I have been struggling with this process for weeks due to tutorials expecting users to have full understanding of the options or expecting certain steps to already be done. Starting with a strong clear explanation was very helpful!
As a recent new sub of a few days ago and having watched quite a many so far of your NAS Tutorial vids, I just wanna point out how excellent these tutorials are. It’s important to point that out in feedback vs just saying it’s a good, great video. Not only are you showing and explaining step by step in details How To Do and Why which is quite important, your also doing something else fundamentally and that is to “educate” the viewer. To me that is HUGE! I don’t know if that’s intentional but I damn appreciate that in understanding as it makes me more understanding overall of the content and topic. I’m not going to say I’m all techie, though I use it and work in Engineering and Process Control Industrial Automations. Not everyone can know or is expected to know everything, hence all our questions. But you provide substance of context in explaining that I and others can understand these ports in example with real understanding. A 20 min video bother me not in the slightest. People that watch these vids want to understand things and not just say check this, check that etc. Taking the time to properly explain things and some Networking concepts help everyone that invest time and attention to watching for understanding of how to do what and why. With all the fine details as well. So much appreciated and in help making me and everyone else wonderful in Tech.
I really appreciate the kind words! Glad to hear that the information is educational, as I try and bridge the gap as best as I can. Thanks so much for the support!
Very well-made tutorial. Clear instructions, with good explanations without going too deep into every definition or straying away from the subject at hand. Looking forward to checking out more of your work here. Cheers!
Very good tutorial. Especially the picture at the beginning to the reverse proxy! What is missing is that you have to create sub domains at your provider first.
Thanks! Yes, I was going to show that but there are so many different registrars that I thought it would only apply to a small portion of the audience. I do have a video on how to use Cloudflare which shows this (I love Cloudflare), but I will definitely keep it in mind for future tutorials!
This is super powerful and useful service, I looking for this function for a long time, read a lot of tutorial on video and doc but still not figure it out. After your tutorial, I can handle reverse proxy and work well to me. Thanks so much!!
Maaan thank you so much for such detailed explanations 🎉 it's been like years that I never got this😂 and you explain that so thoughtfuly ❤ thank you so much ❤
I had SWAG already running but this tutorial opens my eyes, and so i stopped trying to get a proxy manager container running, while i basically have the same options on my Synology NAS. Besides, it's not easy with port forwarding where you basically can only forward port 80 and 443 on your router to one device. If my NAS didn't have a built-in Nginx reverse proxy manager i would have used a reverse proxy container. But this was waste of time for me. Thanks for the tutorial. I also want to mention that I have used the reverse proxy in Synology before but i did it the wrong way. In the domain section, i fill in the domain name of my NAS. and in the port section, i filled in the port i want the outside world connected to. That leads to 3 things. 1st is that you don't have to request a certificate for that app. You can use the certificate of your NAS to secure the app. 2nd is you have to fill in the corresponding port number after the domain name of the NAS if you want to connect to the app. 3rd you still need to open all the ports on your NAS. The last one i didn't like. The fewer ports people see and the less port you have to open the more secure your environment will be.
I've set up Synology firewall to limit access to local IP addresses and port forwarded on my router and in Plex to share a Plex server with friends and family. However I still encounter Plex remote access problem (probably due to Xfinity "Advanced Security" feature). Was looking for an alternative, would reverse proxy be a secure option for that?
Yes, I am happy to do a tutorial on this. I have a few hectic weeks upcoming so I will be releasing prerecorded videos, but in about a month I will do a video on Cloudflare. Cloudflare is a beast with a ton of great functionality, so I want to make sure I take the time do do the tutorial properly! Thanks for all the support!
@@WunderTechTutorials Thank you for the guide. I'm also curious on how to do this via Cloudflare. Very noobie haha but I did finish watching your Cloudflare video.
Great tutorial, easy to understand. Thank you so much. I see now my setup has been clunky as hell for years. No more though ;) A little tip that I found to get the Synology mobile apps to work (Finder, File, Get, in my case. Also Solid Explorer btw) was to add the port number to the URL, to get access, otherwise it wouldn't work. That is if you don't want to forward 5000/5001. I primarily did this to forward as few ports as possible (443). Working like a charm, and using Synology's DDNS paired with Let's Encrypt I only needed one cert (wildcard) for everything. It was even possible possible to upgrade the one I already had. Btw. Is there a difference between using IP and just "localhost" in destination hostname?
Thanks so much for the kind words and thanks for the great info! No difference at all, personal preference -localhost might actually be easier/better if you ever intend on changing the IP address of your NAS.
If you are not hosting a website, is this something that is worthwhile in doing? For what reasons? Just got my first NAS recently so I'm still learning...maybe I should finish the video, lol.
You can still use this if you're interested in exposing different services outside of your local network. It's basically an easy way of exposing services and only opening ports 80/443. Let me know if you have any other questions!
Great video. I'm trying to understand reverse. My question is at the part where you put in the domain. Do I just make up a domain name there or do I put what is linked to my mass? Because the application that I want users access to is coming from that.
Thanks! Generally, the domain name will be whatever A/CNAME record you create on the registrar's side. From there, you'll use the same domain name and then link it to the internal IP.
Hello. Great video, thank you. If I add one subdomain certificate it works, but then I can't add more subdomains, since only one certificate per provider is allowed (google domains in my case). Only synology ddns provider allows wildcards, so I should have added each subdomain when the certificate was created, but I can't know what services will I need in the future... Any tips? Thanks!
Very sorry for missing this comment. I thought that I responded to it, but I must not have. This is one of the limitations on Synology NAS's, unfortunately (as far as I know). I believe that you CAN add a wildcard certificate through the terminal, but it's not very straightforward. Unfortunately, you might have to request a new certificate for each new service (since you aren't sure which ones will exist in the future). Another option is to use a reverse proxy service in Docker like Nginx Proxy Manager. That should manage them a little better!
I am not familiar enough with Cloudflare Tunnels to say, but as far as I know, that's supposed to be a reverse proxy of sorts, so I think you'd use that instead of this.
is there any tutorial on how to setup the domain and how to make them point to synology???? i follow every step you have made and NOTHING WORKS..do i need to do anything with the A record or cname or somethings else? i cant find anybody explaining those and it is really frustrating
I have a video that explains it when using Cloudflare. It won't be identical, but if you watch the DNS portion of that video, it might help explain it a little better.
Your vids are allowing me to slowly get my NAS doing what I want (I lack tech knowledge). Attempting to set up Vaultwarden in Docker. At the 6:03 mark, hostname....where exactly do I get that. Seeing so many different IP addresses has me very confused and I want to get this right. Thanks.
@@WunderTechTutorials host name for the destination. Is it the NAS IP or do you just leave as host name? Also, if using a custom domain is the anything that requires setup on the domain’s host site? Thanks.
@@ms7165 The source will be the domain name that you'll use to connect from the outside and the destination will be the local server's IP address/port. If you purchase a domain, yes, it will require a DNS record pointed to your local network, but if you're using a DDNS provider, then it should just be that hostname.
I purchased a wild card cert and it does not work. I submitted an enhancement request to Synology. I own my own domain and can't believe it only works with Synology me at the moment.
Thanks for great videos👍 I follow exactly your video instruction but my domain adress redirect me to DSM login page. I'm running the newest DMs version.
@@WunderTechTutorials I'm pointing it to 443. I've made specific certificate for each destination i want to go all through port 443. The port ls forwarded on my router it should be okay.
@@WunderTechTutorials I've read in different forums that others got the same issue but did not come up with solutions. Have you try setup reverse proxy in the newest version of DSM 7?
This is great. Thank you but not as comprehensive as I thought it would be. I am curious about the sub domain creation and configuration as well. This video is to the point it provides what its titled states. However, imagine being a noob 🤪 and buying a Synology nas of some type then try to set reverse proxy for different devices and realize you have partial tutorial. Story of my life. But thank you provide some guidance
The issue is that the process is different for every DNS provider, but I'll look into creating a new video that walks through the whole process (though only one DNS provider).
Thank you for the the great video. One question, do I need to create a DNS A record entry for each reverse proxy I make with my ISP. If not, do I just create * and @ A records and point to my Synology Public IP. Thanks again. John
Hi John, Thanks for watching! I believe that technically you can create a wildcard A or CNAME record, but you might experience some issues as you aren't defining an exact name. Generally, they seem to work for some and not for others as far as I know. I always specify the actual name that I will be using because I find it to be a little easier to manage, but it's up to you. You can definitely use a wildcard certificate to manage all of the subdomains. If I can answer any other questions, please let me know! Thanks again for watching!
Hi, Thanks for the tutorial. If I use port 443 for VPN for reverse proxy, do you recommend me using the default port of 1194 for OpenVPN or change it to 443? Does it make a difference? Some countries seem to block 1194. I'm not sure what port to use in config file for VPN if I use reverse proxy
I will be honest in saying that I haven't tried to use port 443 for both the reverse proxy and OpenVPN. In theory, I imagine it will be better if you have it all running on that one port, but there's a chance you might run into issues (though it's just a guess).
Thanks again for this amazing tutorial. I got it almost working. Almost. The reverse proxy only works if I enter the ports on of the default apps. and enter that info in the reverse proxy. In that way I can open via my subdomain url. But now I hope there is a way to add another application to this list, since I want to use reverse proxy for Home Assistant;) If there are any tips let me know.
You basically want to ensure that the source is always set to use port 443 with a specific hostname and the destination is set to the local server that you're trying to access. This way, you'll always use one port (443) and the subdomain/domain will point to the service you're trying to access.
@@WunderTechTutorials thanks for your answer. However I tried many ways, I seem to have trouble getting it to work like that. Weirdly enough what does work: If I put the destination to HTTPS and port 5001 I can open DSM via my subdomain with https. If I put the destination to port 5000 I can't open DSM via my subdomain via http. When I enter my subdomain url in a browser if I use HTTP for the source, the url that results is with port 5000 behind it. if it is HTTPS I'll get port 5001 in the url. (I hope you get what I try to say here:)
@@koeiekop1973 I think I see what you're saying, but I'm not entirely sure why it's happening. The source should always be set to HTTPS and port 443. From there, the destination should be HTTP and port 5000 or HTTPS and port 5001.
@@WunderTechTutorials yep. But the challenge is that I hope to get the HomeAssistant port out (8123) and since this is probably via http I can't seem to link it to my subdomains via reverse proxy. If you or anyone else has a bright moment and has an idea what's going wrong here, suggestions are welcome;)
@@koeiekop1973 HA shouldn't be any different than any other services. Ultimately, you want the source to be HTTPS, enter your subdomain, use port 443, and on the destination, use HTTP and the HA IP address/port.
i did everything us stated but for some reason when i type in my dns address it takes me to the synology landing page instead of my Raspberry Pi. Thank you
Just came across this tutorial and really enjoyed it. Quick question... Is it possible to have Web Station running while doing the reverse proxy? I need to have Web Station running for IDrive client to work, but Web Station seems to take over 80/443 such that whenever browsing to subdomain.domain.tld as defined in the reverse proxy setup, I'm brought to the Web Station page that reads "Web Station has been enabled. To finish setting up your website, please see the "Web Service" section of DSM Help." Thanks!
I'll be honest in saying that I haven't used both at the same time, but can you change the ports in Web Station? If you can, I imagine that it will work - assuming you set your website to use something other than 80/443.
@@WunderTechTutorials That was my first thought, but I can't find any way to change the ports for the default server instance in Web Station. Anyway, thanks for the reply. Appreciate it.I'll let you know if I figure it out.
Just wanted to let you know, it was a browser issue. Worked fine in a private window/separate browser. I've been reading a lot of your Synology articles on your website. Great stuff and very helpful. Also, wanted to get your thoughts on a few things... Do you think there's a real benefit to using the reverse proxy for the Synology web apps when they all share the same ports with DSM by default, thereby already minimizing the necessary forwarded ports? I understand that you could give all Synology web apps like File Station, Photos, Drive, etc., their own custom ports, allowing you to separate and block access to DSM desktop from the outside. However, is the added administration overhead of configuring custom ports as well as HTTP (for redirection) and HTTPS reverse proxy entries for each of the other apps, worth the trouble? Additionally, please correct me if I'm wrong, but other common applications such as Drive Server file syncing (TCP 6690) have hard coded ports on the client side application and, therefore, cannot be accessed through the 443 reverse proxy and need a forwarded port anyway.
@@josephdelvecchio235 Glad you got it working. I haven't tried to use Synology Drive with a reverse proxy (only use it with VPN), so I'm not sure if there would be issues with syncing. However, a reverse proxy is generally more secure than using the DSM port because it's a specific domain name, meaning the person trying to exploit the system must know the exact domain name to access it. Using a reverse proxy also allows you to put Cloudflare in front of it (if desired) which will increase security as well. Overall, it's never a good idea to port forward the DSM port, but if you were able to separate all other services onto their own port (not even sure if it's possible), it would be better, though still not as good as a reverse proxy.
I set up synology reverse proxy and took it one step further with cloudflare account to mask my public ip. I can connect to my diskstation just find through my hostname. But I am having trouble trying to share files using synology share link. Any idea what I need to do to clear this up? When I create the link, I can give it to a user. They are able to get to my diskstation file download page. But when they click download, it says file not found.
Are you replacing the link generated with the name of your reverse proxy? I know that some people have trouble with that (as it will add the DDNS hostname + port by default). I don't think it has anything to do with Cloudflare, but if you suspect that it is the problem, you can change your NAS in Cloudflare to "DNS Only" (grey cloud just to test), then see if everything works.
Great tutorial helped me a lot. Yet I am still lost. I have a DS220+ with wordpress installed. I have a domain purchased from Google. I would like to host my site from the NAS, but when I set it up all i get is the web station welcome screen, not the Wordpress site. To complicate things I,m trying to run DDNS on a DHCP XFINITY cable modem. Any help is greatly appreciated
In the web station settings, did you point it directly to the WordPress folder? I have a tutorial on how you can set up WordPress on a Synology NAS (ruclips.net/video/eqfwETTQCvU/видео.html) - can you run through that and see if your settings match it? It sounds like DDNS is working properly.
Hmm, that's strange. Are you able to access it from outside of your LAN? Do you have a firewall in place that might be indirectly restricting access from your local network? An example of that would be if you're limiting traffic on port 443 to your current country. Make sure you create a second firewall rule for your local network as well.
Thanks for the tutorial, I am pretty sure I have everything setup correctly but and getting 'Error 502 : Bad gateway' when trying to access one of my proxied domains and totally stuck :(
Can you try any of the suggestions on this page for the "bad gateway" error? www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/#2_Nginx_Proxy_Manager_Setup_-_Synology_NAS
I'm a bit confused as I'm looking this up before I have the actual hardware. Do I need another device running as the reverse proxy server for my plex instance or can this all be done on a ds920+?
@@WunderTechTutorials Perfect, thanks for the reply! Though I am having trouble actually getting my subdomain to actually work, not sure why as when I open the port and use my public IP to access it it's fine. Both 80 and 443 are open, are there any logs or something to actually figure out whats going wrong here?
@@pumpkin1escobar Not any logs that I am aware of (though I'm sure you can find them through SSH). You pointed the subdomain to your DDNS hostname/external IP address and it's not resolving?
@@WunderTechTutorials I'm not using a DDNS (would that make it easier?) but yeah I have it pointing to my external IP (with no ports) and it's not resolving. I have no idea why it's not when I have 80/442 forwarded, If I forward port for plex I can use my external IP and the port to access it but nothing otherwise. EDIT: Okay, I found out it's my shitty ISPs dns not updating. I used my VPN and it resolves just fine.
@@pumpkin1escobar So just to confirm, you pointed the subdomain that you purchased to your local network using an A record and the external IP address?
Hi mister, do you have a video on how to let one or more containers make use of a VPN container? What i mean is that the traffic of container A is routed through Container B which is the VPN container. There are video's on how to add multiple apps into one docker file where they can use the VPN of one of the apps but the risk of that is that if the VPN restarted or updated you will lose all the other apps that use the VPN service.
In 4:00 mins can I use my DDNS name for the hostname there? When I try to create a certificate it fails because it says the domain name is invalid. I'm trying to use one I bought from NameSilo. The settings for Access Control Profile won't work as you say because most plex clients do not have static IPs.
Yes, you can! Keep in mind that you will only be able to use that DDNS hostname for one service (unless you use subdomains), but you should be able to use it. I have a few videos (bitwarden) that use a DDNS hostname. For the Access Control Profile, I agree! I tried to keep everything general and just explain how it could work, but for something like Plex, there will be too many dynamic IP addresses to be able to use it.
Do you know how to get the plex apps to work outside your network with the reverse proxy and subdomain? I have it working via a web browser but the apps do not look to like it.
I have a video on how you can set up Plex with a reverse proxy, but there are a few settings inside of Plex that you will have to update as well. If I get some time, I will try and create a video on it as I know that a few people have had issues with it.
I don't understand what must be put for the Destination: Hostname ? And why when entering the port of my container for the Source:Port does it not work ?
The destination hostname will be the local IP address of the service and the port will be whatever port it's listening on. If it's not working, make sure you did the port forwarding correctly and selected the correct, HTTP or HTTPS values.
@@WunderTechTutorials For the source the Hostname is whatever you want it along with a custom domain as in my case; then port should be 443. For destination; the host name should be the IP for the NAS along with port 5000 this is what I'm doing along with what I was instructed to do, although it's not working ?
Another amazing video - thank you. However, I'm really struggling with Jellyfin, reverse proxy & certs. I wonder if you would make a video specifically on this for synology users, perhaps? Seemingly I am doing everything correctly and following your videos, and can get remote access to Jellyfin working over http - but not over https, which is a massive worry. I get the browser warning symbol :( I have set up DDNS using synology.me service; set up the reverse proxy as per this video (ensuing http / 8096 for destination) & checked cert is logged against the DDNS (it is). Any help or support would be very much appreciated!
Probably also worth noting, when logging into Jellyfin admin panel and ticking to enable HTTPS (and selecting nothing else), then clicking save, it won't allow it and will not save the setting
Let's take a step back. Are you trying to expose Jellyfin outside of your local network? Or only use it internally? If you're only looking to use it internally, it's okay to use HTTP (as long as your local network is trusted). If you're looking to expose it, you need to use HTTPS. Let me know your goal and I will let you know how we can hopefully get there!
Hi thanks for a great tutorial. I have an issue which I cant seem to sort out following these steps. Once everything is setup I can access the synology (using the domain name that is purchased) only when Im inside my wifi network. from outside it is unresponsive. Ive tried to ping the domain name, as well as the router IP to no result (packests are transmitted but non are received). I have been able to connect to it before using the regular setup of having a synology.me domain. I was also successfull in getting my lets encrypt cert, so Im sure that a connection can be made. Any thoughts on the matter would be appreciated.
By any chance, have you implemented Synology's firewall? If you did, are you only allowing traffic from internal IP addresses? This will have to be changed if you are.
@@WunderTechTutorials I have exceptions added to my synology firewall, I infact I even tried it without a firewall to no effect. so the line of communication is: domain name registrar pointing domain name to name severs of server service -> external server service pointing subdomain as CNAME record to router IP as A record -> router port 80 and 443 to static IP of synology :80 and :443 respectively -> Synology nas: firewall -> synology nas reverse proxy: domain name on 443 to 'internal IP' on 'Port of Service to be used' with HTTP
@@pjf2252 That all sounds correct on the surface. Have you created a reverse proxy for DSM using port 5000/5001? I am assuming that's what you want to expose outside of your local network, right?
@@WunderTechTutorials I have the domain CNAME pointing to my NAS and it's been working fine for months. However I followed the steps to create the reverse proxy but I cannot access the subdomain created. browser says DNS address cannot be found. Anything else has to be created to find the subdomain?
@@guritche Did you happen to create a CNAME record for the subdomain as well? You will have to do that on your domain registrar, but as long as that's set up and the Reverse Proxy is set up, those are the only "necessary" steps.
i have an issue either using this tutorial or nginx proxy manager, when i set everting up, and i enter the url eg. "deluge.mydomain.com" it converted into "deluge.mydomain.com:5000" and not working, i used cloudflare to create the subdomain using 'A' forwarding to my external ip
Just commented on your other post. I assumed you might be using Cloudflare as I had an issue with this as well. Try and set Cloudflare as "DNS Only" when getting the SSL certificate. That should fix it, but let me know how it goes!
I had the same problem with DSM but that was because one of the settings of DSM is that it automatically converts HTTP request to HTTPS. Maybe for Deluge that is the same. You have to remove the HTTP to HTTPS conversion. . Just use the HTTP port because the reverse proxy will secure it for you through port 443.
Great tutorial, I've been watching a bunch of your videos and it's insanely helpful. I have a question if anyone happens to have a minute to respond. I've followed this guide, however when I go to my sites from an external computer I get a "Dangerous" warning with the message "Deceptive site ahead" from Google Chrome saying that it's a phishing site that should be avoided. It does say that the certificate is valid, and in other browsers I see the site just fine. It looks like this has to do with Google's Safe Browsing feature but I'm really not sure how to stop that from happening. Any assistance will be greatly appreciated.
@@WunderTechTutorials I thought I replied to this, but it looks like it disappeared. Maybe because it included a link to Imgur. I think it is set up correctly, but perhaps I did something wrong. Weird thing is it shows up in Firefox with no issues, it's only Chrome that has an issue.
@@KmSiDevastate Yeah, if it had a link, RUclips unfortunately usually removes it automatically. If you try and navigate to it from a cell phone (something off your local network, using an external network) can you get there? Any errors there?
@@WunderTechTutorials Yea with a cell phone (wifi disconnected of course) I can navigate there, but I get the same red page, I can pass the page by saying I understand the risks, so this is only a minor annoyance. I actually care less about the annoyance, and more about knowing why it's happening. My mobile browser is Chrome. After downloading Firefox on my phone to test. I can navigate to the page in Firefox just fine with no warnings, and it says the cert is valid from Let's Encrypt.
You would need to set up an A (static IP) or CNAME (dynamic IP) record, then create the reverse proxy for that specific service. The proxy host would simply be the subdomain you're using (subdomain.yourdomain.com).
How do I setup this, but only for local network? eg - synology is synology:5000 and gitlab is synology:3000 how can I make it so entering gitlab.synology:80 would lead me to gitlab?
Reverse proxies are really for external traffic, however, if you set up a local DNS server (I have a few videos on Pi-hole) or host record, you can create domain names for each service. For example, you can have gitlab.synology:80 point to a local IP address and when you navigate to that, get to your gitlab server. This video more eloquently explains it: ruclips.net/video/VoF-qqKwIWw/видео.html
@@WunderTechTutorials Thanks. I seem to have figured things out. But it had so many caveats. eg. "app.synology" reverse proxy did not work when nas was on "synology:5000" (hostname only), had to make it so that nas had domain and hostname - "nas.synology:5000" then reverse proxy with "app.synology" started working. had to make router redirect both nas.synology and app.synology to same ip which took some digging. Oh and firewall. had to open 80 port Oh and then synology redirects 80 to 5000 before reverse proxy can take care of redirect... webstation seems to solve that... Without degree in IT I would not have managed that since I swear there are no tutorials how to achieve this
@@lifebarier It is fairly confusing because Synology automatically redirects port 80 to 5000, but ONLY internally. If you try that externally, it won't forward you there. Glad that you got it working, but I agree, it is very complex.
Great tutorials. But I run into a problem trying to combine the following : - reverse proxys - dynamic dns - applications portals - let's encrypt Here's what happens : 1) on the dynamic dns (I used entrydns.net), I' ve configured 6 services that points to the NAS : admin, calendar, contacts, drive, note & photo all are subdomains of the same NAS device. Ex.: photo.mynas.myname.entrydns.org 2) configured the reverse proxy to arrive on 443 (with HSTS) and to route to localhost:PORT (tried the 4 configs, with/without HSTS, and localhost or the internal IP address of the NAS - same issue) 3) configured the PORT for each service in the APP portal, and also added the alias as the name of the service for when I access internally. 4) got a certificate for the 6 services, and linked each one to each service 5) opened the 443 port on the router and forwarded it directly to the NAS When I try to connect from outside, it wants to use the synology.com certificate and go to the 5001 port and under https & therefore they all go to the DSM portal (not their app portals). On the other hand, when using the internal DNS with app portal, that works, although it always wants to use the synology.com certificate. Using latest DSM 7.0.1-42218 Update 3
Let's try and just get one of them working. I imagine that the source is set to HTTPS, then the domain name and port 443. On the destination side, you are pointing to the local server, correct? Then, if you try and access the website, where exactly does it bring you?
Did anyone literally managed to use that access control feature ? I tried again and again, it simply won't work in the way that it is supposed to work. See I allow only 1 PC in my network. Then Deny access to the rest in the access controls. But it simply blocks all access :D I did the reverse, allowed everyone but 1 specific IP, again did not work. Also used IP ranges too, it simply won't work that way. Easy to advertise, and looks very promising but when you try it really does not even work. Typical synology features, half of them don't even work in the way it is supposed to work. Some does not even work at all, some are buggy, the rest works like a cripple... Let me know if someone finds a way to make use of it.
The ports are reserved for the reverse proxy. This is still working as of DSM 7.2 (though the screenshots are from DSM 6). I'd check to make sure something else isn't blocking it.
Hi, sorry to keep bothering you. I tried your reverse proxy instruction while trying to set up video station on my synology. Following your instructions for plex, I try to connect to video station using localhost ip:port (port listed I can use and set for video station), and I get the following error: "400 Bad Request: The plain HTTP request was sent to HTTPS port - nginx". After reading up and watching your video, I thought part of the problem was that I hadn't downloaded a Lets encrypt SSL certificate. I tried that which also did not work and I sent you a question concerning that. I am obviously not doing something right. Any advice would be greatly appreciated on both those problems. Thank you so much.
That sounds like you might have set the destination as HTTPS when it should have been set as HTTP. Not all services listen on both HTTPS and HTTP, so you'll have to change that based on the specific service you're trying to use.
I have been struggling with this process for weeks due to tutorials expecting users to have full understanding of the options or expecting certain steps to already be done. Starting with a strong clear explanation was very helpful!
Thanks so much! I'm glad the video helped!
As a recent new sub of a few days ago and having watched quite a many so far of your NAS Tutorial vids, I just wanna point out how excellent these tutorials are. It’s important to point that out in feedback vs just saying it’s a good, great video.
Not only are you showing and explaining step by step in details How To Do and Why which is quite important, your also doing something else fundamentally and that is to “educate” the viewer. To me that is HUGE! I don’t know if that’s intentional but I damn appreciate that in understanding as it makes me more understanding overall of the content and topic. I’m not going to say I’m all techie, though I use it and work in Engineering and Process Control Industrial Automations.
Not everyone can know or is expected to know everything, hence all our questions. But you provide substance of context in explaining that I and others can understand these ports in example with real understanding. A 20 min video bother me not in the slightest. People that watch these vids want to understand things and not just say check this, check that etc. Taking the time to properly explain things and some Networking concepts help everyone that invest time and attention to watching for understanding of how to do what and why. With all the fine details as well. So much appreciated and in help making me and everyone else wonderful in Tech.
I really appreciate the kind words! Glad to hear that the information is educational, as I try and bridge the gap as best as I can. Thanks so much for the support!
On DSM 7.2 Reverse Proxy Settings has moved to Control Panel > System > Login Portal > Advanced . . . . Keep up the good work WunderTech
Very well-made tutorial. Clear instructions, with good explanations without going too deep into every definition or straying away from the subject at hand. Looking forward to checking out more of your work here. Cheers!
Thanks so much, I appreciate the kind words! Thank you for watching!
Very good tutorial. Especially the picture at the beginning to the reverse proxy!
What is missing is that you have to create sub domains at your provider first.
Thanks! Yes, I was going to show that but there are so many different registrars that I thought it would only apply to a small portion of the audience. I do have a video on how to use Cloudflare which shows this (I love Cloudflare), but I will definitely keep it in mind for future tutorials!
Wow... Wunderbar tutorial! No steps/explanation skipped :)
Thanks so much for watching! I'm glad it helped!
This is super powerful and useful service, I looking for this function for a long time, read a lot of tutorial on video and doc but still not figure it out. After your tutorial, I can handle reverse proxy and work well to me. Thanks so much!!
Glad that it helped, thanks so much for watching!
Super helpful, one of the few who goes into the details !
Hi WunderTech, I love your video on Synology. Please keep up doing the great jobs for us. Thank you.
Thanks so much! Glad that they helped!
Reverse Proxy is such a powerful tool!
Very good explanation
Maaan thank you so much for such detailed explanations 🎉 it's been like years that I never got this😂 and you explain that so thoughtfuly ❤ thank you so much ❤
Thank you for this tutorial. Perfect explanation what to do and how it works. Great job
Awesome description. The best I've seen yet. thanks....
Very good tutorial and helped a lot to understand reverse proxy setup in synology.. thanks
Great tutorial. Very well explained.
I had SWAG already running but this tutorial opens my eyes, and so i stopped trying to get a proxy manager container running, while i basically have the same options on my Synology NAS. Besides, it's not easy with port forwarding where you basically can only forward port 80 and 443 on your router to one device. If my NAS didn't have a built-in Nginx reverse proxy manager i would have used a reverse proxy container. But this was waste of time for me. Thanks for the tutorial. I also want to mention that I have used the reverse proxy in Synology before but i did it the wrong way. In the domain section, i fill in the domain name of my NAS. and in the port section, i filled in the port i want the outside world connected to. That leads to 3 things. 1st is that you don't have to request a certificate for that app. You can use the certificate of your NAS to secure the app. 2nd is you have to fill in the corresponding port number after the domain name of the NAS if you want to connect to the app. 3rd you still need to open all the ports on your NAS. The last one i didn't like. The fewer ports people see and the less port you have to open the more secure your environment will be.
I'm glad to hear it helped! Thanks for the great info!
Thank you very much for this tutorial!
Glad to hear it helped! Thanks for watching!
Great detailed video thanks
Awesome video mate thank you very much.
Thanks for the tut. Can i keep track/log the access to my reverse proxys?
There is a section to limit access if you'd like, but that's all I think there is.
simply perfect!
Hi. Thank you for the video! Do I have to setup port-forwarding on my router when I setup reverse proxy?
Hello! Yes, you do. I just released written instructions if helpful: www.wundertech.net/synology-reverse-proxy-setup-config/
Excellent video. loved it
Thanks so much! I love your videos, keep up the great work!
@@WunderTechTutorials Thank you very much. let's do something together! could be interesting.
I've set up Synology firewall to limit access to local IP addresses and port forwarded on my router and in Plex to share a Plex server with friends and family. However I still encounter Plex remote access problem (probably due to Xfinity "Advanced Security" feature). Was looking for an alternative, would reverse proxy be a secure option for that?
Please can you do video on the CDN cloudfare part of this setup? So setting up a Domain name to point to your nas?
Yes, I am happy to do a tutorial on this. I have a few hectic weeks upcoming so I will be releasing prerecorded videos, but in about a month I will do a video on Cloudflare. Cloudflare is a beast with a ton of great functionality, so I want to make sure I take the time do do the tutorial properly! Thanks for all the support!
@@WunderTechTutorials Thank you for the guide. I'm also curious on how to do this via Cloudflare. Very noobie haha but I did finish watching your Cloudflare video.
Thank you, excellent
So nothing about dns don't you have to create cnams and point back to the Synology?
Great tutorial, easy to understand. Thank you so much. I see now my setup has been clunky as hell for years. No more though ;)
A little tip that I found to get the Synology mobile apps to work (Finder, File, Get, in my case. Also Solid Explorer btw) was to add the port number to the URL, to get access, otherwise it wouldn't work. That is if you don't want to forward 5000/5001.
I primarily did this to forward as few ports as possible (443). Working like a charm, and using Synology's DDNS paired with Let's Encrypt I only needed one cert (wildcard) for everything. It was even possible possible to upgrade the one I already had.
Btw. Is there a difference between using IP and just "localhost" in destination hostname?
Thanks so much for the kind words and thanks for the great info! No difference at all, personal preference -localhost might actually be easier/better if you ever intend on changing the IP address of your NAS.
If you are not hosting a website, is this something that is worthwhile in doing? For what reasons? Just got my first NAS recently so I'm still learning...maybe I should finish the video, lol.
You can still use this if you're interested in exposing different services outside of your local network. It's basically an easy way of exposing services and only opening ports 80/443. Let me know if you have any other questions!
Great content
Thanks so much!
Great video. I'm trying to understand reverse. My question is at the part where you put in the domain. Do I just make up a domain name there or do I put what is linked to my mass? Because the application that I want users access to is coming from that.
Thanks! Generally, the domain name will be whatever A/CNAME record you create on the registrar's side. From there, you'll use the same domain name and then link it to the internal IP.
Hello. Great video, thank you.
If I add one subdomain certificate it works, but then I can't add more subdomains, since only one certificate per provider is allowed (google domains in my case).
Only synology ddns provider allows wildcards, so I should have added each subdomain when the certificate was created, but I can't know what services will I need in the future...
Any tips? Thanks!
Very sorry for missing this comment. I thought that I responded to it, but I must not have.
This is one of the limitations on Synology NAS's, unfortunately (as far as I know). I believe that you CAN add a wildcard certificate through the terminal, but it's not very straightforward. Unfortunately, you might have to request a new certificate for each new service (since you aren't sure which ones will exist in the future).
Another option is to use a reverse proxy service in Docker like Nginx Proxy Manager. That should manage them a little better!
@Super Mario Thanks so much for sharing! I will test this out when I get some time. Great feedback, because a lot of people want to do this!
Hi, Thanks for the wonderful tutorial. Is it possible to use it with cloudflare tunnels so that I don't have to open ports on the router?
I am not familiar enough with Cloudflare Tunnels to say, but as far as I know, that's supposed to be a reverse proxy of sorts, so I think you'd use that instead of this.
@@WunderTechTutorialsAll good. Thank you so much for your reply. 🙏
is there any tutorial on how to setup the domain and how to make them point to synology???? i follow every step you have made and NOTHING WORKS..do i need to do anything with the A record or cname or somethings else? i cant find anybody explaining those and it is really frustrating
I have a video that explains it when using Cloudflare. It won't be identical, but if you watch the DNS portion of that video, it might help explain it a little better.
Your vids are allowing me to slowly get my NAS doing what I want (I lack tech knowledge). Attempting to set up Vaultwarden in Docker. At the 6:03 mark, hostname....where exactly do I get that. Seeing so many different IP addresses has me very confused and I want to get this right. Thanks.
What exactly are you looking for? The hostname? And for what - the source or destination?
@@WunderTechTutorials host name for the destination. Is it the NAS IP or do you just leave as host name? Also, if using a custom domain is the anything that requires setup on the domain’s host site? Thanks.
@@ms7165 The source will be the domain name that you'll use to connect from the outside and the destination will be the local server's IP address/port. If you purchase a domain, yes, it will require a DNS record pointed to your local network, but if you're using a DDNS provider, then it should just be that hostname.
I purchased a wild card cert and it does not work. I submitted an enhancement request to Synology. I own my own domain and can't believe it only works with Synology me at the moment.
Thanks for great videos👍 I follow exactly your video instruction but my domain adress redirect me to DSM login page. I'm running the newest DMs version.
How do you have the reverse proxy set up? Are you pointing back to the DSM port or port 443?
@@WunderTechTutorials I'm pointing it to 443. I've made specific certificate for each destination i want to go all through port 443. The port ls forwarded on my router it should be okay.
@@WunderTechTutorials I've read in different forums that others got the same issue but did not come up with solutions. Have you try setup reverse proxy in the newest version of DSM 7?
@@runetjeppesen Yes and no issues on my side. What are the exact reverse proxy settings you're using?
This is great. Thank you but not as comprehensive as I thought it would be. I am curious about the sub domain creation and configuration as well. This video is to the point it provides what its titled states. However, imagine being a noob 🤪 and buying a Synology nas of some type then try to set reverse proxy for different devices and realize you have partial tutorial. Story of my life. But thank you provide some guidance
The issue is that the process is different for every DNS provider, but I'll look into creating a new video that walks through the whole process (though only one DNS provider).
@@WunderTechTutorials bro, no jk. I love you 🤩 Cloud flare?
Thank you for the the great video.
One question, do I need to create a DNS A record entry for each reverse proxy I make with my ISP. If not, do I just create * and @ A records and point to my Synology Public IP.
Thanks again.
John
Hi John,
Thanks for watching! I believe that technically you can create a wildcard A or CNAME record, but you might experience some issues as you aren't defining an exact name. Generally, they seem to work for some and not for others as far as I know.
I always specify the actual name that I will be using because I find it to be a little easier to manage, but it's up to you. You can definitely use a wildcard certificate to manage all of the subdomains.
If I can answer any other questions, please let me know! Thanks again for watching!
Hi, Thanks for the tutorial. If I use port 443 for VPN for reverse proxy, do you recommend me using the default port of 1194 for OpenVPN or change it to 443? Does it make a difference? Some countries seem to block 1194. I'm not sure what port to use in config file for VPN if I use reverse proxy
I will be honest in saying that I haven't tried to use port 443 for both the reverse proxy and OpenVPN. In theory, I imagine it will be better if you have it all running on that one port, but there's a chance you might run into issues (though it's just a guess).
Thanks again for this amazing tutorial. I got it almost working. Almost. The reverse proxy only works if I enter the ports on of the default apps. and enter that info in the reverse proxy. In that way I can open via my subdomain url. But now I hope there is a way to add another application to this list, since I want to use reverse proxy for Home Assistant;) If there are any tips let me know.
You basically want to ensure that the source is always set to use port 443 with a specific hostname and the destination is set to the local server that you're trying to access. This way, you'll always use one port (443) and the subdomain/domain will point to the service you're trying to access.
@@WunderTechTutorials thanks for your answer. However I tried many ways, I seem to have trouble getting it to work like that. Weirdly enough what does work:
If I put the destination to HTTPS and port 5001 I can open DSM via my subdomain with https.
If I put the destination to port 5000 I can't open DSM via my subdomain via http.
When I enter my subdomain url in a browser if I use HTTP for the source, the url that results is with port 5000 behind it. if it is HTTPS I'll get port 5001 in the url. (I hope you get what I try to say here:)
@@koeiekop1973 I think I see what you're saying, but I'm not entirely sure why it's happening. The source should always be set to HTTPS and port 443. From there, the destination should be HTTP and port 5000 or HTTPS and port 5001.
@@WunderTechTutorials yep. But the challenge is that I hope to get the HomeAssistant port out (8123) and since this is probably via http I can't seem to link it to my subdomains via reverse proxy. If you or anyone else has a bright moment and has an idea what's going wrong here, suggestions are welcome;)
@@koeiekop1973 HA shouldn't be any different than any other services. Ultimately, you want the source to be HTTPS, enter your subdomain, use port 443, and on the destination, use HTTP and the HA IP address/port.
i did everything us stated but for some reason when i type in my dns address it takes me to the synology landing page instead of my Raspberry Pi. Thank you
Did you use the correct HTTP/HTTPS?
Just came across this tutorial and really enjoyed it. Quick question... Is it possible to have Web Station running while doing the reverse proxy? I need to have Web Station running for IDrive client to work, but Web Station seems to take over 80/443 such that whenever browsing to subdomain.domain.tld as defined in the reverse proxy setup, I'm brought to the Web Station page that reads "Web Station has been enabled. To finish setting up your website, please see the "Web Service" section of DSM Help." Thanks!
I'll be honest in saying that I haven't used both at the same time, but can you change the ports in Web Station? If you can, I imagine that it will work - assuming you set your website to use something other than 80/443.
@@WunderTechTutorials That was my first thought, but I can't find any way to change the ports for the default server instance in Web Station. Anyway, thanks for the reply. Appreciate it.I'll let you know if I figure it out.
Just wanted to let you know, it was a browser issue. Worked fine in a private window/separate browser. I've been reading a lot of your Synology articles on your website. Great stuff and very helpful.
Also, wanted to get your thoughts on a few things... Do you think there's a real benefit to using the reverse proxy for the Synology web apps when they all share the same ports with DSM by default, thereby already minimizing the necessary forwarded ports? I understand that you could give all Synology web apps like File Station, Photos, Drive, etc., their own custom ports, allowing you to separate and block access to DSM desktop from the outside. However, is the added administration overhead of configuring custom ports as well as HTTP (for redirection) and HTTPS reverse proxy entries for each of the other apps, worth the trouble? Additionally, please correct me if I'm wrong, but other common applications such as Drive Server file syncing (TCP 6690) have hard coded ports on the client side application and, therefore, cannot be accessed through the 443 reverse proxy and need a forwarded port anyway.
@@josephdelvecchio235 Glad you got it working. I haven't tried to use Synology Drive with a reverse proxy (only use it with VPN), so I'm not sure if there would be issues with syncing. However, a reverse proxy is generally more secure than using the DSM port because it's a specific domain name, meaning the person trying to exploit the system must know the exact domain name to access it. Using a reverse proxy also allows you to put Cloudflare in front of it (if desired) which will increase security as well.
Overall, it's never a good idea to port forward the DSM port, but if you were able to separate all other services onto their own port (not even sure if it's possible), it would be better, though still not as good as a reverse proxy.
I set up synology reverse proxy and took it one step further with cloudflare account to mask my public ip. I can connect to my diskstation just find through my hostname. But I am having trouble trying to share files using synology share link. Any idea what I need to do to clear this up? When I create the link, I can give it to a user. They are able to get to my diskstation file download page. But when they click download, it says file not found.
Are you replacing the link generated with the name of your reverse proxy? I know that some people have trouble with that (as it will add the DDNS hostname + port by default).
I don't think it has anything to do with Cloudflare, but if you suspect that it is the problem, you can change your NAS in Cloudflare to "DNS Only" (grey cloud just to test), then see if everything works.
Great tutorial helped me a lot. Yet I am still lost. I have a DS220+ with wordpress installed. I have a domain purchased from Google. I would like to host my site from the NAS, but when I set it up all i get is the web station welcome screen, not the Wordpress site. To complicate things I,m trying to run DDNS on a DHCP XFINITY cable modem. Any help is greatly appreciated
In the web station settings, did you point it directly to the WordPress folder? I have a tutorial on how you can set up WordPress on a Synology NAS (ruclips.net/video/eqfwETTQCvU/видео.html) - can you run through that and see if your settings match it? It sounds like DDNS is working properly.
Awesome tutorial but I don't seem to be able to access to my domain from within my lan. What do you think could be the issue?
Hmm, that's strange. Are you able to access it from outside of your LAN? Do you have a firewall in place that might be indirectly restricting access from your local network? An example of that would be if you're limiting traffic on port 443 to your current country. Make sure you create a second firewall rule for your local network as well.
@@WunderTechTutorials Hello, yes. I am able to access from outside, im not sure about the firewall, will check rules on my devices, thanks!
Thanks for the tutorial, I am pretty sure I have everything setup correctly but and getting 'Error 502 : Bad gateway' when trying to access one of my proxied domains and totally stuck :(
Can you try any of the suggestions on this page for the "bad gateway" error? www.wundertech.net/nginx-proxy-manager-synology-nas-setup-instructions/#2_Nginx_Proxy_Manager_Setup_-_Synology_NAS
I'm a bit confused as I'm looking this up before I have the actual hardware. Do I need another device running as the reverse proxy server for my plex instance or can this all be done on a ds920+?
Nope! You can use the Synology as a reverse proxy server and then point to services on the local NAS if needed.
@@WunderTechTutorials Perfect, thanks for the reply! Though I am having trouble actually getting my subdomain to actually work, not sure why as when I open the port and use my public IP to access it it's fine. Both 80 and 443 are open, are there any logs or something to actually figure out whats going wrong here?
@@pumpkin1escobar Not any logs that I am aware of (though I'm sure you can find them through SSH). You pointed the subdomain to your DDNS hostname/external IP address and it's not resolving?
@@WunderTechTutorials I'm not using a DDNS (would that make it easier?) but yeah I have it pointing to my external IP (with no ports) and it's not resolving. I have no idea why it's not when I have 80/442 forwarded, If I forward port for plex I can use my external IP and the port to access it but nothing otherwise.
EDIT: Okay, I found out it's my shitty ISPs dns not updating. I used my VPN and it resolves just fine.
@@pumpkin1escobar So just to confirm, you pointed the subdomain that you purchased to your local network using an A record and the external IP address?
What if the local server is the Synology Web Station?
You won't be able to use port 443 for both. You'll have to change the web server's port.
Hi mister, do you have a video on how to let one or more containers make use of a VPN container? What i mean is that the traffic of container A is routed through Container B which is the VPN container. There are video's on how to add multiple apps into one docker file where they can use the VPN of one of the apps but the risk of that is that if the VPN restarted or updated you will lose all the other apps that use the VPN service.
I don't have a video on that, but I will keep this in mind for future tutorials! I need to look up exactly how that would work, but it seems possible!
@@WunderTechTutorials Thanks!
In 4:00 mins can I use my DDNS name for the hostname there?
When I try to create a certificate it fails because it says the domain name is invalid. I'm trying to use one I bought from NameSilo.
The settings for Access Control Profile won't work as you say because most plex clients do not have static IPs.
Yes, you can! Keep in mind that you will only be able to use that DDNS hostname for one service (unless you use subdomains), but you should be able to use it. I have a few videos (bitwarden) that use a DDNS hostname.
For the Access Control Profile, I agree! I tried to keep everything general and just explain how it could work, but for something like Plex, there will be too many dynamic IP addresses to be able to use it.
Do you know how to get the plex apps to work outside your network with the reverse proxy and subdomain? I have it working via a web browser but the apps do not look to like it.
I have a video on how you can set up Plex with a reverse proxy, but there are a few settings inside of Plex that you will have to update as well. If I get some time, I will try and create a video on it as I know that a few people have had issues with it.
I don't understand what must be put for the Destination: Hostname ?
And why when entering the port of my container for the Source:Port does it not work ?
The destination hostname will be the local IP address of the service and the port will be whatever port it's listening on. If it's not working, make sure you did the port forwarding correctly and selected the correct, HTTP or HTTPS values.
@@WunderTechTutorials For the source the Hostname is whatever you want it along with a custom domain as in my case; then port should be 443.
For destination; the host name should be the IP for the NAS along with port 5000 this is what I'm doing along with what I was instructed to do, although it's not working ?
Did you complete the port forwarding and map the custom domain to the IP where the reverse proxy server is?
@@WunderTechTutorials I never did any port forwarding, I only mapped the custom domain as the source.
@@WunderTechTutorials Should I setup port-forwarding on the router first; I did just that for DSM.
Another amazing video - thank you. However, I'm really struggling with Jellyfin, reverse proxy & certs. I wonder if you would make a video specifically on this for synology users, perhaps?
Seemingly I am doing everything correctly and following your videos, and can get remote access to Jellyfin working over http - but not over https, which is a massive worry. I get the browser warning symbol :(
I have set up DDNS using synology.me service; set up the reverse proxy as per this video (ensuing http / 8096 for destination) & checked cert is logged against the DDNS (it is).
Any help or support would be very much appreciated!
Probably also worth noting, when logging into Jellyfin admin panel and ticking to enable HTTPS (and selecting nothing else), then clicking save, it won't allow it and will not save the setting
Also when using www.ssllabs.com/ssltest/index.html and inputting the synology DDNS, it fails...I'm so confused rn!
Let's take a step back. Are you trying to expose Jellyfin outside of your local network? Or only use it internally? If you're only looking to use it internally, it's okay to use HTTP (as long as your local network is trusted). If you're looking to expose it, you need to use HTTPS.
Let me know your goal and I will let you know how we can hopefully get there!
@@WunderTechTutorials the goal is to expose Jellyfin to the internet over HTTPS 👍
@@WunderTechTutorials Thanks for the reply. Trying to expose externally via HTTPS 👍
Hi thanks for a great tutorial. I have an issue which I cant seem to sort out following these steps. Once everything is setup I can access the synology (using the domain name that is purchased) only when Im inside my wifi network. from outside it is unresponsive. Ive tried to ping the domain name, as well as the router IP to no result (packests are transmitted but non are received). I have been able to connect to it before using the regular setup of having a synology.me domain. I was also successfull in getting my lets encrypt cert, so Im sure that a connection can be made.
Any thoughts on the matter would be appreciated.
By any chance, have you implemented Synology's firewall? If you did, are you only allowing traffic from internal IP addresses? This will have to be changed if you are.
@@WunderTechTutorials I have exceptions added to my synology firewall, I infact I even tried it without a firewall to no effect.
so the line of communication is:
domain name registrar pointing domain name to name severs of server service -> external server service pointing subdomain as CNAME record to router IP as A record -> router port 80 and 443 to static IP of synology :80 and :443 respectively -> Synology nas: firewall -> synology nas reverse proxy: domain name on 443 to 'internal IP' on 'Port of Service to be used' with HTTP
@@pjf2252 That all sounds correct on the surface. Have you created a reverse proxy for DSM using port 5000/5001? I am assuming that's what you want to expose outside of your local network, right?
when i try to use 443 it says domain name is already used
Did you set it up somewhere else on the NAS?
I'm getting ssl encryption problems from Android apps but not web. Why is that
Are you using the same hostname?
do i need to point my domain to my nas before all these setup? if so, what should i do???
You will need to create an A/CNAME record for the domain that you'd like to use and then point it to your local network.
@@WunderTechTutorials I have the domain CNAME pointing to my NAS and it's been working fine for months. However I followed the steps to create the reverse proxy but I cannot access the subdomain created. browser says DNS address cannot be found. Anything else has to be created to find the subdomain?
@@guritche Did you happen to create a CNAME record for the subdomain as well? You will have to do that on your domain registrar, but as long as that's set up and the Reverse Proxy is set up, those are the only "necessary" steps.
i have an issue either using this tutorial or nginx proxy manager, when i set everting up, and i enter the url eg. "deluge.mydomain.com" it converted into "deluge.mydomain.com:5000" and not working, i used cloudflare to create the subdomain using 'A' forwarding to my external ip
Just commented on your other post. I assumed you might be using Cloudflare as I had an issue with this as well. Try and set Cloudflare as "DNS Only" when getting the SSL certificate. That should fix it, but let me know how it goes!
@@WunderTechTutorials yes i am using cloudflare and it is “dns only”
I had the same problem with DSM but that was because one of the settings of DSM is that it automatically converts HTTP request to HTTPS. Maybe for Deluge that is the same. You have to remove the HTTP to HTTPS conversion. . Just use the HTTP port because the reverse proxy will secure it for you through port 443.
Great tutorial, I've been watching a bunch of your videos and it's insanely helpful. I have a question if anyone happens to have a minute to respond. I've followed this guide, however when I go to my sites from an external computer I get a "Dangerous" warning with the message "Deceptive site ahead" from Google Chrome saying that it's a phishing site that should be avoided. It does say that the certificate is valid, and in other browsers I see the site just fine. It looks like this has to do with Google's Safe Browsing feature but I'm really not sure how to stop that from happening. Any assistance will be greatly appreciated.
Thanks! If you got the certificate, did you select "Configuration" in DSM and assign the Let's Encrypt certificate to the proxy?
@@WunderTechTutorials I thought I replied to this, but it looks like it disappeared. Maybe because it included a link to Imgur. I think it is set up correctly, but perhaps I did something wrong. Weird thing is it shows up in Firefox with no issues, it's only Chrome that has an issue.
Maybe this will work, lol. It's an Imgur link ;) --- a/0HmrgAg
@@KmSiDevastate Yeah, if it had a link, RUclips unfortunately usually removes it automatically. If you try and navigate to it from a cell phone (something off your local network, using an external network) can you get there? Any errors there?
@@WunderTechTutorials Yea with a cell phone (wifi disconnected of course) I can navigate there, but I get the same red page, I can pass the page by saying I understand the risks, so this is only a minor annoyance. I actually care less about the annoyance, and more about knowing why it's happening. My mobile browser is Chrome.
After downloading Firefox on my phone to test. I can navigate to the page in Firefox just fine with no warnings, and it says the cert is valid from Let's Encrypt.
How do I point my domain name to reverse proxy we just setup?
You would need to set up an A (static IP) or CNAME (dynamic IP) record, then create the reverse proxy for that specific service. The proxy host would simply be the subdomain you're using (subdomain.yourdomain.com).
How do I setup this, but only for local network?
eg - synology is synology:5000 and gitlab is synology:3000
how can I make it so entering gitlab.synology:80 would lead me to gitlab?
Reverse proxies are really for external traffic, however, if you set up a local DNS server (I have a few videos on Pi-hole) or host record, you can create domain names for each service. For example, you can have gitlab.synology:80 point to a local IP address and when you navigate to that, get to your gitlab server. This video more eloquently explains it: ruclips.net/video/VoF-qqKwIWw/видео.html
@@WunderTechTutorials
Thanks. I seem to have figured things out. But it had so many caveats.
eg. "app.synology" reverse proxy did not work when nas was on "synology:5000" (hostname only), had to make it so that nas had domain and hostname - "nas.synology:5000" then reverse proxy with "app.synology" started working.
had to make router redirect both nas.synology and app.synology to same ip which took some digging.
Oh and firewall. had to open 80 port
Oh and then synology redirects 80 to 5000 before reverse proxy can take care of redirect... webstation seems to solve that...
Without degree in IT I would not have managed that since I swear there are no tutorials how to achieve this
@@lifebarier It is fairly confusing because Synology automatically redirects port 80 to 5000, but ONLY internally. If you try that externally, it won't forward you there. Glad that you got it working, but I agree, it is very complex.
Great tutorials.
But I run into a problem trying to combine the following :
- reverse proxys
- dynamic dns
- applications portals
- let's encrypt
Here's what happens :
1) on the dynamic dns (I used entrydns.net), I' ve configured 6 services that points to the NAS : admin, calendar, contacts, drive, note & photo all are subdomains of the same NAS device. Ex.: photo.mynas.myname.entrydns.org
2) configured the reverse proxy to arrive on 443 (with HSTS) and to route to localhost:PORT (tried the 4 configs, with/without HSTS, and localhost or the internal IP address of the NAS - same issue)
3) configured the PORT for each service in the APP portal, and also added the alias as the name of the service for when I access internally.
4) got a certificate for the 6 services, and linked each one to each service
5) opened the 443 port on the router and forwarded it directly to the NAS
When I try to connect from outside, it wants to use the synology.com certificate and go to the 5001 port and under https & therefore they all go to the DSM portal (not their app portals).
On the other hand, when using the internal DNS with app portal, that works, although it always wants to use the synology.com certificate.
Using latest DSM 7.0.1-42218 Update 3
Let's try and just get one of them working. I imagine that the source is set to HTTPS, then the domain name and port 443. On the destination side, you are pointing to the local server, correct? Then, if you try and access the website, where exactly does it bring you?
At 10:52 ... my reverse proxy isn’t listed.
Did you create the reverse proxy host first and then check there? Also, are you using HTTPS?
@@WunderTechTutorials I think I had a typo in the reverse proxy menu, thanks!
Did anyone literally managed to use that access control feature ? I tried again and again, it simply won't work in the way that it is supposed to work. See I allow only 1 PC in my network. Then Deny access to the rest in the access controls. But it simply blocks all access :D I did the reverse, allowed everyone but 1 specific IP, again did not work. Also used IP ranges too, it simply won't work that way. Easy to advertise, and looks very promising but when you try it really does not even work. Typical synology features, half of them don't even work in the way it is supposed to work. Some does not even work at all, some are buggy, the rest works like a cripple... Let me know if someone finds a way to make use of it.
I have used it and it does work as expected. What order are you setting the rules in? Are the allow rules first?
No longer works. Ports 80 and 443 are reserved by the system (DSM7) by default and can't be used
The ports are reserved for the reverse proxy. This is still working as of DSM 7.2 (though the screenshots are from DSM 6). I'd check to make sure something else isn't blocking it.
No port forward needed in router? Do I miss anything?
Yes, you need to port forward 443 to the NAS.
Hi, sorry to keep bothering you. I tried your reverse proxy instruction while trying to set up video station on my synology. Following your instructions for plex, I try to connect to video station using localhost ip:port (port listed I can use and set for video station), and I get the following error: "400 Bad Request: The plain HTTP request was sent to HTTPS port - nginx". After reading up and watching your video, I thought part of the problem was that I hadn't downloaded a Lets encrypt SSL certificate. I tried that which also did not work and I sent you a question concerning that. I am obviously not doing something right. Any advice would be greatly appreciated on both those problems. Thank you so much.
That sounds like you might have set the destination as HTTPS when it should have been set as HTTP. Not all services listen on both HTTPS and HTTP, so you'll have to change that based on the specific service you're trying to use.