Remote Access with TLS/SSL on Synology NAS with Docker

bcowell · May 12, 2018, 7:50am

I’m really new to HA and running HA in Docker on my Synology NAS. I’m trying to get SSL setup using duckdns and lets encrypt as per the guide but I’m running in to some issues as I never needed to SSH before and it appears the SSH commands are different for docker.

I SSH in to my Synology NAS using putty and then

sudo docker exec -it home-assistant-0.68.1 /bin/bash

I follow this guide https://www.home-assistant.io/docs/ecosystem/certificates/lets_encrypt/ but when I try to enter the following command

./certbot-auto certonly --standalone --preferred-challenges http-01 --email emailaddress -d examplehome.duckdns.org

It fails with the following error

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for myhostname.duckdns.org
Cleaning up challenges
Problem binding to port 80: Could not bind to IPv4 or IPv6.

I’m not sure if I’m meant to be using that command seeing as though I’m running HA on Docker, I found another command but it won’t even run and fails with “bash: docker: command not found”

sudo docker run -it --rm -p 80:80 --name certbot \ -v "/etc/letsencrypt:/etc/letsencrypt" \ -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \ quay.io/letsencrypt/letsencrypt:latest certonly \ --standalone --standalone-supported-challenges http-01 \ --email emailaddress 8 -d examplehome.duckdns.org

I have port 80 and 443 forwarded to my synology NAS and can externally access HA using the sample.duckdns.org:8123 URL

juan11perez · May 12, 2018, 8:01am

@bcowell
Not the way. You shouldn’t modify the docker.
Get the certificates on your NAS. I don’t have a Sinology but I think it’s a simple process in the NAS control panel

Then mount the volume where you have the certs into the HA container
I.e.
-v /etc/letsencrypt:/certs

Then point to the certs in the http section of your configuration.yaml file

I.e.
…key: /certs/…

bcowell · May 14, 2018, 10:27am

Thanks for the help. I tried to create a new lets encrypt certificate in my Synology NAS but it fails even though I have ports 80 forwarded through to the NAS. I guess I have to find out how to resolve that over at the Synology forums before proceeding.

juan11perez · May 14, 2018, 10:46am

Not sure in synology, but for pc you need to forward 80 to 80 and 443 to 443.
Also just check theres not something else using port 80 in your system.
In my network I have a WDcloud drive and I have to disconnect it first time I set up letesencrypt.
Not an issue for future renewals

quinten.vandermeer · November 15, 2018, 8:59pm

@bcowell did you ever get the letsencrypt to work? This is the first post i’ve come across talking about problems with getting letsencrypt set-up while running HA on Synology Docker. I’m not familiar with CLI commands, but your first post here helped me ssh into HA, but now i’m still not sure what to do on getting the letsencrypt cert set up. I got all other components al ready to go like the port forwards, duckdns, and even a google project. (because ultimately i want my google home to talk to HA without using the paid Nabu Casa service), but haven’t been able to find instructions that help based on HA on Synology Docker, without going into CLI details. Hope you can get me some answers. Thanks!

bcowell · November 15, 2018, 10:42pm

No sorry I gave up on that and bought a Raspberry Pi and installed Hassio, so many less hassles and everything is working now besides the occasional update breaking things.

quinten.vandermeer · November 23, 2018, 2:08pm

I figured it out and got everything working last night. If you’re still interested, I’ve documented the whole set-up here: Setting up Home Assistant on Synology NAS to control Mi-Light via Google Home Mini speaker with voice