{"id":754,"date":"2021-01-31T00:16:40","date_gmt":"2021-01-31T00:16:40","guid":{"rendered":"http:\/\/bullyrooks.com\/?p=754"},"modified":"2021-01-31T00:16:40","modified_gmt":"2021-01-31T00:16:40","slug":"setting-up-a-reverse-proxy-with-synology","status":"publish","type":"post","link":"https:\/\/bullyrooks.com\/index.php\/2021\/01\/31\/setting-up-a-reverse-proxy-with-synology\/","title":{"rendered":"Setting up a Reverse Proxy with Synology"},"content":{"rendered":"\n

Sometimes you want to be able to access your applications outside of your home network. All of the applications that we setup in the Installing Media Server Applications on Synology<\/a> series are currently only available if we’re on our network. I’m going to discuss a few ways to make them available when you’re away from home.<\/p>\n\n\n\n

Port Forwarding<\/h2>\n\n\n\n

This is probably the easiest method to setup but it has significant drawbacks. With this method you create an external port and map it to an internal port (which is very similar to the port mapping we did for our docker applications). Then if you know the IP address that your Internet Service Provider is presenting your modem as you can use that IP and the ports that you’ve mapped to access your home network. <\/p>\n\n\n\n

The drawbacks are that remembering an IP address is kind of a pain. Some ISPs change their external IP addresses occasionally, so you’ll have to change the IP address you use to access your network. Also you’ll have to manage your port forwarding and potentially expose a lot of ports to the internet. Every port you expose is like leaving a window or door unlocked in your house.<\/p>\n\n\n\n

There are services like no-ip<\/a> which will give you a DNS address that you can map to your IP which can reduce the effort of remembering IP addresses and use a easy to remember domain name, but you’ll still have to change out the IP address when your ISP changes.<\/p>\n\n\n\n

Run your own VPN<\/h2>\n\n\n\n

Now that you’ve got docker running you can find a docker image and run your own VPN which will let you ‘log on’ to your home network externally. This is probably the most secure solution, but it will involve a more complicated setup (which I’ll probably do as a separate course). However, this does limit you to exposing your services to users who are more savvy. For example, if I want to let family queue up movies to download or I want to do that from my phone away from home, we’ll need to install and configure VPN clients on those devices so that we can access the services inside the network. I don’t want to spend my time playing tech support, so I wouldn’t use a VPN for this.<\/p>\n\n\n\n

Reverse Proxy Server<\/h2>\n\n\n\n

A reverse proxy server allows me to open a single port (in this case port 80) and based on the request DNS coming in, forward that request to one of the services running in my instance. In order for this to work, I will need a domain name. These are cheap and easy to get and generally easy to configure. This makes accessing the applications outside of your network extremely easy. Plus having your own domain name really ups the nerd cred. You’re running a network in your home, its time to step up! Finally, synology comes with some really easy to use reverse proxy software, so it’s a challenge anyone can tackle and I’m here to show you how.<\/p>\n\n\n\n

Get a Domain Name<\/h2>\n\n\n\n

I use hostinger to buy and manage my domain names<\/a>. Any one should work though. The software has become super easy to use. <\/p>\n\n\n\n

Once you have your domain name, you’ll need to create a single A name entry and a CNAME entry for each service you want to expose.<\/p>\n\n\n\n

First lookup your external ISP address here<\/a>. Then in hostinger create an A entry that points to that. Use a generic c level domain name because we’re not going to use it externally. A c-level name in this example is network<\/code>.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Now create a CNAME entry for the c level domain that you want to expose via the reverse proxy. Examples would be radarr<\/code>, sonarr, portainer <\/code>(and possibly plex<\/code>). An example would look like this<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Create all of the mappings that you want. I would probably not expose SABnzbd or Transmission. Sonarr and Radarr are the tools you can use to monitor your download applications. Unless you’re planning to add items to download that aren’t shows or movies when you’re away from home you won’t need them. Also, I’ve found the security for transmission to be a little difficult.<\/p>\n\n\n\n

Setup the Reverse Proxy<\/h2>\n\n\n\n

Log into the Synology DSM, open the Control Panel<\/code> and click Advanced Mode<\/code> in the top right.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Open the Application Portal<\/code>. Choose the Reverse Proxy<\/code> tab. Click the create button. Enter the configuration for one of your services. Here’s the one I’m going to use for sonarr<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

This is going to take an https request for sonarr.bullyrooks.com and then forward the request to an http request to 192.168.1.147 port 31080 where my sonarr service is listening. The reverse proxy works off of the hostname so a separate radarr entry will trigger the reverse proxy to redirect to a different host\/port. Here’s my radarr config<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Create entries for all of the services you want to expose.<\/p>\n\n\n\n

Port Forwarding<\/h2>\n\n\n\n

We’ll need to open up some ports both to allow traffic in (SSL) and so that we can allow Let’s Encrypt to do its thing. Open up ports for both external 443 and 80 tcp traffic to forward to 443 and 80 on the NAS.<\/p>\n\n\n\n

SSL<\/h2>\n\n\n\n

You noticed that we are using HTTPs (via the standard SSL port 443). We’ll need to get a secure certificate to be able to support those requests. We can generate the secure certificate request (CSR) and install the certificate for free and very easily with the built in synology software.<\/p>\n\n\n\n

Let’s Encrypt requires port 80 to be open to the world and forwarded to the NAS in order to work. Make sure it is before moving forward.<\/p>\n\n\n\n

In control panel open the Security <\/code>menu item and go to the Certificate <\/code>tab.<\/p>\n\n\n\n

Click Add, choose Add a new certificate and hit next.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Choose Get a certificate from Let’s Encrypt and hit Next<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Enter your domain name, the email you used to register it and in subject alternative name, put all of the CNAME entries that you want to use. These are semicolon separated<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

so, radarr.mydomain.com;sonarr.mydomain.com;portainer.mydomain.com<\/code><\/p>\n\n\n\n

and hit Apply<\/code>. <\/p>\n\n\n\n

Once you get your certificate, click on the domain to highlight it and click the Configure<\/code> button. In this next screen make sure that all of the c-level domain names are pointing to the correct certificate.<\/p>\n\n\n\n

That should be it. You can now hit https:\/\/sonarr.mydomain.com to get to your service instance. DEFINITELY<\/strong> MAKE SURE THAT YOUR SERVICES REQUIRE A USERNAME AND PASSWORD TO ACCESS.<\/strong> You don’t want to find out that someone got access to your service and started downloading a bunch of stuff and filled up your NAS.<\/p>\n","protected":false},"excerpt":{"rendered":"

\nSometimes you want to be able to access your applications outside of…\n<\/div>\n
Continue reading “Setting up a Reverse Proxy with Synology”<\/span>…<\/a><\/div>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,36],"tags":[14,39,7,38,37,6],"course":[],"class_list":["post-754","post","type-post","status-publish","format-standard","hentry","category-home-networking","category-synology","tag-dns","tag-domain-name","tag-home-networking","tag-nas","tag-reverse-proxy-service","tag-synology","entry"],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":976,"url":"https:\/\/bullyrooks.com\/index.php\/2021\/02\/11\/synology-first-steps\/","url_meta":{"origin":754,"position":0},"title":"Synology First Steps","author":"Bullyrook","date":"February 11, 2021","format":false,"excerpt":"The applications and configuration you should setup first thing out of the box. Community Packages My page here explains how to integrate synology community packages into the Package center. Control Panel Advanced Mode In the top right corner of the Control Panel click Advanced Mode to allow you to see\u2026","rel":"","context":"In "Home Networking"","block_context":{"text":"Home Networking","link":"https:\/\/bullyrooks.com\/index.php\/category\/technology\/home-networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1001,"url":"https:\/\/bullyrooks.com\/index.php\/2021\/02\/21\/setup-and-install-nextcloud-on-synology\/","url_meta":{"origin":754,"position":1},"title":"Setup and Install NextCloud On Synology","author":"Bullyrook","date":"February 21, 2021","format":false,"excerpt":"NextCloud is a file storage and sharing system. It can be compared to dropbox or google drive. The difference here is that you're using your NAS, so you'll get as much space as you can support without paying for additional storage. NextCloud also offers multi-platform compatibility via a web application\u2026","rel":"","context":"In "Home Networking"","block_context":{"text":"Home Networking","link":"https:\/\/bullyrooks.com\/index.php\/category\/technology\/home-networking\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":988,"url":"https:\/\/bullyrooks.com\/index.php\/2021\/02\/14\/synology-configuration-for-bitwarden\/","url_meta":{"origin":754,"position":2},"title":"Synology Configuration for Bitwarden","author":"Bullyrook","date":"February 14, 2021","format":false,"excerpt":"We need to do a few things to synology to allow access to bitwarden outside of our network. Add a Reverse Proxy Entry If you haven't set up the reverse proxy yet, follow the instructions here. My configuration looks like this You'll also need to add an entry in your\u2026","rel":"","context":"In "Home Networking"","block_context":{"text":"Home Networking","link":"https:\/\/bullyrooks.com\/index.php\/category\/technology\/home-networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/02\/image-56.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":703,"url":"https:\/\/bullyrooks.com\/index.php\/2021\/01\/28\/installing-jackett\/","url_meta":{"origin":754,"position":3},"title":"Installing Jackett","author":"Bullyrook","date":"January 28, 2021","format":false,"excerpt":"Jackett is a database for bittorrent indexers. This allows you to refer to internal resources when configuring radarr and sonarr, which then get mapped to external API. It makes it really easy to add more bittorrent indexers to expand the breadth of your searches. Running Jackett Container The docker project\u2026","rel":"","context":"In "Home Networking"","block_context":{"text":"Home Networking","link":"https:\/\/bullyrooks.com\/index.php\/category\/technology\/home-networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/01\/image-79.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1003,"url":"https:\/\/bullyrooks.com\/index.php\/2021\/02\/21\/nextcloud-configuration\/","url_meta":{"origin":754,"position":4},"title":"NextCloud Configuration","author":"Bullyrook","date":"February 21, 2021","format":false,"excerpt":"We'll need to do a few things before we can actually start using nextcloud. Edit config.php First stop the nextcloud containers (from the \/nextcloud directory) sudo docker-compose down Now change to the nextcloud configuration directory cd \/volume1\/docker\/nextcloud\/config\/ and use nano (or vi) to edit the config.php file sudo nano config.php\u2026","rel":"","context":"In "Home Networking"","block_context":{"text":"Home Networking","link":"https:\/\/bullyrooks.com\/index.php\/category\/technology\/home-networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/02\/image-62.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":733,"url":"https:\/\/bullyrooks.com\/index.php\/2021\/01\/30\/configuring-radarr\/","url_meta":{"origin":754,"position":5},"title":"Configuring Radarr","author":"Bullyrook","date":"January 30, 2021","format":false,"excerpt":"We're almost there! Lets configure Radarr quickly so that we can download movies. General Configuration Settings\/Media Management. Click Show Advanced. Check Rename Movies. Hit Save Changes. Configure Indexers This is almost exactly the same as sonarr. I'm just going to cover this with screenshots. Sabnzbd Bittorrent Configure Download Clients Click\u2026","rel":"","context":"In "Home Networking"","block_context":{"text":"Home Networking","link":"https:\/\/bullyrooks.com\/index.php\/category\/technology\/home-networking\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/01\/image-92.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/01\/image-92.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/bullyrooks.com\/wp-content\/uploads\/2021\/01\/image-92.png?resize=700%2C400&ssl=1 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/posts\/754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/comments?post=754"}],"version-history":[{"count":1,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/posts\/754\/revisions"}],"predecessor-version":[{"id":764,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/posts\/754\/revisions\/764"}],"wp:attachment":[{"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/media?parent=754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/categories?post=754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/tags?post=754"},{"taxonomy":"course","embeddable":true,"href":"https:\/\/bullyrooks.com\/index.php\/wp-json\/wp\/v2\/course?post=754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}