this post was submitted on 17 Dec 2023
17 points (87.0% liked)

Selfhosted

39435 readers
3 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
17
submitted 11 months ago* (last edited 11 months ago) by Tsubodai to c/[email protected]
 

I run a load of containers on a NAS, and reverse proxy them through synology's inbuilt reverse proxy settings.

Essentially, I'd like to harden my security, and not really sure how best to do it.

Seeing people recommend nginx proxy manager, I've tried to set this up but never managed to get the certificates to work from letsencrypt ("internal server error" when trying to get one). When I finally got it working a while ago (I think I imported a cert), any proxy I tried to setup just sent me to the Synology login page.

I've tried to setup the VPN that comes with Synology (DSM 7+), but I must have set it up using the local IP address. It only works when I'm on my LAN, and not from an external network. Which is kind of the point, lol. I would like to use VPN to access the home network when out and about.

I've set random, long, unique passwords for everything I want to access, but I am guessing this is not the most secure, after seeing so many people use and recommend vpns.

I have tailscale, which is great for ssh-ing onto my Nas from the outside world. But to access my services, is a VPN the best way to do it? And can it be done entirely myself, or does it require paying for a service?

I've looked at authentic - pretty confusing at the outset, and Isee few evenings of reading guides ahead of me before I get that working. Is that worth setting up?

Does anyone have any advice/guides/resources that might help?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 11 months ago (1 children)

In that case, enjoy! It's a great feeling when you get it working.

If you're going to do it on your synology, see if you need to fix the TUN error. Also, you need to add ip routes to your synology to have the IP's from your VPN on docker forwarded to docker. Make sure these are persistent or added on every startup.

Make sure you allow the VPN to work by adding it to the synology firewall.

You need to setup port forwarding on your router. It needs to point to your synology to the port which is linked to the docker container. You also need to add the route to your router to be able to access your network. For instance, if your VPN has 10.0.3.* and your LAN uses 10.0.0., your LAN/router won't know where to send the response packets to the VPN network. So when connected to your VPN you will never be able to load stuff. If you add that 10.0.3. needs to route to your synology, and your synology knows that range needs to be routed to the Docker VPN container everybody knows where it needs to go.

[–] Tsubodai 1 points 11 months ago

Brilliant, many thanks!