Reverse proxy issues for docker containers in DSM7

Currently reading
Reverse proxy issues for docker containers in DSM7

I have for the past couple of days trying to get the reverse proxy to work in DSM7. I have used the tool within DSM7 itself to try and achieve this but with mixed results. Full disclosure that I'm learning as I go and have had several tutorials as a starter (
To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
). So I'm thankful for any help that I'm able to get.

What seems to be the problem?
  • It works sporadically…
    • At times it only works when connected to my LAN and not when I switch to my carrier.
    • Sometimes it is the opposite
    • I can be working well in one tab (it updates and I can interact with it) and as soon as I refresh the page I loses connection.
    • And of course lastly, at times it does not work at all…
  • Sometimes it automatically redirects to port 5001 as subdomain.example.synology.me:5001.
    • I have turned off automatically redirect HTTP connection to HTTPS for DSM desktop
How I have it setup currently:
  • Setup a DDNS through Synology.me (we call it example.synology.me)
  • Let's encrypt certificate for example.synology.me had been made automatically by DSM when first created. This was setup to include wildcards for subdomains as *.example.synology.me
  • The docker containers that are HTTP have been been using reversed proxies as HTTPS (on port 443). Example below for tautulli
  • Port 443 is open in my router
Screenshot 2021-07-28 at 00.23.44.png

What I have tried to get it to work:
  • Individual certificates
    • Made individual certificates from let's encrypt for some of the subdomains to try
    • Switched the used certificate in settings
  • Forwarded to another port than 443 (read somewhere that Synology uses this port for it's own software so might be some mix up)
    • Same mixed result as before on port 443
  • Tried with and without HSTS enabled, no change at all.
  • Tried to setup them up only as HTTP (no luck here either)
  • I have no static IP
    • This is not so much something I have been able to try as a thought. My understanding is that it shouldn't be necessary to get the current setup to work.
I have tried my best to keep a good structure in the post but feel free to ask if anything is unclear.

/A fellow tinkerer in the deep end
 
Off the bat I would say it all looks good. So the question is why does it work sometimes and not all the time. My money is on a DNS/port forward/double NAT/ISP problem. That's just of the top of my head.

You gave a good amount of info but how is your network setup configured? Own your router or using ISP only? What provider is in question? Are you sure your port forward is configured correctly? UPNP on or off?
 
Incredible response time Rusty!
  • I only have one router configured so I don't think double nat is a problem
  • I have manually setup the port forwarding in my Asus router. 443 local port to 443 on Synology NAS and 80-80 port.
  • UPNP Is currently turned on.
  • I don't have a static IP adress from my provider.
 
How often does your ISP dynamic IP address change? How quick does your DDNS record change at the Internet DNS service?

How is you NAS's IP LAN IP assigned?
  • Dynamically?
    • Just leave to the DHCP server to give it one
    • Reservation for NAS in the DHCP IP pool.
  • Manually?
    • You've set all the networking parameters by hand
    • Have you put a reservation in the DHCP IP pool for this IP address, if it's in the same range?
Same goes for any specific IPs used for Docker.
 
Last edited:
From what I can see my ISP changes the IP every 6 hours.

I believe that my router is dynamically handling this. Although I have a reservation for my NAS in the DHCP IP pool but not for the docker containers. Can I even reserve a DHCP for the docker containers that are under the same IP but under different ports?
-- post merged: --

Update:
  • I have now successfully created a subdomain for DSM by reverse proxying the port. It is now accessible as followed dsm.example.synology.me
  • Subdomains also successfully created for file station, download station, photos & drive in login portal/applications under customised domain with domain name in same fashion as above.
All these domains work excellent both on my carrier and locally.

To me it now seems as if docker might be the the bad guy in this...
Although not sure where to start here.
 
While your LAN may be subnet A.B.C.0-255 you may be able to either:
  • Define your DHCP dynamic pool to be a smaller range of this and then assign Docker IP to be outside that range. The local routing will still work because every device will still be using the full subnet.
  • Set a spoof MAC address in the DHCP reservation for the Docker IP.
This is all to stop the DHCP server from assigning the Docker IP to some other device.

EDIT: I think I'm confusing myself. What do you mean by when you talk about the IP address of Docker/container? The internal subnet of Docker, a specific IP/subnet accessible outside the NAS, the NAS's IP but using high ports assigned to containers?
 
I think I might have confused you with my vocabulary.
The docker containers run under the same IP as my NAS does but under different ports. Just as example the containers run as followed where the NAS's IP is under 192.168.1.100
Container 1 - 192.168.1.100:1111
Container 2 - 192.168.1.100:2222
 
For container 1 I have the following setup for the reverse proxy:
  • Protocol: HTTP
  • Hostname: 192.168.1.100
  • Port: 1111 (This is the same as the local port for that container that I see in docker)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
Replies
1
Views
371
  • Question
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
Replies
10
Views
1,235
  • Solved
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
Replies
3
Views
1,550
I accessed to log and when I trying connect I have message: "SSTP_DUPLEX_POST...
Replies
9
Views
1,659
  • Solved
Glad it’s working. Now you can help the next person! No reward necessary 😎
Replies
14
Views
2,261
The thing is... Too many users freeload off Marius and then come to the forums for assistance. Give Marius...
Replies
4
Views
1,723

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top