Synology Reverse Proxy

Tutorial Synology Reverse Proxy

Currently reading
Tutorial Synology Reverse Proxy

Hi Rusty.
Thanks for this tutorial. I have setup my Unifi controller so port 443 is forwarded to the Synology via RP and that seems to work fine as far as resolving addresses for the various services I have running. However, I have 2 issues:

1) Despite setting up HTTPS and assigning Let's Encrypt SSL certs, my browser shows connection is not secure. This happens whether typing in the FQDN on internal LAN or from an external connection. DDNS is via [MyDomainName].synology.me. Any idea of how I can get this to show a secure connection?

2) I still seem to be getting huge lists of threats in the Unifi Intrusion Protection System - It's just now that all requests are coming in at port 443 instead of all the other ports I previously had open via NAT.

1613043182955.png



Any advice is gratefully received.

Thanks
 
2) I still seem to be getting huge lists of threats in the Unifi Intrusion Protection System - It's just now that all requests are coming in at port 443 instead of all the other ports I previously had open via NAT.
Well, I guess this makes sense. At least now you can protect and harden that single port instead of fighting on multiple fronts (ports).

Considering that you are opening on 443 to the world the only thing you can do now is limit and terminate the connection on the IPS/IDS level to prevent it from even reaching your NAS from specific sources (countries).

1) Despite setting up HTTPS and assigning Let's Encrypt SSL certs, my browser shows connection is not secure. This happens whether typing in the FQDN on internal LAN or from an external connection. DDNS is via [MyDomainName].synology.me. Any idea of how I can get this to show a secure connection?
If you have a valid cert this shouldn't happen, however, the question remains when does this happen exactly? When you access it using the root domain, or some xxxx.mydomainname.synology.me domain? If you are using it with multiple subdomains, does your cert cover those domain names? Is it a wild card cert or a single named one? Does it have any SAN values inside it?

Give a bit more info on it, also, have you tried with multiple browsers?
 
I'm attempting to access Docker containers (specifically Nextcloud) in the manner described here. It seems relatively straightforward, the problem is when I type the url I've specified into my browser (https://nc.mydomain.synology.me), it automatically redirects me to the login screen as opposed to the Nextcloud instance. This means my Nextcloud isn't accessible outside of my own local network, and therefore useless as a Dropbox replacement.
Unless I'm missing something, I've followed these instructions to the letter. I've gotten a domain and a wildcard certificate (as well as trying to get one specifically for Nextcloud) from Let's Encrypt from the Synology Diskstation itself, and have set my HTTP Nextcloud instance to forward to the HTTPS 443 subdomain. Can anyone shed some light on what I'm doing wrong.
 
the problem is when I type the url I've specified into my browser (https://nc.mydomain.synology.me), it automatically redirects me to the login screen as opposed to the Nextcloud instance.
What login screen? Does ur URL change?

and have set my HTTP Nextcloud instance to forward to the HTTPS 443 subdomain
Why are you doing this while you are setting the Nextcloud behind a reverse proxy?

Have you read this documentations?
 
What login screen? Does ur URL change?


Why are you doing this while you are setting the Nextcloud behind a reverse proxy?

Have you read this documentations?
URL does not change. It remains "nc.blahblahblah.synology.me," but also displays port 5001 afterwards.
I guess I'm a little confused, why wouldn't I do that? Doesn't the tutorial specify to set the source and the destination that way?
I'm relatively new to all this, and learning as I go. I'll review those docs when I get a chance, although hopefully my answers above shed some light
 
Last edited:
Oh so it ends up on your DSM login page. You wasn't very clear with that.

Sounds like something is wrong with your reverse proxy configuration.
Sorry bout that...rotor and pad swap has been taking up a lot of my thought today.
Set nextcloud to listen on a port that's not already in use - so, not 443, and point the reverse proxy to that port (not 443). 443 gets intercepted by the DSM UI before it gets to docker.
Just finished making screenshots to try to illustrate. I'll try to set my Nextcloud docker to a different port and point there.
screenshot-08609543.png
screenshot-3d1abf1b.png

-- post merged: --

Set nextcloud to listen on a port that's not already in use - so, not 443, and point the reverse proxy to that port (not 443). 443 gets intercepted by the DSM UI before it gets to docker.
Sorry, still learning how to use a Synology. Is there a terminal command or something I can use from the DSM dashboard to accomplish this?
 
Maybe I'm just an idiot. I've got Portainer open and I don't see the Duplicate/Edit option that I understand is supposed to be there.
Nextcloud is already on 8082 in docker if you access via HTTP, if that changes the instruction
 
I think you may have to use an "actual" domain name, that you actually own, rather than the synology.me domain, for this to work. (I've only ever done it with an owned domain name...and trying it with the synology.me domain doesn't seem to work for me, either.)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

One other suggestion; after the OPNsense/pfSense VM is running and has an internet connection, consider...
Replies
2
Views
1,417
Hi geekau, I am trying to do the same thing as you mentioned here following your steps. But I encountered...
Replies
4
Views
1,512
SynoMan submitted a new resource: NextCloud on Synology NAS using Docker compose (with Portainer) - The...
Replies
0
Views
2,177
wizard99 updated Performing the Synology Memory Test and Extracting the "HIDDEN" Memtest Results via a New...
Replies
9
Views
4,584
fredbert submitted a new resource: Synology Product Security Advisory - A link to the latest DSM and SRM...
Replies
0
Views
1,330
Know about it but no ios app for it as far as I see so not really my main target platform
Replies
2
Views
3,913

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top