So ... Huston, we have problem.
Last night, NGIX RP decided to test my tolerance for problems on my primary home NAS.
After many years of trouble-free operation of Syno Nginx RP, I experienced the following state:
- random connection of my RP targets from WAN to NAS (some were available and some were not)
RP Targets:
the DSM itself and +12 containers
So far, till yesterday - all the RP targets have worked without problems on these settings:
Source: HTTPS + FQDN + 443
HSTS + HTTP / 2
Destination: HTTP / HTTPS (up to def) + locahost + target port
(no rocket science)
Tested, done:
1. LAN connection
http LAN_IP:local_target_port ----> NAS:local_target_port ...... OK for all of the targets
2. WAN connection
https FQDN:local_target_port ----> router PF to NAS (port:port) ----> NAS:local_target_port ...... OK for all of the targets
3. WAN connection
https FQDN ----> router PF to RP (433:433) ----> NAS RP 433 ----> NAS:local_target_port ...... doesn't work (dor all of the target)
4. WAN connection
https FQDN:443 ----> router PF to RP (433:433) ----> NAS RP 433 ----> NAS:local_target_port ...... doesn't work (dor all of the target) .... don't laugh, I've tried everything
5. Scenario - despair after 2:00am
In all previous cases (3 and 4) I prepared a combination of all possible parameters:
- localhost changed to NASP_IP (for each ethx) ... doesn't work
- localhost by http/https ... doesn't work
- HTTP/2 enabled/disabled ... doesn't work
- WebSocket (upgrade + connection) enabled/disabled ... doesn't work
- mix of all these scenarios.
6. Scenario
NAS Firewall switched on/off ... doesn't work
Verdict No. 1:
- there isn't a problem with router port forwarding or firewall side
- same for the NAS firewall
So deep dive to NAS side.
iptables --list
Checked
All as expected, incl. Docker, Firewall chain
SSL Certificates under NGINX command, check:
Bash:
/usr/syno/etc/certificate/ReverseProxy/
/usr/syno/etc/certificate/system/default/
All as expected - all of them are my valid Wildcard cert+key ...
NGINX config check:
all as expected, in line with definition from UI an
@one-eyed-king this resource notes
Test configuration for validity: nginx -t
Success
Reload configuration: nginx -s reload
Success
Errors:
/var/log/nginx
error_default.log: ..... often recurring error
Bash:
1202#1202: signal process started
2021/11/04 02:30:23 [error] 1202#1202: open() "/run/nginx.pid" failed (2: No such file or directory)
but nginx is running
..... it is more than clear that the problem is in NGINX RP. I haven't found why yet.
PS: There isn't Syno NAS VPN in operation.
What do you think?