Reverse Proxy subdomain are first redirected to the DSM Login page, how to solve this?

Currently reading
Reverse Proxy subdomain are first redirected to the DSM Login page, how to solve this?

280
79
NAS
DS920+, DS916+, DS211j
Operating system
  1. macOS
  2. Windows
Mobile operating system
  1. Android
  2. iOS
Question, hopefully someone knows how to solve this!

I have set up Reverse Proxy for several docker containers which point to the respective containers. This is running on a new DS920+ (DSM 7.0.1) which has just been set up.

The problem is that when I enter the subdomain in any browser e.g.
Code:
vaultwarden.mydomain.com
it redirects me to the DSM login page.
Only when I use the full URL it redirects me to the relevant container e.g.
Code:
https://vaultwarden.mydomain.com/

On my old DS916 it was also set this way and I had no problems there.

Is it by any chance something from DSM 7.0? Any idea how I can fix it?
 
Sounds that it's going to HTTP and that it isn't being redirected back to HTTPS. If there's no configuration for HTTP vaultwarden.mydomain.com then DSM will interpret this as going to DSM itself (or Web Station).

Did you enable the HSTS option in vaultwarden.mydomain.com reverse proxy rule?
 
Upvote 0
Sounds that it's going to HTTP and that it isn't being redirected back to HTTPS. If there's no configuration for HTTP vaultwarden.mydomain.com then DSM will interpret this as going to DSM itself (or Web Station).

Did you enable the HSTS option in vaultwarden.mydomain.com reverse proxy rule?
No, but I guess it has something to do with the wildcard for subdomains in the DNS server.
so when I go to e.g. vaultwarden.mydomain.com it redirects me to https://vaultwarden.mydomain.com:5001. But when I enter https://vaultwarden.mydomain.com it goes to the right page.

So the subdomain http is not redirected to the correct https page...
 
Upvote 0
So the subdomain http is not redirected to the correct https page...
As @fredbert said because you don't have http to https for that domain configured. When you do not use a protocol, it will default to http, which will land you to your DSM and because you have http to https redirect configured for the DSM itself, you end up on https/5001.

To get around this you will need to configure http > https redirect to work. Considering that you have just started with a fresh setup, might I suggest not using the built-in RP, but instead using docker hosted one that has this feature working out of the box.

NGINX proxy manager

If you do want to continue running with the built-in one, and HSTS does not solve your problem, then try and configure this:

HTTP to HTTPS redirect
 
Upvote 0
As @fredbert said because you don't have http to https for that domain configured. When you do not use a protocol, it will default to http, which will land you to your DSM and because you have http to https redirect configured for the DSM itself, you end up on https/5001.

To get around this you will need to configure http > https redirect to work. Considering that you have just started with a fresh setup, might I suggest not using the built-in RP, but instead using docker hosted one that has this feature working out of the box.

NGINX proxy manager

If you do want to continue running with the built-in one, and HSTS does not solve your problem, then try and configure this:

HTTP to HTTPS redirect
I already have NPM installed in Docker but not using it at the moment, because the problem with NPM is that every subdomain has to go via the outside internet. But for some of my containers I don't need them to go through the Internet they are only Intranet subdomains. That is why I don't use NPM at the moment.

On my "old" DS916 I solved this by adding an htaccess file in the root WebStation folder with
Code:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
and that seems to been working.

But on the DS920 I do not have the need for Webstation anymore So I was looking for alternative solution
 
Upvote 0
OK. So my redirect works by hitting the Web Station top-level .htaccess rewrite rules: tested by change to a 301 response, normally it's 302.

Do I remember right: If Web Station isn't installed then DSM web interface will also become available via HTTP 80 and HTTPS 443? Never tried it.
 
Upvote 0
I use the built in rp, and I’m able to type my subdomain without https and it gets redirected. I don’t have any outside redirect services either.
Are you using an htaccess file that redirects http to https? And are you using the built in DNS Server with a wildcard for subdomain?
 
Upvote 0
Have you tried to enable setting "automatically redirect http to https" in DSM portal settings?
yes I have, it is enabled...
for me it is working as expected, so not sure what causes the difference...
I have enabled "automatically redirect http to https", but disabled HSTS. Each subdomain has its own certificate. Then subdomain is redirected by reverse proxy or AppPortal for Synology applications.
Maybe it depends also on browser...
 
Upvote 0
for me it is working as expected, so not sure what causes the difference...
I have enabled "automatically redirect http to https", but disabled HSTS. Each subdomain has its own certificate. Then subdomain is redirected by reverse proxy or AppPortal for Synology applications.
Maybe it depends also on browser...

I'm pretty sure the automatic redirect in DSM option is only for the dsm portal. The OP was looking for a redirect on one of his docker containers such as bitwarden. I don't believe the redirect in dsm would apply to anything else outside of the dsm portal page.

for me it is working as expected, so not sure what causes the difference...

Who is your domain provider?
 
Upvote 0
I'm pretty sure the automatic redirect in DSM option is only for the dsm portal. The OP was looking for a redirect on one of his docker containers such as bitwarden. I don't believe the redirect in dsm would apply to anything else outside of the dsm portal page.



Who is your domain provider?
no idea, but definitely it redirects http requests on port 80 to 5000 if this setting is disabled. When it is enabled, http requests from port 80 to https on 5001. If this http->https redirect happens only for requests that should end up on dsm portal or for any http request coming to port 80, I cannot say. (depends on whether the redirect mechanism sits before or after reverse proxy)

Domain provider is STRATO, subdomains just have CNAME record to main domain.
 
Upvote 0

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
I have two copies. The version I play on downloaded through Steam and the server instance purchased and...
Replies
6
Views
1,666
Question Reverse Proxy
yes, but Syno is miles away from the Enterprise market (support and critical features = backup of entire...
Replies
45
Views
6,124
Found a workaround. I have installed a torrent download client, with docker, that can connect through a...
Replies
17
Views
3,243

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top