Question Reverse Proxy

Currently reading
Question Reverse Proxy

137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
I did have a Reverse Proxy working but I broke some other stuff and now on recreation it doesn't work....

I've installed Nextcloud in a Docker. It works! Its on port 8080, wise folk here suggest a RP and so I have set up the subdomain nextcloud.mydomain.tld. The DNS (external) is set and propagated. I asked LetsEncrypt for a new certificate with my nextcloud subdomain added. Then I followed the other instructions here.

The first time this worked it didn't. It did take me to my Nextcloud but there was an error as I was using an "untrusted domain". I've reinstalled Nextcloud (don't ask). Although I haven't quite fixed the "untrusted domain" issue, the RP should still take me to my Nextcloud and that error message. But instead I get the default Synology web page.

The RP is set up thus:

Description: Nextcloud
Source
Protocol: HTTPS
Hostname: nextcloud.mydomain.tld <- not my real domain but I did put my real domain in!
Port:443
Destination
Protocol: HTTP
Hostname: 192.168.1.2 <- LAN address of my DiskStation
Port: 8080

I can access Nextcloud at 192.168.1.2:8080, cloud.mydomain.tld gets me the Synology default we page.

I know I need to fix the trusted domain in Nextcloud but I'm in the same place I was yesterday when the PR appeared to take me to Nextcloud.

(I'll ask for command line file editing tips later but any advice meanwhile?)
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
Destination Hostname: localhost

Actually that doesn't make a difference, however...

I'm typing cloud.mydomain.tld into my browser. If I type https://cloud.mydomain.tld I get the expected Nextcloud "untrusted domain". So my RP does work, now I need to sort the http / https issue. I always want http request to go to https.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
I can access Nextcloud at 192.168.1.2:8080, cloud.mydomain.tld gets me the Synology default we page.

It wouldn't be cloud.mydomain.tld, you'd want nextcloud.mydomain.tld .

Hard to tell if you're making that little goof just here, or when you try to access the page.

And, you'd need to make sure to type in https://nextcloud.mydomain.tld . Otherwise, you're going to pull up port 80, not 443, and 80 isn't forwarded by your current reverse proxy setup.
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
It wouldn't be cloud.mydomain.tld, you'd want nextcloud.mydomain.tld .
Sorry, my typo. Lets assume I mean nextcloud.mydomain.tld.

you'd need to make sure to type in https://nextcloud.mydomain.tld
Yes, but I never type http anything and assume nobody else does. The BBC is at bbc.o.uk not BBC - Home
80 isn't forwarded by your current reverse proxy setup.
Can I fix that? I tried setting the Destination Protocol to HTTPS but that got me a Synology 404.

May have to RTFM!
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
That https:// bbc dot co dot uk wont unlink, you see what I mean though.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Last edited:
If you want both port 80 and port 443 to forward, you could just make two entries in your reverse proxy setup, both pointing to the same place.

So, the first one you already have.
The second one would be (to use your formatting):

Description: Nextcloud http
Source
Protocol: HTTP
Hostname: nextcloud.mydomain.tld <- not my real domain but I did put my real domain in!
Port:80
Destination
Protocol: HTTP
Hostname: 192.168.1.2 <- LAN address of my DiskStation
Port: 8080

The "problem" with this setup is that when users connect without https, they'll be using an insecure connection. What you REALLY want, I think, is for the user to be forced to https even when they fail to enter the https://

So then you say, "I'll just check the "use HSTS" option on the https entry, then I don't need the http entry. That'll fix it!" And it might... but it seems you have to reboot the diskstation after setting this, for it to take effect. And, you may have to clear your browser cache as well.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Let us know what happens!
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
What you REALLY want, I think, is for the user to be forced to https even when they fail to enter the https://
Yes. I tried your second option of only having the one PR but it didn't work, even after a reboot. But two RPs seems to have done the trick.

No doubt it will all go wrong later so standby... ;)
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Thanks @akahan, I'll give this a shot. @Rusty 's tutorial isn't doing it for me.
It should. Works just fine for me. I have about 20 or so RP parameters and they all redirect from http to https just fine.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
It works for me too, but, again, I find that I have to reboot the diskstation for this to take effect, and it seems (maybe my superstition?) not to work until I've also cleared the browser's cache, if the browser was previously connecting to the same container via https.
 
323
123
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
OOOH, you know what really helps? If you're on a Windows machine:

ipconfig/flushdns

THEN try.
 
137
19
NAS
DS918+
Operating system
  1. macOS
Mobile operating system
  1. iOS
So I tried and failed again. I've tried a couple of times. I've used @Rusty 's tutorial (despite his typos and formatting!) and even followed along with Gudbrand Olimb"s version. I slept on it and tried again. Still no joy.

One thing to report that on creating the second Reverse Proxy, on "OK" to save I had much waiting, more than enough time to make coffee and then decide to reboot the DiskStation. The PR was there on startup, but the same thing happened the next time. Maybe nothing, maybe something?

So I'm expecting (wanting - demanding!) my subdomain 'nextcloud.mydomain.tld' to get me to my Nextcloud web pages at port 8080 via https whether or not anyone typed http or not.

After following the tutorials typing nextcloud.mydomain.tld gets me to a secure page which is Synology 404.

Screenshot 2020-06-13 at 17.00.19.png


Other points of failure:

I can access my DiskStation Manager via server.mydomain.tld:1234. I can access Nextcloud at 192.168.1.2:8080. I cannot, however access nextcloud via server.mydomain.tld:8080. server.mydomain.tld without specifying a port gets me to the Synology Web Station "enabled" page.

Port 8080 is open on my router. The subdomain 'nextcloud' is a fully qualified domain name and has a record in the DNS which points to the public IP of my router. All stuff that generally works, has worked on A N Other linux server.

So the http to https appears to be working? But then I'm not getting sent to or am being blocked from accessing Nextcloud at port 8080?
 

Rusty

Moderator
NAS Support
2,380
705
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Do you have port 80 open as well as 443 on your router?
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top