Synology Reverse Proxy

Tutorial Synology Reverse Proxy

Last edited:
Maybe this will provide a clue...

If I edit the RP and use HTTP/80 instead of HTTPS/443, the browser page loads properly when I enter

"booksonic.secret.synology.me" into the browser URL.

But using HTTPS/443 in the RP fails.

Both ports 80 and 443 are forwarded to the NAS. FWIW, Booksonic is running from Docker if that makes a difference.

Is this related?
booksonic
 
I think this is a booksonic issue. Since the app uses port 4040, I forwarded 4040 to the NAS and without using RP i entered

"https://secret.synology.me:4040"
which failed to connect. Changing 4040 to my DSM HTTPS port brought up the DSM login page.

Next I tried "http://secret.synology.me:4040" which loaded the Booksonic login page.

I'm not sure what's going on here, but apparently Booksonic cannot work with HTTPS is my only guess.

So I tried a different Docker app... a YouTube downloader using RP

https://yt.secret.synology.me connected!

Good grief... a lot of wasted time over what seems an app issue.
 
Hi
Thanks for this helpful tutorial. I have managed to follow through using my own domain and now have webmail.mydomain.com, drive.mydomain.com, notes.mydomain.com all working for me. Previously I used the application portal setup to have them work under mydomain.com.webmail:xxxx, etc where xxxx is the port number.
Anyhow although I have it all up and running, I do have to type https://webmail.mydomain.com to get to the secure login. Is there anyway that it can be set up so that it will redirect it from the http to the https so I just have to type webmail.mydomain.com into my browser and it will automatically take me to https://webmail.mydomain.com
Thanks in advance for any help
Phil
 
Hi
Thanks for this helpful tutorial. I have managed to follow through using my own domain and now have webmail.mydomain.com, drive.mydomain.com, notes.mydomain.com all working for me. Previously I used the application portal setup to have them work under mydomain.com.webmail:xxxx, etc where xxxx is the port number.
Anyhow although I have it all up and running, I do have to type https://webmail.mydomain.com to get to the secure login. Is there anyway that it can be set up so that it will redirect it from the http to the https so I just have to type webmail.mydomain.com into my browser and it will automatically take me to https://webmail.mydomain.com
Thanks in advance for any help
Phil
try this

 
When creating the redirect RP, can I enter a wildcard domain (*.secret.synology.me) in the source hostname, while using the specific hostname (xyz.secret.synology.me) in the site RP? The idea being a single redirect RP handling several wildcard domains.

I hope I said that clearly.
 
When creating the redirect RP, can I enter a wildcard domain (*.secret.synology.me) in the source hostname, while using the specific hostname (xyz.secret.synology.me) in the site RP? The idea being a single redirect RP handling several wildcard domains.

I hope I said that clearly.
That didn’t work for me. I have multiple 80 redirects
 
"Jumping" into this discussion...
I am trying to containerize (is that a term ?) my proxy, ie using docker for the reverse proxy (with jwilder/nginx-proxy:alpine). Is this a good idea (it would allow me to "port" to other hosts if / when needed)
I have partial success: port 8080 is forwarder to local 80 but for some reason 4443 > 443 will not work
(I have ports: - 8080:80 - 4443:443).
Any idea how to diagnose ?
 
"Jumping" into this discussion...
I am trying to containerize (is that a term ?) my proxy, ie using docker for the reverse proxy (with jwilder/nginx-proxy:alpine). Is this a good idea (it would allow me to "port" to other hosts if / when needed)
I have partial success: port 8080 is forwarder to local 80 but for some reason 4443 > 443 will not work
(I have ports: - 8080:80 - 4443:443).
Any idea how to diagnose ?
How did you configure it exactly? Can you share a bit more info?
 
Sure - here is my (sanitized) docker-compose.yml

YAML:
version: '3'

services:

  proxy:
    image: jwilder/nginx-proxy:alpine
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
    container_name: nextcloud-proxy
    networks:
      - nextcloud_network
    ports:
      - 8080:80
      - 4443:443
    volumes:
      - ./proxy/conf.d:/etc/nginx/conf.d:rw
      - ./proxy/vhost.d:/etc/nginx/vhost.d:rw
      - ./proxy/html:/usr/share/nginx/html:rw
      - ./proxy/certs:/etc/nginx/certs:ro
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    restart: unless-stopped
 
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nextcloud-letsencrypt
    depends_on:
      - proxy
    networks:
      - nextcloud_network
    volumes:
      - ./proxy/certs:/etc/nginx/certs:rw
      - ./proxy/vhost.d:/etc/nginx/vhost.d:rw
      - ./proxy/html:/usr/share/nginx/html:rw
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped

  db:
    image: mariadb
    container_name: nextcloud-mariadb
    networks:
      - nextcloud_network
    volumes:
      - db:/var/lib/mysql
      - /etc/localtime:/etc/localtime:ro
    environment:
      - MYSQL_ROOT_PASSWORD=xxxxx
      - MYSQL_PASSWORD=xxxx
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
 
  app:
    image: nextcloud:latest
    container_name: nextcloud-app
    networks:
      - nextcloud_network
    depends_on:
      - letsencrypt
      - proxy
      - db
    volumes:
      - nextcloud:/var/www/html
      - ./app/config:/var/www/html/config
      - ./app/custom_apps:/var/www/html/custom_apps
      - ./app/data:/var/www/html/data
      - ./app/themes:/var/www/html/themes
      - /etc/localtime:/etc/localtime:ro
    environment:
      - VIRTUAL_HOST=nextcloud.domain.tld
      - LETSENCRYPT_HOST=nextcloud.domain.tld
      - [email protected]
    restart: unless-stopped

volumes:
  nextcloud:
  db:
 
networks:
  nextcloud_network:

Much to my surprise it worked "out of the box" - I can access NextCloud on port 8080.
However not on 4443 (nothing happens).

NOT running synology webstation so port 443 should be available (I think...)
 
NOT running synology webstation so port 443 should be available (I think...)
Web station doesnt need to be running. DSM by default is using both 80 and 443. There is nginx version running on the NAS itself (Control Panel > Application portal > Reverse Proxy).

So you are running a docker compose to get running NC up and running with all that it needs. You could run this partial and set up your SQL and NC containers separated and use the built in Reverse Proxy to get it up and running via https.

Still, saying that, what error do you get when trying to get to it on 4443?
 
Web station doesnt need to be running. DSM by default is using both 80 and 443. There is nginx version running on the NAS itself (Control Panel > Application portal > Reverse Proxy).
Thought it was running on 5000/5001 by default (mine seems to)
So you are running a docker compose to get running NC up and running with all that it needs. You could run this partial and set up your SQL and NC containers separated and use the built in Reverse Proxy to get it up and running via https.
Good idea - let me give it a try :)
Still, saying that, what error do you get when trying to get to it on 4443?
503 Service Temporarily Unavailable
nginx/1.17.6
 
Thought it was running on 5000/5001 by default (mine seems to)
Those are also the ports that are "reserved". I'm just saying that 80 and 443 are used and reserved by default on DSM considering that nginx is running

503 Service Temporarily Unavailable
nginx/1.17.6
The 503 means that the service is unresponsive. This could be due to resources and not just wrong configurations. Also, you could get this when a timeout occurs for any number of reasons.
 
It could be a blocking thingy too if you have excessive logins blocked. That happened to me over in the Community two months ago after they made some security changes, and I would have to wait for the block to time out. I got hit with 503s quite often.
 
This might be a silly question, but can I make a reverse proxy rule for a site running on Synology webstation? I have several sites in the web folder and would like to use subdomains for them. I have the reverse proxy setup for docker containers as those use hostname/port, but is there a way to point it to a webstation address?
 
Try with Virtual Host settings. Define a VH for your apps, but configure them on specific ports (IP will be your NAS IP ofc). Then just use RP as usual, point a forward name to that internal virtual host port on your NAS IP.

Screenshot 2020-11-25 at 12.32.46.png
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Thank You for the great input. I try not to Muck around with SSH on the NAS. I mistakenly waited too long...
Replies
3
Views
3,263
BobW submitted a new resource: How to Setup Custom Error Pages for Nginx-Proxy-Manager (NPM) - Setup...
Replies
0
Views
1,269

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top