @Rusty ! Many thanks!

Since this site has better SEO, I hope this page helps point others to this answer.

In case it helps anyone else, once I made this change, I had to change my settings in my Moments apps to not play content over http. Once I changed that setting, I was able to play videos again. Everything is working great and all over https secure connections. Amazing. Just what I needed. Thanks again.

Now I'll need to go change my Webdav urls in my other apps to account for the reverse proxy change.

 

[OWSYN]

uh oh, @Rusty , I think I found a flaw in our plan. I just installed phpmyadmin and when synology sends me to the example.com/phpmyadmin URL, I get a Synology branded "sorry that page can not be found" error. Any way to work around this?

 

[Akira]

@OWSYN yes... The Synology redirect is to https... Your phpmyadmin is still http. Change that from https to http in the web address (you'll have to do it each time you click the redirect) and that should then let you in.
I used to have to do it all the time.

 

[OWSYN]

Thanks for chiming in @Akira
Unfortunately, with the htaccess file in place, even if I remove the s, the domain will still redirect to the https. Im curious if there is something I can do while still keeping the https redirect in place.

 

[Akira]

I'd set mine to auto redirect to https, yet when doing this internally it allowed me to go to http and not redirect that to https.

 

[OWSYN]

With the redirect 5000 to 5001 setting in dsm or with an htaccess file?

 

[OWSYN]

I FIXED IT! It just took a night of sleep to realize what was happening.

Create a virtual host for xxx.example.com on 80/443 that uses your phpmyadmin folder as the root within DSM. Then within your ddns, create a new a record hostname for xxx.example.com and point that at your Synology box.

you'll have to manually type in your new xxx.example.com address to get to your phpmyadmin install instead of using the app shortcut within dsm but it works!

 

[Rusty]

I FIXED IT! It just took a night of sleep to realize what was happening.

Create a virtual host for xxx.example.com on 80/443 that uses your phpmyadmin folder as the root within DSM. Then within your ddns, create a new a record hostname for xxx.example.com and point that at your Synology box.

you'll have to manually type in your new xxx.example.com address to get to your phpmyadmin install instead of using the app shortcut within dsm but it works!

Well done. So you reversed to it. Sorry for the late reply but was busy with some work late yesterday and today.