SSL on Private LAN + VPN access

Currently reading
SSL on Private LAN + VPN access

I need to access the DSM https port 5001. In the reverse proxy I insert the domain dsm.example.com and everything I wrote in one of my previous posts. If I don’t do that how will the browser know where to go?
A simple illustration...

1. Forward 443 to the NAS.
2. In the RP entry set dsm.example.com (HTTPS, 443) to point to 192.168.1.1 (HTTPS, 5001). Save.

Enter "https://dsm.example.com" in browser URL. DSM log on screen should appear.

Caveats... your WAN is not CGNAT, your router supports NAT hair pinning (when URL used within LAN).
 
A simple illustration...

1. Forward 443 to the NAS.
2. In the RP entry set dsm.example.com (HTTPS, 443) to point to 192.168.1.1 (HTTPS, 5001). Save.

Enter "https://dsm.example.com" in browser URL. DSM log on screen should appear.

Caveats... your WAN is not CGNAT, your router supports NAT hair pinning (when URL used within LAN).

Man, I owe you a huge beer! Thank you! This seems to have solved the problem. So far it’s working like a charm.

Question now: how do I set up in RP for other services? For example: bitwarden? What ports and protocols should go in the destination and source is what I’m not sure of. I have bitwarden set up with Container port 3012 to have the local port 49122, and the container port 80 to have the local pott 8544. What goes where?

Thanks a lot!! 😇
 
Question now: how do I set up in RP for other services? For example: bitwarden? What ports and protocols should go in the destination and source is what I’m not sure of. I have bitwarden set up with Container port 3012 to have the local port 49122, and the container port 80 to have the local pott 8544. What goes where?
For BW, try this (similar pattern)...

In the RP entry set bw.example.com (HTTPS, 443) to point to 192.168.1.1 (HTTP, 8544). Save.
[An SSL cert should cover bw.example.com]

Optionally...

6QmhrNn.png


Enter "https://bw.example.com" in browser URL. Bitwarden log on screen should appear. If using browser extension, use "https://bw.example.com" as server.
 
For BW, try this (similar pattern)...

In the RP entry set bw.example.com (HTTPS, 443) to point to 192.168.1.1 (HTTP, 8544). Save.
[An SSL cert should cover bw.example.com]

Optionally...

6QmhrNn.png


Enter "https://bw.example.com" in browser URL. Bitwarden log on screen should appear. If using browser extension, use "https://bw.example.com" as server.

Sadly, I can’t get it to work for bitwarden. I did what you wrote above and set in the DNS server, under the example.com Master Zone a new A record bw.example.com that points to 192.168.1.1 (NAS IP address), same thing I did for the dsm subdomain. The issue is: Instead of resolving to the bitwarden service (https://bw.example.com), whenever I write that into the browser it opens https://dsm.example.com:5001. What would be the reason? I have to edit something in the DNS server or RP?
 
Glad to hear its working.
How do I get the SSL working on the browsers when connecting to the LAN via OpenVPN
I've not tried this, so I am unsure, however with the VPN connection, things should work as they do when you are browsing on your LAN, so this may be related to how your DNS is prioritized while VPN connected.

I see you are running through your ASUS router. I've thought about that, but as the storage/memory/processing ability of my router isn't huge, I'm using the NAS (intermittently) and an RPi for VPN... and Tailscale 😵
 
Hi, you need to use a SRV record in the dns zone for your domain name, with this you can add ports to A records (much simplified explanation) but bw.example.com just translates to dsm.example.com as you are saying in DNS that anything on port 80 (http) or 443 (https) is the nas ie bw.example.com:80 = <static IP>:80.

A records cant redirect to ports, SRV can
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Similar threads

  • Question
AFAIK, this is only true if your cert renewal is for a Synology DDNS subdomain alone.
Replies
5
Views
1,519
System: Router: ASUS RT-AX88U Pro Firmware version 3.0.0.6.102_32843 (supports VLANs) NAS: DS220+ (2 LAN...
Replies
0
Views
641
That would be a problem with browsing or email, but is it really an issue with bittorrent? Wouldn't it...
Replies
7
Views
2,074
  • Question
Have had issues with DS FINDER, not doing WOL, but DS ROUTER always works... Cannot reply to after power...
Replies
7
Views
4,371
If you set a different network and assign a port to it I don't see why the firewall will not allow you to...
Replies
1
Views
1,442
I have settings as Rusty said: Works fine for me. Scroll to the bottom in that window and hit the...
Replies
4
Views
6,754

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top