Free ports 80 and 443 on Synology NAS

free_ports.sh

#! /bin/bash

# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
# Developed for DSM 6 - 7.0.1. Not tested on other versions.
# Steps to install
# Save this script in one of your shares
# Edit it according to your requirements
# Backup /usr/syno/share/nginx/ as follows:
# # cd /usr/syno/share/
# # tar cvf ~/nginx.tar nginx
# Run this script as root
# Reboot and ensure everything is still working
# If not, restore the backup and post a comment on this script's gist page
# If it did, schedule it to run as root at boot
#   through Control Panel -> Task Scheduler

HTTP_PORT=81
HTTPS_PORT=444

BACKUP_FILES=true # change to false to disable backups
BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=false # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS=30

DATE=$(date +%Y-%m-%d-%H-%M-%S)
CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"

if [ "$BACKUP_FILES" == "true" ]; then
  mkdir -p "$CURRENT_BACKUP_DIR"
  cp /usr/syno/share/nginx/*.mustache "$CURRENT_BACKUP_DIR"
fi

if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
  find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi

sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache

if which synoservicecfg; then
  synoservicecfg --restart nginx
else
  synosystemctl restart nginx
fi

echo "Made these changes:"

diff /usr/syno/share/nginx/ $CURRENT_BACKUP_DIR 2>&1 | tee $CURRENT_BACKUP_DIR/changes.log

Hi @julichan ,

Thank you for your guidance.

I currently have self-signed certificates set up for Traefik, and after testing my Docker Compose setup on my local host, I'm able to access traefik.contoso.com and confirm that the certificates I've defined are being used successfully.

However, according to your guide, when I configure other ports on Synology—specifically 8088 and 8443 mapped to container ports 80 and 443—I notice that accessing the Traefik domain only presents the certificates issued by Synology.

Could you advise me on how to configure it so that Synology does not try to assign TLS certificates, allowing me to bypass this issue?

Hello @mrkhachaturov,

Thanks for reading my posts.
Your self signed certificates are used to communicate between syno's proxy and traefik so when you open your browser to your traefik url, the browser will use the certificate configured in your synology dsm. I don't use that configuration anymore (i use a macvlan on traefik and contact directly the container) so I cannot confirm if the following configuration will suit you or work as expected.

You can open the control panel on your synology, then go to Security and Certificate. From this location, you can import several certificates. The certificate your browser will use will depend on the url it calls your server with. Click the setting button and a pop-up will open where you can select which certificate is used for which service and amongst them, you ll see each of the url configured in synology's reverse proxy. Change the one that match your traefik url after importing or creating a matching certificate.

Ps: somehow, the uploaded image won't show up, bug?

Hope that helps ;)

Thank you, @julichan.
I’ve already updated my setup to use a macvlan configuration with a dedicated VLAN ID.

A little bit bit of finetuning and works like a charme :-)

A little bit bit of finetuning and works like a charme :-)

@ctrlaltdelete007 what were the issues that required you to do some finetuning?

Edit: I was able to get it working, I just needed to reboot. I have my Synology set to run this script at reboot as well, which I believe is what fixed it. The script took the port away from Synology WebGUI at reboot.

@ZaxLofful , i ran the script at reboot as well but running sudo netstat -tulnp | grep ':443 ' shows that my ports are still tied to synology's nginx :( any thoughts?

I'm running DS723+ on DSM 7.2.2-72806 Update 1