I do… and in fact use it quite heavily for all of my home systems 
So normal workflow for me is:
-
create entry in application portal (either enable native Synology app in Applications tab or adding entry under Reverse Proxy for systems not integrating with Synology DSM).
-
In caes of HA this would be something like on the screenshot below:
and, if you want to use https (I assume so) also this one:
-
for both of above go to Custome Header tab and add websocket to HA; click on Create->WebSocket and 2 entries like on screenshot below will be created automatically:
-
In Control Panel -> Network -> DSM Settings check Automatically redirect HHTP connection to HTTPS for DSM desktop. This will force all connection, even these not secure to be redirected to HTTPS:
-
create certificate in Security -> Certificate -> Add -> Add. Choose either Add new or Replace and existing, depending on your situation. In first case you will have a chance to make it default later.
-
Select Get a certificate from Let’s Encrypt and click Next.
-
Fill in required data on next screen; your domain name, contact email and in subject Alternative Name put all of your subdomeins you want to use (unfortunatelly there is no easy way to use wildcards for Let’s Encypt at the moment from UI). So for my domain from screenshots above it would look like:
If you want to use more subdomains list theme all, separated with semicolon:
hassio.mydomain.com;mail.mydomain.com;synology.mydomain.com
- click apply and wait for NAS to complete certificate creation
- if not done this way during creation make it default cetrificate for your system; select certificate on the list, right click on it and select Edit. Check Set as default certificate box and clisk OK
- make sure that hassio will use this particular certificate. While still in certificates list select Configure button and on the list of reverse proxy entries make sure all of them have proper certificate selected on the right and click OK:
- make sure that ports 80 and 443 on your router are redirected to your LAN IP of NAS (or alternatively put it into DMZ, but this is less secure, as it exposes it entirely to Internet).
- test connection by going to https://hassio.mydomain.com. you should see locked padlock icon in the address bar of your browser (or whatever your browser uses to signal safe connection).
Important to understand; using this method Synology NAS works as gateway to your network and certificate that was just created is used to validate that connection through your NAS to devices on the LAN are secure upt to NAS. This method does not secure connection to the actual device (as if you would create certificate directly on HA or use Nabucasa. Yet from perspective of connecting from outside of your LAN ensure security of connection.