Solved reverse proxies to access docker apps (nginx?)

Currently reading
Solved reverse proxies to access docker apps (nginx?)

284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
I have webstation intsalled (using nginx).
my domain is pointing to it and loads fine.
i have various sub-domains setup, and want to point them to the various docker apps i have installed.

eg
radarr.blah.com to route to localhost:7878
sonarr.blah.com to router to localhost:8989
etc etc

when i was using a windows web host (IIS) i just set up reverse proxies to make this work, and it worked all ok.

so i believe this can be achieved using nginx via the nginx.conf file, is this how you would do it? or are there other options to use?
 
40
20
drfrankenstein.co.uk
NAS
1821+, 1815+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
You can use the build in reverse proxy tool, I use it for some of my services... it's found in the Control Panel under Application Portal.

The description is whatever you want it to be, the Hostname will be just as you mention in your post radarr.bah.com, then the port is the same as the one where the application you want to expose is running, be it a built in application/docker/webstation..

You can also have an associated SSL cert as you can see I am using port 443 so I can have one certificate across all services rather than configuring the certs for each one.
 

Attachments

  • reverseproxy.png
    reverseproxy.png
    122.5 KB · Views: 139
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
SSL certificate i will need to sort out.
when i was windows hosting i used certifytheweb (a letsencrypt tool) to set a cert for all domains and sub-domains
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
that's me got all the sub-domains pointing to the apps all ok.
just need to get the certs now.

i assume i do that control panel > security > certificates and then add a lets encrypt cert? i see there is already a synology cert there as the default.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
do i then need to set that as the default cert?
as the pre-installed synology cert is the current default.
 

fredbert

Moderator
NAS Support
Subscriber
4,072
1,613
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
You can have as many [disclaimer: actual limit has not been verified] certificates as you like. Due to the DSM character limit for subject alternative name field (250ish) I currently have four LE certs that are split for app portal, reverse proxy, web station virtual hosts, and main services (default). I’ve also kept the Syno cert but it’s not assigned to any services.

On the certificates page of Control Panel you can use the configure button to assign certs to services.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
On the certificates page of Control Panel you can use the configure button to assign certs to services.

when i click on configure for the LE cert, i see a list of services currently assigned to the synology cert, but web station isn't listed there.
 

fredbert

Moderator
NAS Support
Subscriber
4,072
1,613
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
i see a list of services currently assigned to the synology cert, but web station isn't listed there.
You should see the URLs of the virtual hosts that you've setup in Web Station: each one can have its own certificate assignment. I just happen to keep a certificate that has all my virtual hosts as alternate names.

I don't know why each URL doesn't have a prefix of Web Station, like there is for Application Portal URLs. It's the same for reverse proxy URLs... no prefix to say where they are defined.

I find it useful to record each certificate's details in a text file. If I have to replace one, due to changes to alternative names, it becomes quite a simple job.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
ah ok, so as long as each domain is listed against the cert then it is active against webstation?
i've move all the other services that were against the synology cert to the LE cert too.

follow up question. can i set webstation to force HTTPS? so if someone loads the HTTP version it automatically pushes them to the HTTPS?

a follow up question. application portal i have setup https 443 to reverse proxy to http <port number>
the HTTPS version loads fine. however the HTTP version still works too, is there a way to force any HTTP traffic over to HTTPS?
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
ah ok... reboot the whole NAS or can that be restarted on the fly?
 

fredbert

Moderator
NAS Support
Subscriber
4,072
1,613
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
Operating system
  1. macOS
Mobile operating system
  1. iOS
Whenever you want to force HTTP to HTTPS then look for the HSTS setting: it's available for most things except Web Station's default HTTP/80 service.

To get Web Station's main host to always redirect HTTP/80 to HTTPS/443 I have created a '.htaccess' file in '/web' which contains the following instruction.
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I didn't create this but found it, probably on the old Synology forum.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
ah yeah, never thought to test the default home page, which still is able to load the HTTP version.
i'll stick that file into the root folder.
 
284
29
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
hmmm, actually i don't think that HSTS setting is working as expected.
i just tested the same site on 3 browsers, and it only auto forwarded on one.

Edge (original) and Edge (chromium beta) all failed to auto forward
Chrome windows forwarded to HTTPS
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
sorry for the late reply but if your domain is being proxied by CF and the logs are stating script...
Replies
10
Views
2,036
I m feeling stupid !!! How the hell I have not seen thisS !!! Excuse meEE !!! All works like a charm now !
Replies
10
Views
9,349
  • Question
Aah, that's it. Thank you so much. I had been looking at the three dots at the top right nit the correct...
Replies
4
Views
2,384
Hi, you need to use a SRV record in the dns zone for your domain name, with this you can add ports to A...
Replies
26
Views
1,128
  • Solved
Is there any recommendations on whether to leave record file access time off, daily, or monthly? I turned...
Replies
7
Views
2,295
If you set a different network and assign a port to it I don't see why the firewall will not allow you to...
Replies
1
Views
939

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top