Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

DSM 7.0 Problem sharing album from Synology Photos using reverse proxy

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

Status
Not open for further replies.
4
0
NAS
DS916+
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. Android
Hi! This is my first post, so please forgive me if I do something wrong.

I have a Synology DS916+ running DSM 7.0 Beta. (I know, it was a mistake to make the upgrade instead of running it as a virtual machine first to try it out).
The most important application for me is Synology Photos. I am trying to share an album with my mother-in-law and have problems with the security certificate.
I am running Nginx Reverse Proxy manager as a Docker container. The router forwards all traffic on ports 80 and 443 to this reverse proxy.
The reverse proxy then looks at the subdomain part of the address to know which service to forward the traffic to.
I have set up a number of subdomains to deal with the different services running on the Diskstation.
So the subdomain I use to access "ordinary web hosting" is called "home" and the subdomain used to access the Photos app is called "photo".
So when I want to access all my photos, I type "photo.puke.se" into my web-browser. Nginx reverse proxy manager handles the certificate of this subdomain (all all the others) by using LetsEncrypt. Everything works as it should up to this point.
But when I want to share an album, the link that the Photos app gives me uses the "home" subdomain, and when the user tries to access the album, the webbrowser complains that the certificate is not valid.
Changing the subdomain-part of the share-link does not work either. And there does not seem to be a way to manually edit the share-link in the Photos app either.

How can I solve this problem?
 
Changing the subdomain-part of the share-link does not work either
This should work.

And there does not seem to be a way to manually edit the share-link in the Photos app either.
Correct, but manual change to your real domain name it should work just fine (it does for me).
Even if the Photos are going over RP, the share function is still pushing HTTP as a protocol and append the port number (if used), but it shouldn't redirect to your "home" domain.

How is your RP configured for this exactly? Also have you set any Application portal settings for the Photos app as well using the new Login portal in DSM7?
 
This should work.


Correct, but manual change to your real domain name it should work just fine (it does for me).
Even if the Photos are going over RP, the share function is still pushing HTTP as a protocol and append the port number (if used), but it shouldn't redirect to your "home" domain.

How is your RP configured for this exactly? Also have you set any Application portal settings for the Photos app as well using the new Login portal in DSM7?

Changing the subdomain part of the share link does not work. My belief is that Photos has its database of what share links are valid and what they are pointing to, and one with the altered subdomain does not exist.

You ask how my reverse proxy is configured. Let me try to explain. "photo.puke.se" is using https and is redirected to 192.168.1.20 port 5443. The checkbox "Block common exploits" is checked. The following sliders are set to "On" on the SSL tab: Force SSL, HTTP2 support, HSTS enabled.

Application portal settings: Alias=photo, Port=5443, Domain=photo.puke.se. Nothing else is changed.
I notice that the application portal thinks that I should log in to "dsm.puke.se/photo", not photo.puke.se.

But I don't think that the application portal of DSM is relevant when I am using Nginx Proxy Manager, do you?
 
I don't think that the application portal of DSM is relevant when I am using Nginx Proxy Manager, do you?
Then how would you redirect from using 5543 https to 443 https without it?

Also there is no need to use all the settings in the app portal settings. You could just use the port redirect so that you can target the NPM to it nothing else is needed.

My custom domain and subdomain for photo work just fine with that and there is no redirect to any other “home” domain apart from the problem with Photos not able to change the share url as you mentioned. But a manual change after you enable the share, works.
 
Then how would you redirect from using 5543 https to 443 https without it?

Also there is no need to use all the settings in the app portal settings. You could just use the port redirect so that you can target the NPM to it nothing else is needed.

My custom domain and subdomain for photo work just fine with that and there is no redirect to any other “home” domain apart from the problem with Photos not able to change the share url as you mentioned. But a manual change after you enable the share, works.
Of course you are right. I need the application portal to redirect to port 443.
Can you guide me to what I need to change to make my setup work? I didn't quite understand the last bit you wrote. Sorry.
 
Can you guide me to what I need to change to make my setup work?
Well, you have it all set up as it should be regarding reverse proxy, just wanted to say that there is no need to have the Photos app running inside the Login portal with multiple options. It would be enough to push Photos via its default or custom port and then use that value inside reverse (as you already do).

Why you are having redirects to your other domain is a question of, guessing here, either wrong reverse config or some other element on the nas or DNS registry (maybe).

I didn't quite understand the last bit you wrote.
What exactly?
 
Thanks again, Rusty, for all your help.
I think I have found the problem (but not the cause of it):
The sharing-link that Photos gives me has port number 5443 in it. If I remove that and only keep the Hello! Welcome to Synology Web Station!.... part of it, it works.

Now the only remaining issue would be if there is a way to remove the port number from the sharing links in the first place? Otherwise I could of course do it manually.
 
Thanks again, Rusty, for all your help.
I think I have found the problem (but not the cause of it):
The sharing-link that Photos gives me has port number 5443 in it. If I remove that and only keep the Hello! Welcome to Synology Web Station!.... part of it, it works.

Now the only remaining issue would be if there is a way to remove the port number from the sharing links in the first place? Otherwise I could of course do it manually.
Atm I can see now way to remove that.
 
Status
Not open for further replies.

Popular tags from this forum

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top