Solved reverse proxies to access docker apps (nginx?)

Currently reading
Solved reverse proxies to access docker apps (nginx?)

295
32
NAS
DS1019+ DSM6
Operating system
  1. Windows
Mobile operating system
  1. iOS
I have webstation intsalled (using nginx).
my domain is pointing to it and loads fine.
i have various sub-domains setup, and want to point them to the various docker apps i have installed.

eg
radarr.blah.com to route to localhost:7878
sonarr.blah.com to router to localhost:8989
etc etc

when i was using a windows web host (IIS) i just set up reverse proxies to make this work, and it worked all ok.

so i believe this can be achieved using nginx via the nginx.conf file, is this how you would do it? or are there other options to use?
 
You can use the build in reverse proxy tool, I use it for some of my services... it's found in the Control Panel under Application Portal.

The description is whatever you want it to be, the Hostname will be just as you mention in your post radarr.bah.com, then the port is the same as the one where the application you want to expose is running, be it a built in application/docker/webstation..

You can also have an associated SSL cert as you can see I am using port 443 so I can have one certificate across all services rather than configuring the certs for each one.
 

Attachments

  • reverseproxy.png
    reverseproxy.png
    122.5 KB · Views: 188
SSL certificate i will need to sort out.
when i was windows hosting i used certifytheweb (a letsencrypt tool) to set a cert for all domains and sub-domains
 
that's me got all the sub-domains pointing to the apps all ok.
just need to get the certs now.

i assume i do that control panel > security > certificates and then add a lets encrypt cert? i see there is already a synology cert there as the default.
 
do i then need to set that as the default cert?
as the pre-installed synology cert is the current default.
 
You can have as many [disclaimer: actual limit has not been verified] certificates as you like. Due to the DSM character limit for subject alternative name field (250ish) I currently have four LE certs that are split for app portal, reverse proxy, web station virtual hosts, and main services (default). I’ve also kept the Syno cert but it’s not assigned to any services.

On the certificates page of Control Panel you can use the configure button to assign certs to services.
 
On the certificates page of Control Panel you can use the configure button to assign certs to services.

when i click on configure for the LE cert, i see a list of services currently assigned to the synology cert, but web station isn't listed there.
 
i see a list of services currently assigned to the synology cert, but web station isn't listed there.
You should see the URLs of the virtual hosts that you've setup in Web Station: each one can have its own certificate assignment. I just happen to keep a certificate that has all my virtual hosts as alternate names.

I don't know why each URL doesn't have a prefix of Web Station, like there is for Application Portal URLs. It's the same for reverse proxy URLs... no prefix to say where they are defined.

I find it useful to record each certificate's details in a text file. If I have to replace one, due to changes to alternative names, it becomes quite a simple job.
 
Last edited:
ah ok, so as long as each domain is listed against the cert then it is active against webstation?
i've move all the other services that were against the synology cert to the LE cert too.

follow up question. can i set webstation to force HTTPS? so if someone loads the HTTP version it automatically pushes them to the HTTPS?

a follow up question. application portal i have setup https 443 to reverse proxy to http <port number>
the HTTPS version loads fine. however the HTTP version still works too, is there a way to force any HTTP traffic over to HTTPS?
 
Whenever you want to force HTTP to HTTPS then look for the HSTS setting: it's available for most things except Web Station's default HTTP/80 service.

To get Web Station's main host to always redirect HTTP/80 to HTTPS/443 I have created a '.htaccess' file in '/web' which contains the following instruction.
Code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
I didn't create this but found it, probably on the old Synology forum.
 
ah yeah, never thought to test the default home page, which still is able to load the HTTP version.
i'll stick that file into the root folder.
 
hmmm, actually i don't think that HSTS setting is working as expected.
i just tested the same site on 3 browsers, and it only auto forwarded on one.

Edge (original) and Edge (chromium beta) all failed to auto forward
Chrome windows forwarded to HTTPS
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
I have a DS216play running DSM 7.21-69057 update 3. It's web-facing, so it's running as a proxy server. I...
Replies
0
Views
1,079
Hello, Apologies if this is the wrong place to post. It seems like this posts vary in this category so...
Replies
0
Views
1,188
  • Question
sorry for the late reply but if your domain is being proxied by CF and the logs are stating script...
Replies
10
Views
4,284
I m feeling stupid !!! How the hell I have not seen thisS !!! Excuse meEE !!! All works like a charm now !
Replies
10
Views
13,239
A few days ago overnight I lost wireless access from my two laptops to my Synology. My Synology DS411 is...
Replies
0
Views
703
That's the way I currently use. However without using a ssh key but typing in a password.
Replies
7
Views
3,081
  • Question
Aah, that's it. Thank you so much. I had been looking at the three dots at the top right nit the correct...
Replies
4
Views
4,513

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top