SSL and Docker on Synology

Eatoff · September 29, 2018, 1:31pm

Looking for a bit of guidance here regarding SSL.

My raspberry pi crashed and so thought I’d move everything over to Docker running on my Synology.

I have now got my DNS all setup via synology.me and it’s all working, but I don’t have anything setup for SSL yet.

I have seen how to get a SSL certificate via the Synology, but can’t see how to get it into my home assistant config.

Is there a Docker container to get a SSL certificate that would make everything seamless?

Thanks for the help everyone

Eatoff · September 30, 2018, 4:44am

Ok, update to what I have done.

I followed the instructions here - Home Assistant SSL/HTTPS configuration on Synology with blocked Port 80

I can now access my HA login page using https, but cannot login. Every time i get “unable to connect to home assistant” and a retry button. I also get a failed login attempt notification when accessing locally (from my log - Login attempt or request with invalid authentication from 192.168.1.199)

am i missing something from my config?

Eatoff · October 1, 2018, 1:50am

Ok, to close this issue out -

what was happenning was that i hadnt edited the Portal.moustache file on my Synology.

I found this thread - Reverse proxy Http --> Https and Post number 12, from Dennis87 has some instructions for the latest version of DSM (6.2.1) which means you no longer have to edit the Portal.moustache and can just edit the reverse proxy rules.

masterkenobi · November 4, 2018, 6:33pm

Hi @Eatoff

May I know what did you put for the http component in HA configuration?

This is what I put.

http:
  api_password: !secret http_password
  base_url: ha.xyz.com

However, I can only access the frontend via http://< Internal Synology IP >:8123/ but not https://ha.xyz.com. It gives “Unable to connect to Home Assistant.” error.

Eatoff · November 13, 2018, 7:22am

Sorry for the late reply, but that is the same as mine

base_url: xxxxxx.synology.me
api_password: !secret http_password

Have you got your port forwarding sorted?

tonycwhite · December 30, 2018, 12:04am

Im having a similar issue.
Synology DS218+ running HA in Docker.
DuckDns certificates in Synology certificate store, associated with my HA address mydns.duckdns.org
I have the reverse proxy set up, pointing https://mydns.duckdns.org to http://mySyno:8123 with websockets enabled.
following other titbits from araound the bazaars, ive also disabled owntracks.
I can access the HA using the local address, but access via https give me the blue bar at the top of the webpage, and nothing more. Looking in developer tools console, i am having numerous 502 websocket errors.
my http: section of HA configuration is

http:
  api_password: !secret api_password
  base_url: !secret baseurl
  #  ssl_certificate: !secret ssl_certificate
  #  ssl_key: !secret ssl_key
  cors_allowed_origins:
   - https://mydns.duckdns.org
   - http://mysyno
  #server_port: 8123
  #use_x_forwarded_for: True

areas that have been commented out have been tried and failed.

Has anyone managed to get HTTPS successfully working in this manner on a SYNO DSM device with up to date DSM on it

Eatoff · January 9, 2019, 12:53am

Maybe try the synology.me DNS service they provide?

Otherwise I think the issue might be with the SSL certificate

gkron · January 9, 2019, 4:04pm

I just finished setting this up so I could use LMS Controls. It was painful but it now works over https. I used the duckdns, lets encrypt, reverse proxy method. I don’t have anything in my http section at all for HA.