Solved reverse proxies to access docker apps (nginx?)

Currently reading
Solved reverse proxies to access docker apps (nginx?)

249
25
NAS
DS1019+
Mobile operating system
  1. Android
I have webstation intsalled (using nginx).
my domain is pointing to it and loads fine.
i have various sub-domains setup, and want to point them to the various docker apps i have installed.

eg
radarr.blah.com to route to localhost:7878
sonarr.blah.com to router to localhost:8989
etc etc

when i was using a windows web host (IIS) i just set up reverse proxies to make this work, and it worked all ok.

so i believe this can be achieved using nginx via the nginx.conf file, is this how you would do it? or are there other options to use?
 
19
14
drfrankenstein.co.uk
NAS
1815+, HP Microserver N40l
You can use the build in reverse proxy tool, I use it for some of my services... it's found in the Control Panel under Application Portal.

The description is whatever you want it to be, the Hostname will be just as you mention in your post radarr.bah.com, then the port is the same as the one where the application you want to expose is running, be it a built in application/docker/webstation..

You can also have an associated SSL cert as you can see I am using port 443 so I can have one certificate across all services rather than configuring the certs for each one.
 

Attachments

  • reverseproxy.png
    reverseproxy.png
    122.5 KB · Views: 26
249
25
NAS
DS1019+
Mobile operating system
  1. Android
SSL certificate i will need to sort out.
when i was windows hosting i used certifytheweb (a letsencrypt tool) to set a cert for all domains and sub-domains
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
that's me got all the sub-domains pointing to the apps all ok.
just need to get the certs now.

i assume i do that control panel > security > certificates and then add a lets encrypt cert? i see there is already a synology cert there as the default.
 

fredbert

Moderator
NAS Support
Subscriber
1,619
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
LE vert with the subject alternative name set to include all your docker FQDN
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
do i then need to set that as the default cert?
as the pre-installed synology cert is the current default.
 

fredbert

Moderator
NAS Support
Subscriber
1,619
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
You can have as many [disclaimer: actual limit has not been verified] certificates as you like. Due to the DSM character limit for subject alternative name field (250ish) I currently have four LE certs that are split for app portal, reverse proxy, web station virtual hosts, and main services (default). I’ve also kept the Syno cert but it’s not assigned to any services.

On the certificates page of Control Panel you can use the configure button to assign certs to services.
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
On the certificates page of Control Panel you can use the configure button to assign certs to services.

when i click on configure for the LE cert, i see a list of services currently assigned to the synology cert, but web station isn't listed there.
 

fredbert

Moderator
NAS Support
Subscriber
1,619
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
i see a list of services currently assigned to the synology cert, but web station isn't listed there.
You should see the URLs of the virtual hosts that you've setup in Web Station: each one can have its own certificate assignment. I just happen to keep a certificate that has all my virtual hosts as alternate names.

I don't know why each URL doesn't have a prefix of Web Station, like there is for Application Portal URLs. It's the same for reverse proxy URLs... no prefix to say where they are defined.

I find it useful to record each certificate's details in a text file. If I have to replace one, due to changes to alternative names, it becomes quite a simple job.
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
Last edited:
ah ok, so as long as each domain is listed against the cert then it is active against webstation?
i've move all the other services that were against the synology cert to the LE cert too.

follow up question. can i set webstation to force HTTPS? so if someone loads the HTTP version it automatically pushes them to the HTTPS?

a follow up question. application portal i have setup https 443 to reverse proxy to http <port number>
the HTTPS version loads fine. however the HTTP version still works too, is there a way to force any HTTP traffic over to HTTPS?
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
It will work. Just needs nginx service reset
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
ah ok... reboot the whole NAS or can that be restarted on the fly?
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
you can try this as root nginx -s reload
 

fredbert

Moderator
NAS Support
Subscriber
1,619
674
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Whenever you want to force HTTP to HTTPS then look for the HSTS setting: it's available for most things except Web Station's default HTTP/80 service.

To get Web Station's main host to always redirect HTTP/80 to HTTPS/443 I have created a '.htaccess' file in '/web' which contains the following instruction.
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I didn't create this but found it, probably on the old Synology forum.
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
ah yeah, never thought to test the default home page, which still is able to load the HTTP version.
i'll stick that file into the root folder.
 
249
25
NAS
DS1019+
Mobile operating system
  1. Android
hmmm, actually i don't think that HSTS setting is working as expected.
i just tested the same site on 3 browsers, and it only auto forwarded on one.

Edge (original) and Edge (chromium beta) all failed to auto forward
Chrome windows forwarded to HTTPS
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top