Skip to content

adrw // Andrew Alexander

Kitchen Alexander

Traefik Reverse Proxy on Synology DSM

Tech1 min read

Synology DSM is great out of the box with training wheels but eventually you want to do a wheelie and need to free all of the default port bindings so you can run your own reverse proxy.

In my case, I wanted to run Traefik in a Docker container and let it handle routing of HTTPS and other port traffic since editing Traefik YAML files gets to be a bit easier and faster than clicking through Synology's Reverse Proxy UI for every port and service combination.

This free_ports.sh script ended up doing the trick to free Synology's bindings of standard HTTPS, and HTTP ports which then would allow the Traefik container to bind to 80, 443 and others without contention and thus manage reverse proxy and SSL certificates and termination outside of Synology DSM.

1#! /bin/bash
2

3# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
4# Developed for DSM 6/7. Not tested on other versions.
5# Steps to install
6# Save this script in one of your shares
7# Backup /usr/syno/share/nginx/ as follows:
8# # cd /usr/syno/share/
9# # tar cvf ~/nginx.tar nginx
10# Run this script as root
11# Reboot and ensure everything is still working
12# If not, restore the backup and post a comment on this script's gist page
13# If it did, schedule it to run at boot
14#   through Control Panel -> Task Scheduler
15

16HTTP_PORT=81
17HTTPS_PORT=444
18

19BACKUP_FILES=true # change to false to disable backups
20BACKUP_DIR=/volume1/apps/free_ports/backup
21DELETE_OLD_BACKUPS=false # change to true to automatically delete old backups.
22KEEP_BACKUP_DAYS=30
23CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"
24

25DATE=$(date +%Y-%m-%d-%H-%M-%S)
26

27if [ "$BACKUP_FILES" == "true" ]; then
28  mkdir -p "$CURRENT_BACKUP_DIR"
29  cp /usr/syno/share/nginx/*.mustache "$CURRENT_BACKUP_DIR"
30fi
31

32if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
33  find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
34fi
35

36sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
37sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache
38

39echo "Made these changes:"
40

41diff /usr/syno/share/nginx/ $CURRENT_BACKUP_DIR 2>&1 | tee $CURRENT_BACKUP_DIR/changes.log
42

43# Perform nginx reload if running on DSM 7.X
44if grep -q 'majorversion="7"' "/etc.defaults/VERSION"; then
45  nginx -s reload
46fi
47# Might need to manually run $ sudo systemctl restart nginx
© 2022 by adrw // Andrew Alexander. All rights reserved.
Theme by LekoArts