Reverse proxy a domain to a Docker container on Synology NAS DSM

Posted on by Mark Boszko

This is more to remind myself of how to do it — it may not be 100% complete, or exactly fit your needs!

I'm going to assume that you have the Docker package installed, and a Docker container running on the Synology NAS, serving http content on a port that is not 80 or 443. (Setting up this container is beyond the scope of this doc.)

First, have the FQDN ready. We'll use books.example.com. Make sure that your DNS provider is pointing this domain at your NAS server. If you need to know the NAS's IP address, check DSM > Control Panel > External Access > DDNS and check the External Address under the preferred Service Provider. (I use DynDNS.org.)

NOTE: There doesn't seem to be a way to set multiple domain names to resolve to one IP address with DynDNS.org, but I wonder if there is a way to do it with the customized query URL method? Worth looking into.

In the Docker package, click on Container in the left column, and in the list of containers, click on the container that you want to proxy. click on Details and in the lower left, under Port Settings, make note of the Local Port for the web service. In this case, the port is 5471.

In Control Panel, go to Login Portal > Advanced, and click the button for Reverse Proxy. This will show you a list of any proxies you have set up. Click Create and enter the following information:

  • Reverse Proxy Name: a descriptive name. I'm proxying the Kavita ebook server, so we'll call this "Kavita"
  • Source
    • Protocol: HTTPS (we will set up the certificate in a moment)
    • Hostname: books.example.com
    • Port: 443 (the common HTTPS port)
    • ☑️ Enable HSTS (this redirects and HTTP requests to HTTPS)
  • Destination
    • Protocol: HTTP (this is local on a (supposedly) trusted machine, so we don't need security, pls certificates on a local machine are a pain in the ass)
    • Hostname: localhost
    • Port: 5471 (the Local Port from above)

Leave any other values at default, and click Save. Close the Reverse Proxy dialogue.

In Control Panel, go to Security > Certificate, and click Add.

  • Choose Add a new certificate and click Next
  • Description: Something descriptive, as above. I'll use "Kavita"
  • Select Get a certificate from Let's Encrypt, and click Next
  • Domain name: books.example.com
  • Email: a good email for you to be contacted about any certificate issues, e.g. admin@example.com
  • Subject Alternative Name: I put the same books.example.com domain here, but I'm not sure if this is 100% correct. Seems to work, tho

Click Done, and it should process the certificate. If all goes well, it should be successful, and you'll now see the new domain in the Certificate list.

  • Click Settings and for the books.example.com service in the left column, make sure you select the books.example.com certificate in the right column.
  • Click OK

Now, if you go to https://books.example.com in your browser, the site should load!