UNMS on Synology DS 918+ with Synology as reverse proxy

[BVGorp]

Hi,

I was trying to get UNMS behind the Synology reverse proxy so the Synology can handle the ssl certificate. This did not work out of the box with the config page on the Synology. I have more services running through this and reusing the certificate for that was preferred. You'll need a domain name you own to do this. I use different hostnames for different services.

I installed the Docker container as described on the wiki. (https://github.com/oznu/docker-unms/wiki/UNMS-on-Synology-DSM) But i left the environment values on 443 not 8443. Since the UNMS will be on port 443 for clients connecting on the external hostname.

Make sure you request a certificate from Lets Encrypt on the Synology and mark it as the default certificate. Use the Subject Alternate Names field to add additional host names to you certificate. All host names in the certificate need top point to the Synology for validation. I use a php file in webstation to redirect from http to https

Instead of configuring the reverse proxy in the control panel of the Synology you'll have to open the console of the Synology.

Log in with an admin user on ssh console and switch to root user (sudo su -) Go to folder /usr/local/etc/nginx/sites-enabled/ Create a file there eg unms.conf Config is:

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
        listen 443 ssl http2;
        server_name <hostname eg unms.example.com>;

        ssl_certificate     /usr/syno/etc/certificate/system/default/fullchain.pem;
        ssl_certificate_key /usr/syno/etc/certificate/system/default/privkey.pem;

        ssl on;

        set $upstream <synology ip>:8443;

        location / {
                proxy_pass     https://$upstream;
                proxy_redirect https://$upstream https://$server_name;

                proxy_cache off;
                proxy_store off;
                proxy_buffering off;
                proxy_http_version 1.1;
                proxy_read_timeout 36000s;

                proxy_set_header Host $http_host;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Referer "";

                client_max_body_size 0;
        }
}

Restart nginx on the Synology (not in the docker container) (synoservice --restart nginx) The file will survive a reboot of the Synology. If it will survive a DSM upgrade i don't know. To be safe save a copy of unms.conf on /volume1

Please test and reply if things are not clear.

[nhatquang88]

"Go to folder /usr/local/etc/nginx/sites-enabled/" how can I go to this folder? would u please explain?

"server_name ;" Do I need to change the unms.example.com to my synology host name?

U said restart nginx on the synology does it mean restart the synology? thank you

[nhatquang88]

I made your files then copy to the location u talked about. But it make the DSM quit. I need to go in then delete the files again to make the DSM working.