How to use a Synology NAS as reverse http/https Proxy

Like most people i suffer from the one IP address on your home internet connection syndrome.
For normal people this is not a problem but geeks like us like to run their https sites and then this can be a pain on a single IP Address.
Now you think, a problem? Cmon…. So for the not so geekies, normally you can only run a single https site on one IP address. You simply only have one port 443 ­čÖé
You can run your sites on a different port but that’s just ugly.

This problem can be simply solved by using a reverse proxy.

IC100149

In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the proxy server itself.[1] While a forward proxy acts as an intermediary for its associated clients to contact any server, a reverse proxy acts as an intermediary for its associated servers to be contacted by any client.

So you can set up a small linux machine that runs Nginx or HAProxy and that does the trick just fine for free. Even a nice┬áKemp loadmaster or F5 load balancer does this trick but then you have to have a big wallet and no wife ­čÖé

But.. Then i found out my Synology NAS can do this also and even stupid simple!
Synology build this functionality in it’s NAS software since DSM 6. Based on nginx.

So here is how you config a Synology as a reverse proxy.

In the control panel go to the application portal and click “reverse proxy”

Synology

Synology

Click “Create”

Now fill in the details:
You can either choose http or https as a protocol. Source is your external url you want the Synology to respond to and destination it the internal IP address of the machine you want to serve.

Screen Shot 2016-06-30 at 18.17.06

Now click on “OK”
You can do this as much as you need to. in my case i run my blog, a VMware Horizon environment and a Exchange server. all on HTTPS on port 443.

Screen Shot 2016-06-30 at 18.00.28

Next thing you need to do is add the appropriate certificates on the Synology for your https websites.

Screen Shot 2016-06-30 at 18.00.07

Synology expects you to import the certificate with a private key. if you have your PFX you can convert it with the beneath commands using openssl. With the new DSM you can also setup certificates with let’s encrypt! The renewal process will be done automatically every 3 months so no worries on that! Just be sure to put in all SAN domains.

export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Remove the passphrase from the private key

openssl rsa -in key.pem -out server.key

Use the cert.pem and server.key with your intermediate cert to get it imported.

Screen Shot 2016-06-30 at 18.25.26

When imported you need to go to configure and map the right certificate to the correct service.

Screen Shot 2016-06-30 at 18.00.17

And press “OK”

Now just simply map the port 443 in your router to your Synology and you are up and running! Multiple https sites on 1 IP address.

One thought on “How to use a Synology NAS as reverse http/https Proxy

  1. Ferry

    Great blog post!
    This helped me a greatly.
    Was trying to set it up using a Kemp LB but this is much easier to accomplish!

    thanks a lot!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *