Reverse proxy issues for docker containers in DSM7

Currently reading
Reverse proxy issues for docker containers in DSM7

I have for the past couple of days trying to get the reverse proxy to work in DSM7. I have used the tool within DSM7 itself to try and achieve this but with mixed results. Full disclosure that I'm learning as I go and have had several tutorials as a starter (
). So I'm thankful for any help that I'm able to get.

What seems to be the problem?
  • It works sporadically…
    • At times it only works when connected to my LAN and not when I switch to my carrier.
    • Sometimes it is the opposite
    • I can be working well in one tab (it updates and I can interact with it) and as soon as I refresh the page I loses connection.
    • And of course lastly, at times it does not work at all…
  • Sometimes it automatically redirects to port 5001 as subdomain.example.synology.me:5001.
    • I have turned off automatically redirect HTTP connection to HTTPS for DSM desktop
How I have it setup currently:
  • Setup a DDNS through Synology.me (we call it example.synology.me)
  • Let's encrypt certificate for example.synology.me had been made automatically by DSM when first created. This was setup to include wildcards for subdomains as *.example.synology.me
  • The docker containers that are HTTP have been been using reversed proxies as HTTPS (on port 443). Example below for tautulli
  • Port 443 is open in my router
Screenshot 2021-07-28 at 00.23.44.png

What I have tried to get it to work:
  • Individual certificates
    • Made individual certificates from let's encrypt for some of the subdomains to try
    • Switched the used certificate in settings
  • Forwarded to another port than 443 (read somewhere that Synology uses this port for it's own software so might be some mix up)
    • Same mixed result as before on port 443
  • Tried with and without HSTS enabled, no change at all.
  • Tried to setup them up only as HTTP (no luck here either)
  • I have no static IP
    • This is not so much something I have been able to try as a thought. My understanding is that it shouldn't be necessary to get the current setup to work.
I have tried my best to keep a good structure in the post but feel free to ask if anything is unclear.

/A fellow tinkerer in the deep end
 

Rusty

Moderator
NAS Support
4,378
1,269
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Off the bat I would say it all looks good. So the question is why does it work sometimes and not all the time. My money is on a DNS/port forward/double NAT/ISP problem. That's just of the top of my head.

You gave a good amount of info but how is your network setup configured? Own your router or using ISP only? What provider is in question? Are you sure your port forward is configured correctly? UPNP on or off?
 
Incredible response time Rusty!
  • I only have one router configured so I don't think double nat is a problem
  • I have manually setup the port forwarding in my Asus router. 443 local port to 443 on Synology NAS and 80-80 port.
  • UPNP Is currently turned on.
  • I don't have a static IP adress from my provider.
 

fredbert

Moderator
NAS Support
Subscriber
2,869
1,150
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
How often does your ISP dynamic IP address change? How quick does your DDNS record change at the Internet DNS service?

How is you NAS's IP LAN IP assigned?
  • Dynamically?
    • Just leave to the DHCP server to give it one
    • Reservation for NAS in the DHCP IP pool.
  • Manually?
    • You've set all the networking parameters by hand
    • Have you put a reservation in the DHCP IP pool for this IP address, if it's in the same range?
Same goes for any specific IPs used for Docker.
 
Last edited:
From what I can see my ISP changes the IP every 6 hours.

I believe that my router is dynamically handling this. Although I have a reservation for my NAS in the DHCP IP pool but not for the docker containers. Can I even reserve a DHCP for the docker containers that are under the same IP but under different ports?
-- post merged: --

Update:
  • I have now successfully created a subdomain for DSM by reverse proxying the port. It is now accessible as followed dsm.example.synology.me
  • Subdomains also successfully created for file station, download station, photos & drive in login portal/applications under customised domain with domain name in same fashion as above.
All these domains work excellent both on my carrier and locally.

To me it now seems as if docker might be the the bad guy in this...
Although not sure where to start here.
 

fredbert

Moderator
NAS Support
Subscriber
2,869
1,150
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
While your LAN may be subnet A.B.C.0-255 you may be able to either:
  • Define your DHCP dynamic pool to be a smaller range of this and then assign Docker IP to be outside that range. The local routing will still work because every device will still be using the full subnet.
  • Set a spoof MAC address in the DHCP reservation for the Docker IP.
This is all to stop the DHCP server from assigning the Docker IP to some other device.

EDIT: I think I'm confusing myself. What do you mean by when you talk about the IP address of Docker/container? The internal subnet of Docker, a specific IP/subnet accessible outside the NAS, the NAS's IP but using high ports assigned to containers?
 
I think I might have confused you with my vocabulary.
The docker containers run under the same IP as my NAS does but under different ports. Just as example the containers run as followed where the NAS's IP is under 192.168.1.100
Container 1 - 192.168.1.100:1111
Container 2 - 192.168.1.100:2222
 

fredbert

Moderator
NAS Support
Subscriber
2,869
1,150
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
So in the destination settings for the reverse proxy:
  • Protocol: HTTP
  • Hostname: localhost , or 127.0.0.1
  • Port: 1111 or 2222
Both localhost and 127.0.0.1 are interpreted the host device as 'me'.
 
For container 1 I have the following setup for the reverse proxy:
  • Protocol: HTTP
  • Hostname: 192.168.1.100
  • Port: 1111 (This is the same as the local port for that container that I see in docker)
 

fredbert

Moderator
NAS Support
Subscriber
2,869
1,150
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Might as well use localhost instead of 192.168.1.100
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
You are. I would advise you to use custom ports for your syno apps and then reverse to them using a...
Replies
1
Views
128
If you’re trying to access 3389 (rdp) through a web browser (http/httpS) it won’t work. The reason is...
Replies
13
Views
589
Obfuscating (changing default) port numbers isn't really good security practice. I do understand however...
Replies
50
Views
1,515
No, not for the client-side. That has to work on 6690. My reference was just for the Drive web ui access...
Replies
6
Views
1,471

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top