Synology reverse proxy HTTP errors

Configuration
21

i checked my files and found the exisitng files held the required upgrade test etc. file reads:

server {
    listen 4443 ssl;
    listen [::]:4443 ssl;

    server_name myDuck.duckdns.org;

    ssl_certificate /usr/syno/etc/certificate/ReverseProxy/966ba-47e2-9904-c783ec144b89/fullchain.pem;

    ssl_certificate_key /usr/syno/etc/certificate/ReverseProxy/966ba-47e2-9904-c783ec144b89/privkey.pem;

    location / {

        proxy_connect_timeout 60;

        proxy_read_timeout 60;

        proxy_send_timeout 60;

        proxy_intercept_errors on;

        proxy_http_version 1.1;

        proxy_set_header        Upgrade            $http_upgrade;

        proxy_set_header        Connection            $connection_upgrade;

        proxy_set_header        Host            $http_host;

        proxy_set_header        X-Real-IP            $remote_addr;

        proxy_set_header        X-Forwarded-For            $proxy_add_x_forwarded_for;

        proxy_set_header        X-Forwarded-Proto            $scheme;

        proxy_pass http://localhost:8123;

    }

    error_page 403 404 500 502 503 504 @error_page;

    location @error_page {
        root /usr/syno/share/nginx;
        rewrite (.*) /error.html break;
        allow all;
    }

}

What i didnt have was the second copy called http.HomeAssistant.conf located in the second location. I copied the file acrooss, and restarted NGINX.

No change in issue :frowning:

Thanks for the help so far

22

I spent a lot of time trying to get the reverse proxy working on my DS218+ and gave up and went with NGINX in docker - haven’t looked back. I also have a certbot docker container which renews my lets encrypt certs every 30 days which has a shared durectory with my NGINX container.

23

would you be able to let me know exactly which docker containers you used, and examples of how it is set up?

24

one thing i hadn’t tried was setting up so my external port was 443 (port redirects were in use for my pi HA)
Ive set up the built in Reverse proxy with port 443, having redirected my router port forwarding, and it goes straight in. I thought the reverse proxy would have dealt with this?? and HA would have just seen the access over https?

25

It will, but I am guessing your built in reverse proxy wasn’t listening on 4443?

HA doesn’t know anything about the SSL, and it doesn’t care. It is seeing a connection come from the reverse proxy as http and is happy to serve it to the connection, which in turn gets SSL’d on the proxy back to you.

26

How would i force the HA to listen on an alternate port?

Thanks for your time.

27

You don’t need to.

8123 is just fine to use. For what reason do you feel the need to?

28

its purely as whilst i was configuring the changeover, i wanted my router to point 443 elsewhere, so i port forwarded 4443 at the router to 443 at the NAS…
writing that out basically says the NAS was seeing it at port 443, and i should have set up reverse proxy to look at 443…Have I spent weeks being a doughnut??

29

i also meant earlier force the reverse proxy , not force the HA

30

If you set your forward to be 4443 on external to 443 on internal (Synology), then it should just work. But see, your Synology is set to listen to 4443 according to your settings. Set the Synology to listen on 443, the SOURCE section.

1 Like
31

All working, i was setting the reverse proxy to the external port, not the port forwarded internal port!

Many thanks!!

32

I know this is an old thread, but can you provide me with the docker container you used?

33

sorry theres been no reply for a while - i use the ‘homeassistant/home-assistant:latest’ container