Question Reverse Proxy for subdomain redirects to main DSM interface

Currently reading
Question Reverse Proxy for subdomain redirects to main DSM interface

13
0
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Last edited:
Hello everyone,

I've had a DS1019+ for several months and everything has been working just great. I have set DSM to be available on two non-standard ports (12344 and 12345) and have reverse proxy set up so that I can access it at Web Hosting, Domain Name Registration | Mydomain and all other applications (Drive, Moments, etc.) on subfolders (https://mydomain.com/drive).

The other day I decided to try Airsonic in a Docker container. It is currently available at http://mydomain.com:32700 - I couldn't get it to use SSL. I would like to make it available through reverse proxy at https://music.mydomain.com. I have added an A record to my DNS zone pointing to the same IP address as mydomain.com. The reverse proxy is set up as follows:
  • Source protocol: HTTPS
  • Hostname: music.mydomain.com
  • Port: 443
  • Destination protocol: HTTP
  • Hostname: localhost
  • Port: 32700
When I try to access https://music.mydomain.com I get automatically forwarded to https://music.mydomain.com:12345, where the DSM login page resides. Furthermore, when I tried to get a new Let's Encrypt certificate for that subdomain, the process failed.

Any suggestions on how to sort this out and make Airsonic a) available on this subdomain and b) use an SSL certificate?
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Guessing this is a typo and you are using 443?

I have added an A record to my DNS zone pointing to the same IP address as mydomain.com.
Can you confirm that checking DNS entry with DNS Checker - DNS Propagation Check & DNS Lookup against that record does indeed resolve your NAS IP address?

I get automatically forwarded to https://music.mydomain.com:12345, where the DSM login page resides
What's your port forward like? All good there? 443 forwarded to your NAS IP?

Furthermore, when I tried to get a new Let's Encrypt certificate for that subdomain, the process failed
How are you trying to do this exactly?

Any suggestions on how to sort this out and make Airsonic a) available on this subdomain and b) use an SSL certificate?
Your idea is solid. You will need to have outside access to your container via reverse accessible to make it work, and you will need to assign a valid LE ssl cert to that reverse binding after you import it. Also, that cert will need to have your music.mydomain.com covered in order to fully work.
 
13
0
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Thanks for replying so quickly, Rusty.

Indeed, 43 was a mistake - I'm using 443. Like I said, it's been working fine for several months now - when I go to Web Hosting, Domain Name Registration | Mydomain, I get the DSM interface.

DNS Checker does indeed confirm that music.mydomain.com resolves to my NAS's IP address.

As for Let's Encrypt, I resorted to the built-in functionality in Contral Panel > Security > Certificate and attempted to secure a new one for the subdomain.

My main concern is that the reverse proxy for music.mydomain.com redirects to port 12345 and tries to load the DSM interface, which it definitely shouldn't do. What am I doing wrong? Could it be that DSM is using non-standard ports?
 

Rusty

Moderator
NAS Support
2,383
706
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
As for Let's Encrypt, I resorted to the built-in functionality in Contral Panel > Security > Certificate and attempted to secure a new one for the subdomain.
This will not work for any 3rd party domain other then Syno domains, and especially with subdomains (you will need to make a wild card cert for this to work or make LE cert with SAN fields implemented in the root cert that covers your domain).

My main concern is that the reverse proxy for music.mydomain.com redirects to port 12345 and tries to load the DSM interface, which it definitely shouldn't do. What am I doing wrong? Could it be that DSM is using non-standard ports?
Well if you have moved away from the default 5000/5001 ports then that's ok, but that's not the problem here at all. Do you have an automatic redirect to https in your DSM global settings (control panel)? If so that might be the reason.

Also, again whats your port forwards like?

Another thing you could try is put your nas ip address not localhost as a destination for your reverse proxy settings for that music container. Guessing your are using that container in bridge configuration on docker side?
 
13
0
NAS
DS1019+
Operating system
  1. Windows
Mobile operating system
  1. Android
Do you have an automatic redirect to https in your DSM global settings (control panel)? If so that might be the reason.

Yes, I have this redirect turned on. It has never been an issue so far - at a certain point I had Drive and Moments on subdomains and they used to load just fine.

Also, again whats your port forwards like?

I don't quite understand, do you mean the router rules?

Another thing you could try is put your nas ip address not localhost as a destination for your reverse proxy settings for that music container. Guessing your are using that container in bridge configuration on docker side?

I'll give that a try. And use, the container is in a bridge configuration.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top