Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

Solved reverse proxies to access docker apps (nginx?)

As an Amazon Associate, we may earn commissions from qualifying purchases. Learn more...

295
32
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
I have webstation intsalled (using nginx).
my domain is pointing to it and loads fine.
i have various sub-domains setup, and want to point them to the various docker apps i have installed.

eg
radarr.blah.com to route to localhost:7878
sonarr.blah.com to router to localhost:8989
etc etc

when i was using a windows web host (IIS) i just set up reverse proxies to make this work, and it worked all ok.

so i believe this can be achieved using nginx via the nginx.conf file, is this how you would do it? or are there other options to use?
 
You can use the build in reverse proxy tool, I use it for some of my services... it's found in the Control Panel under Application Portal.

The description is whatever you want it to be, the Hostname will be just as you mention in your post radarr.bah.com, then the port is the same as the one where the application you want to expose is running, be it a built in application/docker/webstation..

You can also have an associated SSL cert as you can see I am using port 443 so I can have one certificate across all services rather than configuring the certs for each one.
 

Attachments

  • reverseproxy.webp
    reverseproxy.webp
    11.4 KB · Views: 210
SSL certificate i will need to sort out.
when i was windows hosting i used certifytheweb (a letsencrypt tool) to set a cert for all domains and sub-domains
 
that's me got all the sub-domains pointing to the apps all ok.
just need to get the certs now.

i assume i do that control panel > security > certificates and then add a lets encrypt cert? i see there is already a synology cert there as the default.
 
do i then need to set that as the default cert?
as the pre-installed synology cert is the current default.
 
do i then need to set that as the default cert?
as the pre-installed synology cert is the current default.
Uhhh.... yeah. The Synology cert is near worthless.
 
You can have as many [disclaimer: actual limit has not been verified] certificates as you like. Due to the DSM character limit for subject alternative name field (250ish) I currently have four LE certs that are split for app portal, reverse proxy, web station virtual hosts, and main services (default). I’ve also kept the Syno cert but it’s not assigned to any services.

On the certificates page of Control Panel you can use the configure button to assign certs to services.
 
On the certificates page of Control Panel you can use the configure button to assign certs to services.

when i click on configure for the LE cert, i see a list of services currently assigned to the synology cert, but web station isn't listed there.
 
i see a list of services currently assigned to the synology cert, but web station isn't listed there.
You should see the URLs of the virtual hosts that you've setup in Web Station: each one can have its own certificate assignment. I just happen to keep a certificate that has all my virtual hosts as alternate names.

I don't know why each URL doesn't have a prefix of Web Station, like there is for Application Portal URLs. It's the same for reverse proxy URLs... no prefix to say where they are defined.

I find it useful to record each certificate's details in a text file. If I have to replace one, due to changes to alternative names, it becomes quite a simple job.
 
Last edited:
ah ok, so as long as each domain is listed against the cert then it is active against webstation?
i've move all the other services that were against the synology cert to the LE cert too.

follow up question. can i set webstation to force HTTPS? so if someone loads the HTTP version it automatically pushes them to the HTTPS?

a follow up question. application portal i have setup https 443 to reverse proxy to http <port number>
the HTTPS version loads fine. however the HTTP version still works too, is there a way to force any HTTP traffic over to HTTPS?
 
Whenever you want to force HTTP to HTTPS then look for the HSTS setting: it's available for most things except Web Station's default HTTP/80 service.

To get Web Station's main host to always redirect HTTP/80 to HTTPS/443 I have created a '.htaccess' file in '/web' which contains the following instruction.
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I didn't create this but found it, probably on the old Synology forum.
 
ah yeah, never thought to test the default home page, which still is able to load the HTTP version.
i'll stick that file into the root folder.
 
hmmm, actually i don't think that HSTS setting is working as expected.
i just tested the same site on 3 browsers, and it only auto forwarded on one.

Edge (original) and Edge (chromium beta) all failed to auto forward
Chrome windows forwarded to HTTPS
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Popular tags from this forum

Similar threads

  • Question Question
I have a DS216play running DSM 7.21-69057 update 3. It's web-facing, so it's running as a proxy server. I...
Replies
0
Views
1,477
  • Question Question
hello where are stored these langauge files (like english or german)?
Replies
4
Views
239
So, you are using now QC without port forwarding, that's already secure.:cool: If you still have questions...
Replies
6
Views
684
Have you checked that you do have an Internet routable WAN IP from Virgin Media? You might be able to tell...
Replies
6
Views
934
  • Solved
Glad you figured it out. Changed the thread to "question" and marked your post as "solved" solution.
Replies
5
Views
850
We use a system similar to what you are describing with installations at remote locations. When setup...
Replies
4
Views
1,090

Thread Tags

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending content in this forum

Back
Top