Tutorial Synology Reverse Proxy

[jeyare]

when you prepare correct setup of the new (from File Station RP) subdomain into your DSM by this KB from Syno. it will work

 

[jeyare]

otherwise File Station will use your primary DSM address in the Share link generator

 

[WST16]

when you prepare correct setup of the new (from File Station RP) subdomain into your DSM by this KB from Syno. it will work

Now that’s very, very interesting. I checked the KB you referenced (thanks) but I’m still skeptic. I was hoping that you’ve personally tried it. I should try it and see.

 

[WST16]

So if I go to my LE certificate, delete it and recreate it, adding all the subject alternative names and then go to my DDNS provider where I have my domain name registered and add the CNAMEs, will that do it?

Actually, I have CNAME = www already in place (on the DNS) with the LE configured for it (subject alternative name). I think I can try that first. Possible?

It’s xyz.com and www.xyz.com

 

[jeyare]

I have got it by this KB, works. Tomorrow I will write more. Tired now

 

[Rusty]

Have to try it but with Drive it’s using RP address.

 

[jeyare]

Drive is different. File Station is configured by Synology to use default DSM entry point. Then you need to change by custom link (used by RP)

 

[WST16]

File Station is configured by Synology to use default DSM entry point.

Yes. My skepticism that it won’t work is proven. I tried a few things. The generated link includes the DSM port no matter what.

Drive it’s using RP address.

That’s interesting. Does it mean that I can generate a share link with no ports referenced? That’s what I’m after.
I want to end up with something like: shares.xyz.myds.com/Rd4j3lq
Where shares is what’s given to my RP.

Thanks

 

[Shadow]

Does it mean that I can generate a share link with no ports referenced?

Yep. Works great here.

 

[jeyare]

WtF ... tested right now

- new sub domain prepared for this test ... files.domain.com (new DNS A host record)
- Control panel/Application portal/Application .. Edit of File Station:
Enable Customized Domain:
files.domain.com ... according the new A record
Enable HSTS

Evaluation:
1. Browser will open new domain. Correct
2. when you click into Share feature, it will still remains in general DSM domain (no port, as well)

Reverse proxy for File Station will give you chance use customized sub domain, but for Shared links it will generate just general DSM link.

But
when you generate the Shared link and you "manually" change the generated link with sub domain to your expected RP sub domain it works! Then there is just a error in Matrix with useful "custom" domain setup for File Station from DSM (Synology).
Sorry for my mystification, corrected now.

 

[WST16]

@Shadow and @jeyare, thank you for taking the time to test this.
I’ll need to do some domain additions and add it to the DS certificate to be able to use it. Looks like I have another weekend project

Thanks again.

 

[jeyare]

You welcome.
Just to be sure. This is valid for File station only. Drive is ok

 

[Mike12421]

Hello all,

Excellent guide. I've just signed up to post a few questions, I hope someone can give me some guidance as I'm going round in circles.

I currently have a DDNS with No-IP, along with a Letsencrypt certificate and I'm able to connect to individual programs such as NextCloud, SAB and Sonarr when manually entering port numbers along with the DDNS url. When I read this guide regarding reverse proxy I dove in and managed to complete everything NAS side, however I'm having difficulties with No-IP and subdomains.

I would much prefer to have my own domain and not have to rely on a DDNS, maybe be a little more self contained.

My question or questions are;
1) If I purchase a domain name and host it using one of these low cost hosting sites, will that be the same as a DDNS in regards to typing in the website url and being correctly forwarded to the relevant app dependant on the subdomain I used?
2) If so, can anyone recommend a hosting site that allows you the full control necessary to setup reverse proxy and subdomains? I've heard that Flaunt7 might be the ticket.

I hope I'm making sense and I haven't completely missed the mark, this is all very new to me.

Many thanks.

 

[Mike12421]

Apologies for a followup message, but No-IP have replied, stating;

"You cannot create fourth level sub domains on No-IP owned domains like ddns.net. Fourth level sub domains can only be created on a domain that you own/have personally registered, and that also has Plus Managed DNS."

From this, I guess buying and hosting my own domain is the way to go.

 

[Rusty]

1) If I purchase a domain name and host it using one of these low cost hosting sites, will that be the same as a DDNS in regards to typing in the website url and being correctly forwarded to the relevant app dependant on the subdomain I used?

Yes, after you configure your reverse proxy parameters for those apps/services

2) If so, can anyone recommend a hosting site that allows you the full control necessary to setup reverse proxy and subdomains?

Dreamhost comes to mind. Cloudflare as well.

 

[one-eyed-king]

GJ.
To bad that Synology Reverse Proxies cannot work on layer 4..

I know this post is rather old, but.. Nginx can act as a reverse proxy AND as a tcp/udp loadbalancer, e.g. to balance TLS-Passthrough traffic (=not terminated in the reverse proxy) or any binary protocoll. Now that I know where custom configurations can be added, It is safe to say: it's possible. Though, domain specific configuration is only possible if the connection is wrapped in TLS (only then it will provide the required SNI information in the TLS extensions). This guy made a nice overview of the possible trickery

 

[Mike12421]

Yes, after you configure your reverse proxy parameters for those apps/services


Dreamhost comes to mind. Cloudflare as well.

Hello,

Thank you kindly for replying. I'll headover to Dreamhost and Cloudflare now.

 

[vtsakiris]

WE WANT REVERSE PROXY ON SRM!!!

 

[Rusty]

WE WANT REVERSE PROXY ON SRM!!!

Why? Can't you use the one on the NAS?

 

[vtsakiris]

Why? Can't you use the one on the NAS?

This is accurate,
I just want to consolidate all the routing to my rt2600ac router... Let the router dou the routing and the Nas the file stuff!