2

I have a Synology NAS accessible inside by local network over direct IP and URL:

https://192.168.5.10
https://cloud.local

I have docker running inside my synology NAS with some applications working on different ports. For example, when inside my home local network, I can access those apps with these URLS:

APP 1 accessible over: http://192.168.5.10:9000
APP 2 accessible over: http://192.168.5.10:9500
APP 3 accessible over: http://192.168.5.10:9800

I also have openVPN configured, so when away from home, I can connect to it and use the above URLs to access those same APPs.

This way I don't expose any port on my router other than openVPN. But despite my NAS being reachable only on local network or over my VPN, I want to add another layer of security by accessing those APPs over https instead of http, adding a layer of SSL encryption on top of my setup.

For that, I understood my Synology NAS has a reverse proxy feature which could serve me those APPs over https. I have thus added the following configuration in my Synology Application Portal > reverse proxy interface:

SOURCE
Protocol: HTTPS
Hostname: app.cloud.local
Port: 443

DESTINATION
Protocol: HTTP
Hostname: 192.168.5.10
Port: 9000

I was hoping then to be able to use my browser and visit https://app.cloud.local and get a secure access to my APP1 at http://192.168.5.10. Instead, nothing happens, the page tries to load and simply hangs without doing anything.

Maybe I am understanding the networking wrong, but it seems my browser can't translate https://app.cloud.local into anything. What am I doing wrong? Thank you.

BMM
  • 151
  • 3
  • 10

2 Answers2

1

You need to have the DNS server running with the domain pointing to the internal IP's, and of course your devices using the Synology as the DNS server. That way it will find those domains locally first. This is exactly how I do it

Andy
  • 11
  • 1
0

I guess, https://app.cloud.local/ is not going trough the vpn. Instead, setup a dyndns under "External Access". I don't use a vpn. Instead, i set two entries in the proxy interface: http://app.dyndns.diskstation.me:80 to https://app.dyndns.diskstation.me:443 and https://app.dyndns.diskstation.me:443 to http://localhost:9000 Then, create a certificate for the subdomain. This way, you can access your app via standard http without a vpn.

Aaron
  • 1
  • thanks, but I still need to use a VPN, for security. I think it may be a local DNS issue. I have PiVPN working in docker as well, maybe I can do some redirects there. – BMM Dec 02 '20 at 14:11