Using Synology’s Application Portal to Secure Non-Secure Sites

As a recent Synology convert, I continue to find interesting and well thought out features. Following up on last week’s Synology & Let’s Encrypt, Certs Made Easy one feature that I really like is the Application Portal which can be found in the Control Panel.

Inside that, click the Reverse Proxy tab and this is where the fun begins.

The idea behind this is that you will use Synology’s secure https connection to reverse proxy to an insecure http connection somewhere on your LAN, thus making that connection secure – especially if you’re connecting from outside your network.

Click Create and you’ll see something like this:

  1. Give the rule a Description.
  2. Source is HTTPS, usually * for any hostname. If you have many hostnames assigned to your Synology, you could restrict it to one. Port should be one that isn’t in use.
  3. Destination is where your unsecured host is. If your service is running on your Synology, it can simply be localhost, or if it is on another device elsewhere on your network, put in the URL you use to access it.
  4. If you destination host uses a port other than 80, use that for Port.

Below is an example of how I route a couple of services on my own LAN.

This is a great was to use a managed certificate on the Synology to secure other sites, even on other devices, with https.

Synology & Let’s Encrypt, Certs Made Easy

Adding certificates to any service can be tricky and sometimes really frustrating. When I first started exploring my Synology I was delighted to see it has built-in support for Let’s Encrypt certs.  For those that don’t already know, Let’s Encrypt (aka Certbot) provides free and industry-wide supported certificates.

Adding a cert to Synology is very simple and it supports multiple certificates with auto-renewal.

  1. To begin, just login to your Synology, enter the Control Panel and click on Security.
  2. Next, click the Certificate tab and click Add.
  3. From here, you want to Add a new certificate and click Next.
  4. Next, Get a certificate from Let’s Encrypt and click Next.
  5. Next fill out your Domain info, it would look something like this:
  6. Subject Alternate Name just means if you have subdomains, you would add them here. Like www.mydomain.org for a website, or any other. You can, in theory, add a completely different domain in this list and have it work, such as mycoolsite.com, but think it is better to do one Let’s Encrypt cert per domain to keep things organized.

For reference, here’s how my sites look with their respective domain certs.

Best of all, your certs will renew automatically with the Synology and Let’s Encrypt. Once set, you really only need to periodically check to make sure this is happening.