Reverse proxy help

Currently reading
Reverse proxy help

J

jmanko16

Trophy Media
99
8
NAS
DS213J, DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Still very beginner here, so I'm sure this is easy fix but appreciate help with reverse proxy.

I would like my plex, calibre, calibre-web, and audio bookshelf docker to be accessible via reverse proxy. (Up until now using open vpn on devices and then logging into the "local IP") but would like to share books with family members who are even less tech savvy. The best option would seem to be reverse proxy outside home network.

I have a name.synology.me domain, and have this setup. I have also been able to set my netgear orbi router to expose 443, and have been able to access synology apps (photos drive etc) outside the wifi network with https://name.synology.me. I went to reverse proxy and set this up for Plex.name.synology.me and so on for each and set up certificate in let's encrypt. When I am on my local network I have no issue access the site https://plex.name.synology.me, but when I connect remotely I can not access the site https://plex.name.synology.me.

Help!!
 
For the destination are you sure it isn't HTTPS? Also if the the service is accessible on the NAS's own LAN IP then the destination IP can be 127.0.0.1 (localhost). For docker containers that are running direct to the LAN then you use their own LAN IP.

The reverse proxy can work HTTPS to it from web clients and HTTP to the real web service, but that service does have to be listing on HTTP.

I have done this for a few web services too, Plex included, and it works.
 
Last edited:
fredbert said:
For the destination are you sure it isn't HTTPS? Also if the the service is accessible on the NAS's own LAN IP then the destination IP can be 127.0.0.1 (localhost). For docker containers that are running direct to the LAN then you use their own LAN IP.

The reverse proxy can work HTTPS to it from web clients and HTTP to the real web service, but that service does have to be listing on HTTP.

I have done this for a few web services too, Plex included, and it works.
Click to expand...
destination is definitely http: as it will not open locally on https.

I tried localhost and thr links no longer work at all.

Interestingly I have been able to get the Plex and Audiobookshelf containers to work locally and remote (but sometimes they fail, almost like safari will sometimes log in and others won't). My Calibre-web won't load at all. Now I'm more confused as I'm getting some to work and others will not.
 
I'm not familiar with that 3rd screenshot, or what it is telling me. I would expect external port 443 to be forwarded to your NAS LAN IP, port 443.

Are you sure 443 is actually open? Have you tested it? Does your ISP allow external connections through 443?
 
It could be the certificate. Does the certificate include the wildcard *.mynas.synology.me ? And have you assigned this certificate to each remote proxy in Control Panel / Security / Certificate?

I use Calibre-Web and have it in bridge mode so that it's fixed container port is mapped to a NAS LAN IP port. The port on the NAS LAN IP needs to be fixed too, so don't use auto. As I have it it bridge mode the reverse proxy rule destination is set to HTTP / localhost / assigned NAS LAN IP port.

Looking at your DSM setup controlling the router (why do it this way?) the Internet ports are non-standard being forwarded to the NAS on standard ports? I'm guessing it's this way around as I don't use this feature, preferring to configure my router manually.
 
Telos said:
I'm not familiar with that 3rd screenshot, or what it is telling me. I would expect external port 443 to be forwarded to your NAS LAN IP, port 443.

Are you sure 443 is actually open? Have you tested it? Does your ISP allow external connections through 443?
Click to expand...
Yes I tested and it is open.
-- post merged: --

fredbert said:
It could be the certificate. Does the certificate include the wildcard *.mynas.synology.me ? And have you assigned this certificate to each remote proxy in Control Panel / Security / Certificate?

I use Calibre-Web and have it in bridge mode so that it's fixed container port is mapped to a NAS LAN IP port. The port on the NAS LAN IP needs to be fixed too, so don't use auto. As I have it it bridge mode the reverse proxy rule destination is set to HTTP / localhost / assigned NAS LAN IP port.

Looking at your DSM setup controlling the router (why do it this way?) the Internet ports are non-standard being forwarded to the NAS on standard ports? I'm guessing it's this way around as I don't use this feature, preferring to configure my router manually.
Click to expand...
Yes I have all the certificates set.

Calibre web is in bridge.

I had been using router only for port forward but thought maybe I screwed up so tried with the NAS controlling to see if it helped.
 
fredbert said:
It could be the certificate. Does the certificate include the wildcard *.mynas.synology.me ? And have you assigned this certificate to each remote proxy in Control Panel / Security / Certificate?

I use Calibre-Web and have it in bridge mode so that it's fixed container port is mapped to a NAS LAN IP port. The port on the NAS LAN IP needs to be fixed too, so don't use auto. As I have it it bridge mode the reverse proxy rule destination is set to HTTP / localhost / assigned NAS LAN IP port.

Looking at your DSM setup controlling the router (why do it this way?) the Internet ports are non-standard being forwarded to the NAS on standard ports? I'm guessing it's this way around as I don't use this feature, preferring to configure my router manually.
Click to expand...
I did go to my router and manually port forwarded 80 and 443, and have confirmed with my DDNS I was able to see those ports.
 
OK, so what is working and what isn’t?

From the Internet can you access Web Station main website (if you have it installed)? That would suggest the port forward is working.

From the Internet can you now access the local Plex Media Server website? If you have port forwarded the default 32400 Plex port, does that work? Does the request using the reverse proxy work?

Do you have any DSM firewall that could be blocking connections from parts of the Internet?
 
Well big thank you so far.

I started back over from the beginning and only using port forwarding on router for 80, 443 and deleted the others on synology.

I went back and renewed certificates (while the certificate was listed for each page I am wondering if maybe I had missed adding the * to make the wildcards).

I currently have my audio bookshelf, plex working fine.

Current issue is my calibre-web opens on local network and not remote.
 
fredbert said:
OK, so what is working and what isn’t?

From the Internet can you access Web Station main website (if you have it installed)? That would suggest the port forward is working.

From the Internet can you now access the local Plex Media Server website? If you have port forwarded the default 32400 Plex port, does that work? Does the request using the reverse proxy work?

Do you have any DSM firewall that could be blocking connections from parts of the Internet?
Click to expand...
web station works.
Plex local media server works via internet.
Local audiobookshelf server works via internet.
turned off firewall to test to make sure not a limiting factor.
calibre-web works locally (with my name.synology.me) but not via internet.
 
My Calibre-Web container is running HTTP, but I have a reverse proxy that clients connect using HTTPS and this is connected onto the HTTP. I prefer having just HTTPS access.

To confirm, you have used a unique name to access it? e.g. calibre.mynas.synology.com etc.

You might trying a new reverse proxy rule to see if something got cached along the way.
 
fredbert said:
My Calibre-Web container is running HTTP, but I have a reverse proxy that clients connect using HTTPS and this is connected onto the HTTP. I prefer having just HTTPS access.

To confirm, you have used a unique name to access it? e.g. calibre.mynas.synology.com etc.

You might trying a new reverse proxy rule to see if something got cached along the way.
Click to expand...
my calibre is localhost:8083 via http://

I setup a reverse proxy that is calibre.name.synology.me via https:// that directs to the http://localhost:8083, it just does not work when using outside home network.

I did try a new reverse proxy rule and also tried loading a new docker image as well and running into same issue just with calibre-web
 
So you have mapped NAS LAN IP port 8083 to Docker container port 8083?

And there are no typos in the reverse proxy or browsed URL?

This is pretty much what my Calibre-Web r-rpoxy looks like. I use a personal domain and I don'y usually give Internet access so have a profile to limit to LAN IPs (except when I renew the certificate).
1668785013376.png


And the Docker container's port setting. As example I'm using DSM LAN IP port 32123.
1668785159561.png
 
fredbert said:
So you have mapped NAS LAN IP port 8083 to Docker container port 8083?

And there are no typos in the reverse proxy or browsed URL?

This is pretty much what my Calibre-Web r-rpoxy looks like. I use a personal domain and I don'y usually give Internet access so have a profile to limit to LAN IPs (except when I renew the certificate).
View attachment 11400

And the Docker container's port setting. As example I'm using DSM LAN IP port 32123.
View attachment 11401
Click to expand...
my setup was essentially the same. Tried multiple different local ports.

Am not sure exactly what I did but cleared cache on all browsers, spun up new docker and just started from scratch and now it's working with the same setup. Thanks again, new to all the port forwarding and reverse proxy. Its easy in theory but I always seem to find something that trips me up.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

B
  • Solved
Please Help me with Troubleshooting Reverse Proxy
Glad it’s working. Now you can help the next person! No reward necessary 😎
Replies
14
Views
2,385
fredbert
fredbert
D
Reverse Proxy - Help Understanding Prerequisites
Not applicable for Reverse Proxy. That should be fine, but, that domain then will be strictly for Plex...
Replies
5
Views
2,079
Telos
Telos
D
  • Question
Web app links behind reverse proxy
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
Replies
1
Views
976
fredbert
fredbert
K
  • Question
Subdomains (and also with reverse proxy) always display the DSM login page on DSM 7.2.1
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
Replies
10
Views
1,508
Rusty
Rusty
A
  • Solved
Reverse proxy, Forbidden 403 error
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
Replies
3
Views
1,766
arcylix
A
C
SSTP and WEB with Synology Reverse Proxy
I accessed to log and when I trying connect I have message: "SSTP_DUPLEX_POST...
Replies
9
Views
1,840
CzarnyLewis
C
K
Having a hard time installing Mastodon with Reverse Proxy
The thing is... Too many users freeload off Marius and then come to the forums for assistance. Give Marius...
Replies
4
Views
1,927
Telos
Telos

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Back
Top