Search code examples
nginxreverse-proxysynology

Nginx reverse proxy on Synology DSM stopped working after update to DSM 6.2.2 Update 3

I have a DS415+ with a custom setup for reverse proxy for several services running in Docker containers following this post on Reddit. Everything worked perfectly until I updated to DSM 6.2.2 Update 3. Since then, trying to access these services results in timeouts, although curl-ing localhost:port or DiskStation_LAN_address:port works fine.

I tried renewing the certificates from LetsEncrypt, taking out some of the options one at a time, clearing the connection via:

proxy_set_header        Connection          "";

Nothing worked...

This is my custom server.conf file:

server {
    listen 80;
    listen [::]:80;

    server_name XXXXXXX.XXXXXXXX.XXX;

    # Include this if you want to get a letsencrypt certificate for the domain you're using
    location ^~ /.well-known/acme-challenge/ {
        auth_basic off;
        root /var/lib/letsencrypt;
        default_type "text/plain";
    }

    # Include this if you want to automatically redirect to HTTPS
    location / {
        return 301 https://XXXXXXX.XXXXXXXX.XXX$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name XXXXXXX.XXXXXXXX.XXX;

    large_client_header_buffers 4 32k;

    # Include these if you want to use a specific certificate,
    # you'll need to find the location of the letsencrypt after you get it...
    # so this might need to be updated afterwards
    ssl_certificate /usr/syno/etc/certificate/_archive/XXXXXX/fullchain.pem;
    ssl_certificate_key /usr/syno/etc/certificate/_archive/XXXXXX/privkey.pem;
    # add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload" always;

    # Include this if you want basic authentication required
    # auth_basic “Restricted”;
    # auth_basic_user_file /etc/nginx/.htpasswd;

    # Sonarr, requires Sonarr update webhome configuration to match
    location /sonarr {
        proxy_set_header        Host                $http_host;
        proxy_set_header        X-Real-IP           $remote_addr;
        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto   $scheme;
        proxy_set_header        Connection          "";
        proxy_intercept_errors  on;
       proxy_http_version      1.1;

       proxy_pass http://localhost:8989;

       proxy_redirect default;
    }
}

Does anyone have any suggestions for diagnosing why the timeout occurs, and hopefully a solution? As I said, the services are running and can be accessed using the NAS address + port, but can't be accessed from outside. nginx is version 1.15.7. Many thanks in advance!

Solution

  • I feel so stupid... turns out that, for whatever reason, the port forwarding rules on my router had reset. Once I restored them, everything works perfectly well.