Reverse Proxy weirdness - Different destination depending on browser?

Currently reading
Reverse Proxy weirdness - Different destination depending on browser?

Operating system
  1. macOS
Mobile operating system
  1. iOS
TL,DR; - Reverse proxies in DSM work on Safari. Firefox routes to main DSM interface. Chrome routes to router interface.

DS1513+ running DSM 6.2.3-25426 Update 3

I have several Reverse proxies setup in DSM, 1 to a docker container, 3 to apps on the DS, and one to an Apache instance on an RPi. All of them have port 443 routing to their respective app ports. The Reverse Proxies do NOT have HSTS or http/2 enabled. I DO have port 443/80 forwarded from my router to the NAS.
I have a Lets Encrypt cert mapped to my custom domain (not with the appropriate Subject Alternative Names added.
All of these work fine in Safari. I enter and it takes me to that service.
On Firefox that same URL takes me to the DSM interface on the NAS for the docker and local aps. The Reverse Proxy does work for the Apache on the RPi from Firefox.
On Chrome that same URL takes me to the web interface for my Ubiquiti Edge router!??

This is all on OSX. I have rebooted the NAS, I have flushed DNS cache on OS X and the cache on FF/Chrome. I get the same behavior on multiple machines.
Almost impossible, maybe, but not quite. Why? Because DNS, that's why, it's always DNS.

The fact that Safari worked let me assume that my Reverse Proxy config was correct. So I started to think about how RPs worked and realized it had to be related to DNS somehow. Somehow the browser was getting the incorrect response to its query. My Ubiquiti Router was configured to give the IP address of my Synology as the DNS server but I also entered in Quad9 as the secondary DNS. So all DHCP clients got theSynology and Quad9 as DNS servers. This is supposed to work and I have always configured DNS this way. Internal as primary and external as secondary just in case. Well, Chrome and Firefox don't play by the rules. They don't query the first DNS and wait for a response before querying the second DNS, they query both at the same time! Why? I have no idea. As a result Chrome and Firefox were getting conflicting information from their queries. I have no idea why one browser ended up at DSM and the other at my router but there ya go.
So, you figure, just remove the secondary DNS from the router and flush the OS DNS cache and be good to go right? Wrong. You also have to flush the browser cache. Thats right, Chrome and Firefox have their own internal DNS caches. Why? Who knows. There is an internal command on both browsers to flush their caches but the implementation seems to be inconsistent. I had to flush the cache, quit the browser, flush the cache again and then it would work.
I still have issues with the RP for my Apache instance on the RPi with one of the browsers but I assume that's a cache issue that hasn't flushed yet. Everything else seems to be working.

It's always DNS.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Question
Does this only happen when you try to access packages via the 'office' links in Drive's menu? And have you...
  • Question
Ofc you can make a single compose for this no problem. Personally I like to separate front end apps from...
  • Solved
I think it was point 1 that was messing me up. And it was a simple fix, honestly. We'll have to see if I...
  • Solved
yes you can fullchain + privkey would be a better option

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!