This will be a quick tutorial on http to https redirect for all of you using Synology reverse proxy (usually in a combination with Docker containers) or in general any means to host any content on your NAS.
Why is http to https needed? Well for one it will force any attempts to access your content on a non secure protocol as well as allow any visitors of your sites to simply be redirected to the correct URL no matter how they type it in the address bar.
Let’s give a quick example before the actual steps that are required. For example, you are hosting a web site of some sort on your NAS. Let’s also assume that you already have it running on https (more on this later). What happens if for some reason someone types www.yoursite.domain? By default, any browser will attempt to access it using http protocol (on its default port 80). Great, so non secure communication and on top of this, the wrong URL. Visitors will get that horrible “Page can’t be displayed” and that will be the end of it. NEXT!
Redirect, Change URLs or Redirect HTTP to HTTPS in Apache - Everything You Ever Wanted to Know About modrewrite Rules but Were Afraid to Ask. Then, Tomcat will redirect any matching url-pattern to the configured port in order to use HTTPS as guarantor of confidentiality in transport. So, if you want to redirect a specific URL, you have to complement connector's configuration with specific application configuration.
In order to avoid this, you need to configure http to https redirect so that this actually points users and visitors to the correct url without them typing in the correct protocol (http or https). Let’s see what needs to be done in order to get this running on your Synology NAS.Mar 12, 2021 The first step to redirect HTTP to HTTPS involves editing of.htaccess file via FTP or cPanel & then redirect to HTTPS in Apache/NGINX. SUCURI offers FREE cert under the WAF plan, and you can enable it by navigating to the HTTPS/SSL tab. First, select “Full HTTPS” in SSL mode. Second, select “HTTPS only site” in protocol redirection. Save the configuration, and in a few seconds, you will have your site accessible through https.
I will assume that you have several things already in place for this to make sense:
* Configured DDNS
* Configured and registered a public domain in order to maintain DNS records
* A valid domain certificate (preferably a wild card one *.mydomain.something)
* Apache HTTP Server installed on your NAS (you can use the Package center install)
* Knowledge and access to your router in order to port forward port 80 and 443
01. First we need access on ports 80 and 443 from the Internet to your NAS. Considering that this process will depend on your router of choice, please consult your manufacturer on how to port forward ports. The only thing that needs to be done here is to open port 80 and 443 and pass them to your NAS local IP address on those same ports.
02. Now we need to install Web Station and Apache (no matter what version) from the Package center.
Httpd Apache
03. Open up File Station and go to your web folder and create a subfolder of any name you would like (redirectHTTPS for example, it really doesn’t matter).
04. Next, create a file on your local computer and call it .htaccess. This file has no extension and in most cases as soon as you create it might disappear unless you have hidden files option active. Edit this file with a simple “notepad” application and add the following as its content:
05. Open Web Station -> navigate to Virtual Host and click the Create button. Here we will need to add the following:
06. Open up Revers Proxy in Control Panel > Application portal > Revers proxy tab and click Create
Let’s say that you wanna do a redirect for your www.yourdomain.something site that you are hosting on your NAS (as a Docker container). To make this work you need to make 2 entries. One for https to https redirect, and one for the actual revers towards your internal container where the site is.
07. Redirect entry steps are these:
Now that we have a redirect entry, it’s time to make a reverse entry that will actually lead users to your web content located in your docker container.
08. Revers proxy steps for your site are these:
09. Finally, open up Control Panel > Security > Certificate and make sure that you have a valid SSL certificate for your domain imported. If you have, then click the “Configure” button to configure your new reverse entry (listed here under the revers description name that you have used) in order to add your ssl certificate to it.
We have now completed all the steps needed on the Synology side. All that it's now left to do is to point Internet requests towards your web site name. To do that we will need an A host or CNAME record in your domain DNS setting. Depending on your domain provider this can also depend on how the configuration looks like, but you have 2 options here no matter what.
To add a record you will need to go to your domain DNS configuration setting and add
Redirect Apache To Https
A host OR CNAME record.10. If you have a public static IP address provided by your ISP create a A host record with its name “www
Redirect Http To Https Apache Virtual Host
” (no need to add the full domain name here, considering that it will be added automatically) and as a value enter your public IP address. If on the other hand, you don’t have a static IP address you can enter your NAS DDNS name in the form of a CNAME (alias). Again, enter “www” as the name and as a value enter your ddns name that you have associated with your NAS. This way all Internet requests will be redirected to your NAS current public IP address.That’s it! Well done! Now you can access your site public name without the need to specify https protocol because any request will be redirected to it anyway.