{"id":273,"date":"2018-05-26T13:31:23","date_gmt":"2018-05-26T05:31:23","guid":{"rendered":"https:\/\/www.techcoil.com\/blog\/?p=273"},"modified":"2018-10-13T22:23:27","modified_gmt":"2018-10-13T14:23:27","slug":"how-to-configure-nginx-on-raspberry-pi-3-as-a-reverse-proxy-server-for-synology-diskstation-manager","status":"publish","type":"post","link":"https:\/\/www.techcoil.com\/blog\/how-to-configure-nginx-on-raspberry-pi-3-as-a-reverse-proxy-server-for-synology-diskstation-manager\/","title":{"rendered":"How to configure Nginx on Raspberry Pi 3 as a reverse proxy server for Synology DiskStation Manager"},"content":{"rendered":"

\"Raspberry<\/p>\n

When you get a Synology NAS like DS218j<\/a> or DS418<\/a>, you will also get the Synology DiskStation Manager. Eventually, you may want to access websites other than Synology DiskStation Manager from outside your home. In that case, you may want to use Nginx as a reverse proxy server<\/a> for your websites. <\/p>\n

Without a doubt, Raspberry Pi 3<\/a> is one single-board computer<\/a> that packs enough computing power for many use cases. For example, you can setup a Raspberry Pi 3 reverse proxy server with Nginx, Certbot, Raspbian Stretch Lite<\/a>. Thereafter, you will be able to host multiple websites from home<\/a>.<\/p>\n

In case you have both a Raspberry Pi 3 and a Synology NAS, read on to see how you can configure Nginx on Raspberry Pi 3 as a reverse proxy for Synology DiskStation Manager.<\/p>\n

Setting up a reverse proxy server with Nginx, Certbot, Raspbian Stretch Lite and Raspberry Pi 3<\/h2>\n

In case you had not setup Nginx on Raspberry Pi 3 at home, follow this guide to setup one on Raspberry Pi 3 reverse proxy server<\/a>. After you had followed the steps till the section on installing Certbot, you will have a Raspberry Pi 3 reverse proxy server with Nginx<\/a> and Certbot<\/a> installed. <\/p>\n

Setting up a web directory for ACME challenges for validating domain to reach Synology DiskStation Manager<\/h2>\n

During the validation of domain by Let's Encrypt<\/a> servers, ACME<\/a> challenges will need to be created in a web directory and accessed via the domain. <\/p>\n

For the purpose of this guide, let's suppose that you <\/p>\n

    \n
  1. want to access your Synology DiskStation Manager via nas.yourdomain.com<\/strong>,<\/li>\n
  2. had created the relevant configurations for nas.yourdomain.com<\/strong> to be mapped to the public IP address that your home router<\/a> had gotten from your ISP. If the public IP address changes frequently, you may want to buy a Namecheap domain<\/a> and get your Raspberry Pi 3 to use Namecheap dynamic DNS to update your domain when your home\u2019s public IP address changes<\/a>.<\/li>\n
  3. had configured your router to forward port 80<\/strong> and port 443<\/strong> to your Raspberry Pi 3. <\/li>\n<\/ol>\n

    In case you need a reference, this is how you can host a web server behind Linksys EA7500 Max-Stream AC1900 router<\/a>.<\/p>\n

    Given these points, run the following commands to setup a web directory for Synology DiskStation Manager in your Raspberry Pi 3:<\/p>\n

    \r\nsudo mkdir \/www\/var\/nas.yourdomain.com\r\nsudo chown www-data:www-data \/www\/var\/nas.yourdomain.com\r\n<\/pre>\n
    After creating the directory and changing the owner to the www-data<\/code> user, proceed to create a Nginx configuration at \/etc\/nginx\/sites-enabled\/nas.yourdomain.com.conf<\/code><\/strong>:<\/p>\n
    \r\nsudo nano \/etc\/nginx\/sites-enabled\/nas.yourdomain.com.conf\r\n<\/pre>\n
    Once the nano editor loads, write the following content into the editor:<\/p>\n
    \r\nserver {\r\n    listen 80;\r\n    server_name  nas.yourdomain.com;\r\n \r\n    root \/var\/www\/nas.yourdomain.com;\r\n \r\n    location ~ \/.well-known {\r\n        allow all;\r\n    }\r\n}\r\n<\/pre>\n
    Thereafter, save the file by typing Ctrl-X<\/strong> followed by Y<\/strong>. <\/p>\n
    After that, run the following command to restart Nginx:<\/p>\n
    \r\nsudo systemctl restart nginx.service\r\n<\/pre>\n
    Running Certbot to acquire the Let's Encrypt artefacts that are needed for serving HTTPS traffic for Synology DiskStation Manager<\/h2>\n
    Once you had configured Nginx to facilitate the ACME challenge process, run Certbot to acquire the artefacts that are needed for serving HTTPS traffic for Synology DiskStation Manager:<\/p>\n
    \r\nsudo certbot certonly -a webroot --webroot-path=\/var\/www\/nas.yourdomain.com -d nas.yourdomain.com\r\n<\/pre>\n
    After the command completes, you will find Let's Encrypt artefacts inside \/etc\/letsencrypt\/live\/nas.yourdomain.com<\/code>. <\/p>\n
    Configuring Nginx to serve HTTPS traffic for Synology DiskStation Manager<\/h2>\n
    In case you had not already computed a Diffie-Hellman group for Nginx to use for exchanging cryptographic keys with its clients, run the following command to generate one:<\/p>\n
    \r\nsudo openssl dhparam -out \/etc\/ssl\/certs\/dhparam.pem 2048\r\n<\/pre>\n
    This process will take some time to complete.<\/p>\n
    Given that your Synology DiskStation Manager is accessible via 192.168.1.123:5000<\/code>, let's proceed with configuring Nginx to proxy HTTPS traffic to it. Firstly, open up \/etc\/nginx\/sites-enabled\/nas.yourdomain.com.conf<\/code><\/strong> with nano<\/code>:<\/p>\n
    \r\nsudo nano \/etc\/nginx\/sites-enabled\/nas.yourdomain.com.conf\r\n<\/pre>\n
    After nano editor loads the file, replace the contents with the following:<\/p>\n
    \r\n# Redirect HTTP requests to HTTPS \r\nserver {\r\n    listen 80;\r\n    server_name  nas.yourdomain.com;\r\n    return 301 https:\/\/$host$request_uri;\r\n}\r\n  \r\n# For ssl\r\nserver {\r\n    client_max_body_size 8M;\r\n\r\n    ssl on;\r\n    ssl_certificate \/etc\/letsencrypt\/live\/nas.yourdomain.com\/fullchain.pem;\r\n    ssl_certificate_key \/etc\/letsencrypt\/live\/nas.yourdomain.com\/privkey.pem;\r\n    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n    ssl_prefer_server_ciphers on;\r\n    ssl_dhparam \/etc\/ssl\/certs\/dhparam.pem;\r\n    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';\r\n    ssl_session_timeout 1d;\r\n    ssl_session_cache shared:SSL:50m;\r\n    ssl_stapling on;\r\n    ssl_stapling_verify on;\r\n    add_header Strict-Transport-Security max-age=15768000;\r\n      \r\n    default_type  application\/octet-stream;\r\n      \r\n    listen 443;\r\n    server_name  nas.yourdomain.com;\r\n  \r\n    root \/var\/www\/nas.yourdomain.com;\r\n  \r\n    location ~ \/.well-known {\r\n        allow all;\r\n    }\r\n  \r\n    location \/ {\r\n        proxy_pass http:\/\/192.168.1.123:5000;\r\n    }\r\n}\r\n<\/pre>\n
    Thereafter, save the file by typing Ctrl-X<\/strong> followed by Y<\/strong>. <\/p>\n
    After that, run the following command to restart Nginx:<\/p>\n
    \r\nsudo systemctl restart nginx.service\r\n<\/pre>\n
    When your Nginx had restarted successfully, you will be able to access your Synology DiskStation Manager at nas.yourdomain.com<\/code> via HTTPS.<\/p>\n
    Renewing the Let's Encrypt SSL certificate for nas.yourdomain.com in the future<\/h2>\n
    Eventually, your Let's Encrypt SSL certificate will expire. In that case, you can renew your SSL certificate for nas.yourdomain.com with the following command:<\/p>\n
    \r\nsudo certbot certonly --force-renewal -a webroot --webroot-path=\/var\/www\/nas.yourdomain.com -d nas.yourdomain.com\r\n<\/pre>\n
    Solving: Failed to upload \"\". Connection failed. Please check your network settings.<\/h2>\n
    When you encounter the message:<\/p>\n
    \nFailed to upload \"\". Connection failed. Please check your network settings.\n<\/p><\/blockquote>\n
    while uploading your file, it could be that the file had exceeded 8MB. In this case, update the client_max_body_size  directive<\/a> to take a larger value. After you had changed the value in \/etc\/nginx\/sites-enabled\/nas.yourdomain.com.conf<\/code>, restart Nginx with the following command:<\/p>\n
    \r\nsudo systemctl restart nginx.service\r\n<\/pre>\n\n