Custom domain and SSL for a Synology NAS with a dynamic IP

With faster internet access finally connected I wanted to see it will be a viable option to replace my Dropbox account in favour of my Synology NAS ‘Drive’ feature; It’s basically Synology’s take on Dropbox or google drive.

Problem 1: Dynamic IP

My internet access doesn’t come with a fixed IP address which made me think I was going to have all sorts of problems, but thankfully that became a non-issue once I found out that Synology offers a DDNS service for free. Problem 1: Solved.

Problem 2: SSL with a domain I don’t control

My Synology NAS will let me create a self signed SSL certificate which isn’t all that useful with all warnings that a browser will server up because of being self signed, but it also gives me the ability to create and use a free Lets Encrypt SSL certificate.

Let’s say I’ve connected my NAS with Synology’s DDNS service and I have a URL
nas-name.synology.me which will take me to my NAS login page. I can’t make that URL secured via https (SSL) as I don’t have access to domain, which means I’ll have to park problem 2 and deal with the new ‘problem 3‘. Problem 2: On hold.

Problem 3: Point a domain I control to my Synology DDNS domain

I already own a number of domains to pointing a domain I own (specifically a subdomain) to my DDNS domain was a relatively simple task. All that’s required was to login to the cPanel account where the domain zone files are managed and add a new zone file record that points to the correct DDNS domain like so:

  1. Hostname: nas-name
  2. Record type: CNAME
  3. Target host: nas-name.synology.me

I set my TTL low-ish at 3600 (one hour) just in case I needed to make changes. Problem 3: Solved

Problem 2 version 2.0: SSL with a domain I control

Setting up a Let’s Encrypt SSL on the NAS was reasonably simple (read: I found a great walk-through, link below), but there was one little pain point for me on this one; closed ports. My router was blocking port 80 access to my NAS which is essential when creating a new SSL certificate, but after opening the port on my router and changing a couple of NAS settings, the set up was all done (or so I thought). Problem 2 v2.0: Solved.

Full walk-through: https://synoguide.com/2016/04/14/secure-your-synology-with-https-ssl-certificate-from-lets-encrypt/

Bonus problem: What?! why doesn’t it work?

I’m feeling a mix of achievement and smugness at this staging; I’m really starting to think that I am an I.T. hero (I am not). I punch in my shine new URL (with port number) https://nas-name.example.com:5001 and I am greeted with a super fun error in my browser: ERR_CONNECTION_REFUSED. Great… hero status removed. I cAN haz novice¿ ¯\_(ツ)_/¯

After much googling I found a comment in a forum thread saying that you can’t access your new secured URL if you are on the same local network as your NAS. A quick hotspot to my phone confirmed I was good to go. Bonus problem: Solved.

 

Comments are closed.