Question Reverse Proxy for subdomain redirects to main DSM interface

Currently reading
Question Reverse Proxy for subdomain redirects to main DSM interface

35
2
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
Hello everyone,

I've had a DS1019+ for several months and everything has been working just great. I have set DSM to be available on two non-standard ports (12344 and 12345) and have reverse proxy set up so that I can access it at Web Hosting, Domain Name Registration | Mydomain and all other applications (Drive, Moments, etc.) on subfolders (https://mydomain.com/drive).

The other day I decided to try Airsonic in a Docker container. It is currently available at http://mydomain.com:32700 - I couldn't get it to use SSL. I would like to make it available through reverse proxy at https://music.mydomain.com. I have added an A record to my DNS zone pointing to the same IP address as mydomain.com. The reverse proxy is set up as follows:
  • Source protocol: HTTPS
  • Hostname: music.mydomain.com
  • Port: 443
  • Destination protocol: HTTP
  • Hostname: localhost
  • Port: 32700
When I try to access https://music.mydomain.com I get automatically forwarded to https://music.mydomain.com:12345, where the DSM login page resides. Furthermore, when I tried to get a new Let's Encrypt certificate for that subdomain, the process failed.

Any suggestions on how to sort this out and make Airsonic a) available on this subdomain and b) use an SSL certificate?
 
Guessing this is a typo and you are using 443?

I have added an A record to my DNS zone pointing to the same IP address as mydomain.com.
Can you confirm that checking DNS entry with DNS Checker - DNS Propagation Check & DNS Lookup against that record does indeed resolve your NAS IP address?

I get automatically forwarded to https://music.mydomain.com:12345, where the DSM login page resides
What's your port forward like? All good there? 443 forwarded to your NAS IP?

Furthermore, when I tried to get a new Let's Encrypt certificate for that subdomain, the process failed
How are you trying to do this exactly?

Any suggestions on how to sort this out and make Airsonic a) available on this subdomain and b) use an SSL certificate?
Your idea is solid. You will need to have outside access to your container via reverse accessible to make it work, and you will need to assign a valid LE ssl cert to that reverse binding after you import it. Also, that cert will need to have your music.mydomain.com covered in order to fully work.
 
Thanks for replying so quickly, Rusty.

Indeed, 43 was a mistake - I'm using 443. Like I said, it's been working fine for several months now - when I go to Web Hosting, Domain Name Registration | Mydomain, I get the DSM interface.

DNS Checker does indeed confirm that music.mydomain.com resolves to my NAS's IP address.

As for Let's Encrypt, I resorted to the built-in functionality in Contral Panel > Security > Certificate and attempted to secure a new one for the subdomain.

My main concern is that the reverse proxy for music.mydomain.com redirects to port 12345 and tries to load the DSM interface, which it definitely shouldn't do. What am I doing wrong? Could it be that DSM is using non-standard ports?
 
As for Let's Encrypt, I resorted to the built-in functionality in Contral Panel > Security > Certificate and attempted to secure a new one for the subdomain.
This will not work for any 3rd party domain other then Syno domains, and especially with subdomains (you will need to make a wild card cert for this to work or make LE cert with SAN fields implemented in the root cert that covers your domain).

My main concern is that the reverse proxy for music.mydomain.com redirects to port 12345 and tries to load the DSM interface, which it definitely shouldn't do. What am I doing wrong? Could it be that DSM is using non-standard ports?
Well if you have moved away from the default 5000/5001 ports then that's ok, but that's not the problem here at all. Do you have an automatic redirect to https in your DSM global settings (control panel)? If so that might be the reason.

Also, again whats your port forwards like?

Another thing you could try is put your nas ip address not localhost as a destination for your reverse proxy settings for that music container. Guessing your are using that container in bridge configuration on docker side?
 
Do you have an automatic redirect to https in your DSM global settings (control panel)? If so that might be the reason.

Yes, I have this redirect turned on. It has never been an issue so far - at a certain point I had Drive and Moments on subdomains and they used to load just fine.

Also, again whats your port forwards like?

I don't quite understand, do you mean the router rules?

Another thing you could try is put your nas ip address not localhost as a destination for your reverse proxy settings for that music container. Guessing your are using that container in bridge configuration on docker side?

I'll give that a try. And use, the container is in a bridge configuration.
 
Hello. My apologies for digging up this old thread but I seem to have the exact same issue as OP and the solution has not been posted afaik. I have set up my reverse proxy like so:

Source:
HTTPS
appname.mydomain.synology.me
port 443

Destination:
HTTP
localhost
port 1234 (default app port)

I have opened 443 on my router and every time I try to access https://appname.mydomain.synology.me remotely, I get instantly redirected to my NAS DSM main page. DSM works just fine and I can access the NAS itself but the specific apps do not open and redirect instead as mentioned above. What am I missing here?
 
I’ve read your post above several times and I can’t see anything wrong.

I lost count of how many times (entries) I’ve configured the RP, and it always worked.

I have a wild card Let’s Encrypt certificate
forward 443 to the NAS
Configure the RP (as you’ve done)
And it works.

Can you try one thing. Forward some other port to the NAS, say 44443 and try.
Note that you’ll need to change the RP setting to the new port and you’ll need to specify the port at the end of the URL when you enter it in the browser bar.
Just for testing.
 
Hello. My apologies for digging up this old thread but I seem to have the exact same issue as OP and the solution has not been posted afaik. I have set up my reverse proxy like so:

Source:
HTTPS
appname.mydomain.synology.me
port 443

Destination:
HTTP
localhost
port 1234 (default app port)

I have opened 443 on my router and every time I try to access https://appname.mydomain.synology.me remotely, I get instantly redirected to my NAS DSM main page. DSM works just fine and I can access the NAS itself but the specific apps do not open and redirect instead as mentioned above. What am I missing here?

Hi! I have the same problem.

Your comment is the only one on the entire internet (that I could find) with exactly the same problem..

If you're still in touch, maybe you can remember what the cause was and what the solution was?
 
Share your settings if you need help.

I apologize for the long answer.
I described my problem in a separate post

 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
Replies
1
Views
1,127
  • Question
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
Replies
10
Views
1,891
  • Solved
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
Replies
3
Views
2,304
  • Solved
yes you can fullchain + privkey would be a better option
Replies
21
Views
5,120

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top