Cannot connect to Synology DSM when put behind traefik

[rondobohrens]

Hi,

thanks for putting this great guide together, really appreciate all the effort.

I was trying to put my Synology DSM behind traefik and make it accessible from the outside.
To achieve this, I created a new toml file in the rules folder.

[http.routers]
  [http.routers.synology-rtr]
      entryPoints = ["https"]
      rule = "Host(`dsm.mydomain.com`)"
      service = "synology-svc"
      middlewares = ["chain-authelia"]
	  #middlewares = ["chain-no-auth"]
      [http.routers.synology-rtr.tls]
        certresolver = "dns-cloudflare"

[http.services]
  [http.services.synology-svc]
    [http.services.synology-svc.loadBalancer]
      passHostHeader = true
      [[http.services.synology-svc.loadBalancer.servers]]
        url = "http://myip:myhtmlport" # or whatever your external host's IP:port is

I can reach the dsm from inside the network via my IP and port.
From the outside, I can only get as far as the authelia auth but then end up in a loop, not being forwarded to the DSM.
I also tried no-auth to see if that causes the issue but it did not help.

Did anybody else try to solve this?

Thanks!

[anandslab]

I have the this and it works for me from anywhere. I even have 2FA enabled in Synology and it works.

[http.routers]
  [http.routers.synology-rtr]
      entryPoints = ["https"]
      rule = "Host(`dsm.example.com`)"
      service = "synology-svc"
      middlewares = ["chain-authelia"]
      [http.routers.synology-rtr.tls]
        certresolver = "dns-cloudflare"

[http.services]
  [http.services.synology-svc]
    [http.services.synology-svc.loadBalancer]
      passHostHeader = true
      [[http.services.synology-svc.loadBalancer.servers]]
        url = "http://LAN-IP:5000" # or whatever your external host's IP:port is

Is your Synology set to redirect to HTTPS?

Set traefik and authelia logs to info and check for any errors when you access DSM.

[rondobohrens]

Thanks, really appreciate it!

I set traefik logs to INFO, but it does not throw out any message when I try to connect to the DSM.
I also made sure to turn automatic rereouting to HTTPS off in my DSM.
Any other network settings I need to take care of - or any other way to debug the problem?

Thanks again

[rondobohrens]

I solved it with the help of a friend!
As my dsm is in a different subnet, I have to route the traffic to the standardgateway of the subnet that traefik is in and the respective port. Now everything works - hope that helps some ppl with the same problem.

[anandslab]

Thank you for reporting back and closing.

[marsavela]

In case anyone stumbles upon this and tries to replicate the config, you have to DISABLE the HTTP to HTTPS redirection in Synology.

Had to fight a little bit with it, thinking @htpcBeginner meant that the setting needs to be enabled in THIS comment.

[pranavmishra90]

In case anyone stumbles upon this and tries to replicate the config, you have to DISABLE the HTTP to HTTPS redirection in Synology.

Had to fight a little bit with it, thinking @htpcBeginner meant that the setting needs to be enabled in THIS comment.

Thanks for the suggestion, this was the issue for me. For those that are finding this thread, you have to go into the DSM control panel, and uncheck the forwarding box:

I'm using the following yaml, kept in the /rules folder as "dsm.yaml"

http:
  routers:
    synology-rtr:
      entryPoints:
        - https
      rule: Host(`dsm.example.com`)
      service: synology-svc
      middlewares:
        - chain-authelia
      tls:
        certresolver: dns-cloudflare
  services:
    synology-svc:
      loadBalancer:
        passHostHeader: true
        servers:
          - url: 'http://192.168.0.10:[http port number]'

[proddy]

thanks for sharing!