Synology Reverse Proxy

Tutorial Synology Reverse Proxy

Currently reading
Tutorial Synology Reverse Proxy

1
0
NAS
DS718+
Hi Rusty.
Thanks for this tutorial. I have setup my Unifi controller so port 443 is forwarded to the Synology via RP and that seems to work fine as far as resolving addresses for the various services I have running. However, I have 2 issues:

1) Despite setting up HTTPS and assigning Let's Encrypt SSL certs, my browser shows connection is not secure. This happens whether typing in the FQDN on internal LAN or from an external connection. DDNS is via [MyDomainName].synology.me. Any idea of how I can get this to show a secure connection?

2) I still seem to be getting huge lists of threats in the Unifi Intrusion Protection System - It's just now that all requests are coming in at port 443 instead of all the other ports I previously had open via NAT.

1613043182955.png



Any advice is gratefully received.

Thanks
 

Rusty

Moderator
NAS Support
4,440
1,284
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
2) I still seem to be getting huge lists of threats in the Unifi Intrusion Protection System - It's just now that all requests are coming in at port 443 instead of all the other ports I previously had open via NAT.
Well, I guess this makes sense. At least now you can protect and harden that single port instead of fighting on multiple fronts (ports).

Considering that you are opening on 443 to the world the only thing you can do now is limit and terminate the connection on the IPS/IDS level to prevent it from even reaching your NAS from specific sources (countries).

1) Despite setting up HTTPS and assigning Let's Encrypt SSL certs, my browser shows connection is not secure. This happens whether typing in the FQDN on internal LAN or from an external connection. DDNS is via [MyDomainName].synology.me. Any idea of how I can get this to show a secure connection?
If you have a valid cert this shouldn't happen, however, the question remains when does this happen exactly? When you access it using the root domain, or some xxxx.mydomainname.synology.me domain? If you are using it with multiple subdomains, does your cert cover those domain names? Is it a wild card cert or a single named one? Does it have any SAN values inside it?

Give a bit more info on it, also, have you tried with multiple browsers?
 
4
0
NAS
DS218+
Anybody knows how can I restart nginx via ssh in DSM7?

synoservicecfg –restart nginx doesn't work 🙄
-ash: synoservicecfg: command not found
 
8
0
NAS
DS920+
Operating system
  1. Linux
Mobile operating system
  1. Android
I'm attempting to access Docker containers (specifically Nextcloud) in the manner described here. It seems relatively straightforward, the problem is when I type the url I've specified into my browser (https://nc.mydomain.synology.me), it automatically redirects me to the login screen as opposed to the Nextcloud instance. This means my Nextcloud isn't accessible outside of my own local network, and therefore useless as a Dropbox replacement.
Unless I'm missing something, I've followed these instructions to the letter. I've gotten a domain and a wildcard certificate (as well as trying to get one specifically for Nextcloud) from Let's Encrypt from the Synology Diskstation itself, and have set my HTTP Nextcloud instance to forward to the HTTPS 443 subdomain. Can anyone shed some light on what I'm doing wrong.
 
717
257
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
the problem is when I type the url I've specified into my browser (https://nc.mydomain.synology.me), it automatically redirects me to the login screen as opposed to the Nextcloud instance.
What login screen? Does ur URL change?

and have set my HTTP Nextcloud instance to forward to the HTTPS 443 subdomain
Why are you doing this while you are setting the Nextcloud behind a reverse proxy?

Have you read this documentations?
 
8
0
NAS
DS920+
Operating system
  1. Linux
Mobile operating system
  1. Android
What login screen? Does ur URL change?


Why are you doing this while you are setting the Nextcloud behind a reverse proxy?

Have you read this documentations?
URL does not change. It remains "nc.blahblahblah.synology.me," but also displays port 5001 afterwards.
I guess I'm a little confused, why wouldn't I do that? Doesn't the tutorial specify to set the source and the destination that way?
I'm relatively new to all this, and learning as I go. I'll review those docs when I get a chance, although hopefully my answers above shed some light
 
717
257
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
URL does not change. It remains "nc.blahblahblah.synology.me," but also displays port 5001 afterwards.
Oh so it ends up on your DSM login page. You wasn't very clear with that.

Sounds like something is wrong with your reverse proxy configuration.
 
388
156
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
Set nextcloud to listen on a port that's not already in use - so, not 443, and point the reverse proxy to that port (not 443). 443 gets intercepted by the DSM UI before it gets to docker.
 
8
0
NAS
DS920+
Operating system
  1. Linux
Mobile operating system
  1. Android
Last edited:
Oh so it ends up on your DSM login page. You wasn't very clear with that.

Sounds like something is wrong with your reverse proxy configuration.
Sorry bout that...rotor and pad swap has been taking up a lot of my thought today.
Set nextcloud to listen on a port that's not already in use - so, not 443, and point the reverse proxy to that port (not 443). 443 gets intercepted by the DSM UI before it gets to docker.
Just finished making screenshots to try to illustrate. I'll try to set my Nextcloud docker to a different port and point there.
screenshot-08609543.png
screenshot-3d1abf1b.png

-- post merged: --

Set nextcloud to listen on a port that's not already in use - so, not 443, and point the reverse proxy to that port (not 443). 443 gets intercepted by the DSM UI before it gets to docker.
Sorry, still learning how to use a Synology. Is there a terminal command or something I can use from the DSM dashboard to accomplish this?
 
388
156
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
To accomplish which part? You'd set the docker port (to 8082) in docker by editing the container's settings. You have to stop the container to get access to the edit screen.
 
8
0
NAS
DS920+
Operating system
  1. Linux
Mobile operating system
  1. Android
Maybe I'm just an idiot. I've got Portainer open and I don't see the Duplicate/Edit option that I understand is supposed to be there.
Nextcloud is already on 8082 in docker if you access via HTTP, if that changes the instruction
 
8
0
NAS
DS920+
Operating system
  1. Linux
Mobile operating system
  1. Android
The DSM login page or the DSM page itself, depending on how recently I've logged in.
 
388
156
NAS
DS212J, DS214play, DS216, DS216play, DS414, DS918+, RS816
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. iOS
I think you may have to use an "actual" domain name, that you actually own, rather than the synology.me domain, for this to work. (I've only ever done it with an owned domain name...and trying it with the synology.me domain doesn't seem to work for me, either.)
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

if we are talking about the host side of a docker container port mapping, then yes, this is not going to...
Replies
12
Views
916
SynoMan submitted a new resource: NextCloud on Synology NAS using Docker compose (with Portainer) - The...
Replies
0
Views
166
wizard99 updated Performing the Synology Memory Test and Extracting the "HIDDEN" Memtest Results via a New...
Replies
3
Views
524
fredbert submitted a new resource: Synology Product Security Advisory - A link to the latest DSM and SRM...
Replies
0
Views
237
Know about it but no ios app for it as far as I see so not really my main target platform
Replies
2
Views
642

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top