https://szjani.medium.com/how-i-set-up-my-personal-domain-on-my-nas-27ef89df1387
https://www.youtube.com/watch?v=sj0JhRAOq2g
How I set up my personal domain on my NAS
A walkthrough starting with buying a domain, publishing a website on a Synology NAS and having a cool email address
I was thinking a lot what title I should give to this post as I am going to cover a bunch of things here. I intentionally did not mention any technology or service provider in the title as you can tailor it for your own needs: you may not have a Synology but a QNAP NAS or you may rather prefer Google G Suite over Zoho Mail.
I would like to show you how I set up my NAS to reach that via HTTPS, how I run my website there, how I managed to create a firstname@surename.com email address, which looks really professional in a CV. I am also sharing with you some best practices and explanations why I decided to use the following technology stack:
- Synology DSM 6.2
- Any DNS provider
- Cloudflare
- Let’s Encrypt
- Zoho mail
Buy your custom domain
First you will need a custom domain name. I decided to use *szurovecz.hu* because Szurovecz is my surename and I wanted a cool email address built from my name: *janos[at]szurovecz[dot]hu*. I also wanted to publish my website on janos.szurovecz.hu. Needless to say this also allows me to let my family members have their own email address and website. If [surename].com (built from your family name) is already registered then try to choose another TLD: [surename].dev or [surename].eu may still be available. Of course you can pick any available domain name you want.
I recommend you GoDaddy, Namecheap, Porkbun or Rackhost but there are thousands of DNS providers on the market. It is worth to check the price, you might be surprised about the differences.
Hey, my ISP does not give me a static IP address. What should I do?
You can pay extra money for a static IP address. It would definitely simplify your life as you will only need to edit a DNS record and you can leave that as is forever. If you do not want to pay for it or your ISP cannot provide you a static IP address then you can workaround this with Cloudflare.
What we need from Cloudflare is the ability to modify a DNS record via an API. The idea is that a background process will be checking your IP address and whenever that changes, it updates the DNS record. It is important to understand that your website may be temporarily not available for a short time until the IP address change is propagated. It should not take more than a few second or minutes, but it also means you should not use this approach for critical websites that must be available all the time.
I was using Dynu.com before I migrated to Cloudflare. Dynu.com also has an API but its free tier limits the number of DNS record you can manage. There is no such limitation in Cloudflare.
Set up Cloudflare
Create an account on cloudflare.com and add a new site. Type your domain name and select the free plan. After a quick scan all the existing records will be listed. Going forward you will be requested to change your name servers. It means you have to login to the administration interface of your domain registrar and replace the existing name servers to the cloudflare ones. Once you are done let’s wait for a while. If everything is fine then all DNS requests for your domain will first go to your registrar but the actual IP address resolution will be done by Cloudflare.
All of my DNS records
My advice is to create an A record for your NAS like nas.szurovecz.hu. Only this record will need to be updated from your NAS whenever your IP address changes. Please note that the proxy is disabled for this A record above: I do want direct access to my NAS. On the other hand the janos CNAME record is proxied, which means all requests coming to the janos.szurovecz.hu are handled by my NAS too, but users communicate only with Cloudflare not directly with my NAS. The Cloudflare proxy gives you such nice features like HTTPS, HTML compression, DDoS attack handling and last but not least it does not expose your NAS.
Update the DNS record
Docker is a great tool to run almost anything in a controlled way, in isolation on your server/workstation. In general I encourage you to check if there is a Docker-based solution when you need something. Updating the IP address in your DNS record can also be done with Docker. Moreover, Synology DSM has a nice built-in Docker integration.
Downloading a Docker image that will be updating our DNS record
Download the *oznu/cloudflare-ddns* image from the repository. Once done launch the image and click on the Advanced Settings button. You have to provide some environment variables for the image:
- API_KEY: Here you can find how you can generate a Cloudflare key: https://github.com/oznu/docker-cloudflare-ddns#creating-a-cloudflare-api-token
- SUBDOMAIN: The subdomain you set in the A record.
- ZONE: The domain name you registered.
- PROXIED: Although it is false by default, it is better to explicitly set. If you are updating a proxied record with this approach and you forget this variable then the proxy will be turned off after the first run and your origin IP will be revealed.
Important environment variables to reach the Cloudflare API
After this you can finish the wizard and your new container should be running. The log tab on the container details screen shows whether the domain update was successful.
The NAS domain now should be resolved to the current IP address.
Create a certificate for your NAS
Cloudflare gives you HTTPS support off the shelf but only if the record is proxied. As I wanted to reach my NAS directly, I had to take care off a valid certificate.
Let’s Encrypt gives you valid, trusted certificate for free. However the certificate need to be renewed every 90 days. There are plenty of ways doing this, fortunately DSM has built-in support.
In order to be able to create or renew your certificate, port 80 must be available on your NAS. If your NAS is behind a router then create a port forward in your router or define your NAS as a DMZ. You can find more information about these in your router’s manual. *Actually this is one reason why this record cannot be proxied in Cloudflare.*
Creating a Let’s Encrypt certificate
Create a new Let’s Encrypt certificate. Use your NAS domain name and any of your email addresses.
If the certificate is created then you can define which certificate you would like to use for which services.
Configuring the certificates
Publish your website
I really cannot explain in this post how a website can be created. You can host a static website or you can even run a dynamic one. But you have to decide the address of your site: it can be either a subdomain or the root domain. Create a CNAME record in Cloudflare and set your NAS’ domain as target. As you can see above, this record is proxied so I can utilize all those features that are provided by Cloudflare.
For a static website I recommend to use the DSM Web Station: create a new virtual host, set you document root that contains the index.html and you are done. For a more complex site you can use the power of Docker. In this case I suppose you have a running web-server in your container that need to be exposed so make that accessible from the internet.
Expose your Docker web-container
If you have a running Docker container in which there is a running web-server then you need to create a reverse proxy in DSM. You do not need to support HTTPS in your container as
- Your new reverse proxy could also support HTTPS
- Cloudflare also acts as a reverse proxy, so HTTPS support is only need to be enabled there
Creating a reverse proxy to expose our web-server running in a container
This setup allows HTTP requests coming from the internet to the janos.szurovecz.hu host and port 80 to reach the container on port 5180. As this subdomain is proxied in Cloudflare, only Cloudflare will reach this endpoint directly.
This way you can easily publish separated websites for your family members.
And finally the email
Hosting a mail server requires high availability, otherwise the incoming emails will be lost when your server is down. Therefore I chose a paid service instead of managing it on my own server. Of course I wanted to keep the cost low so I decided to use Zoho.
I used to use Google G Suite too. That is a really nice service though more expensive than Zoho. The yearly price for 1 user is only €12 in Zoho. For the same price I would go with Google but I am okay with Zoho.
Register an account in Zoho choosing *Business Email.* Personal email would result a name@zoho.com address. In the Control Panel you can manage your domain, but it will be asked during the sign-up process. You will need to create records in Cloudflare to prove you ownership and to reduce the risk of being recognized as a spammer. Check my Cloudflare screenshot above.
Good to know that you can create any alias, so you can use nickname@yourdomain.com too for free. You can even register multiple domains and use as alias, you will need to pay only on user basis.
This is like Lego bricks: you have to decide what you would like to achieve and check what you already have in your box. If you do not need a certificate then you can completely ignore that part. If you are using any Linux OS on your NAS then I am sure you will find how you can install Docker or how you can create a reverse proxy in Nginx running on your host. Even if you chose another email service provider quite similar steps will need to be taken.
Quite a few people need exactly the same things and having exactly the same infrastructure but if you understand the steps above, you are ready to customize it. So what is your plan now?
Update: If you would like to use a custom domain name for Photo Station and fixing the */photo* path issue then read my related story: https://medium.com/@szjani/custom-domain-for-photo-station-on-a-synology-nas-c80deddb2d1b
I live in Hungary, I have a Program Designer Mathematician master degree. 7 years of Java dev / team lead / architect experience, working as a delivery manager
Follow
6
1
6
1
You will need to setup a dns record on your hosting provider, pointing to your WAN address.
Then you will need to setup a port forwarder on your firewall pointing to the local device.
So you do have a DDNS registered name, but on top of that you have a registered domain name with some 3rd party provider as well? Like GoDaddy for example? If so then you can create a dns alias with that register so that its redirects your requests to your ddns address and that way allow you access to your NAS.
l you will need to log into your hoggrom.no domain, and setup a CNAME parameter (if you can). That parameter needs to point to your NAS. If your NAS is on a location that has regular IP change you will need to use a DDNS setup (in DSM control panel > remote access) so that you can point your CNAME to your DDNS name and be able to always land on your NAS using your hoggrom.no address.
Depending on your domain provider and its configuration options you should be able to set this up with no problem.
Rusty1281 wrote:Well you will need to log into your hoggrom.no domain, and setup a CNAME parameter (if you can).
According to my domain provider this is possible. In the help section this is written: You can administer unlimited number of DNS-pointers. You can create as many subdomains as you want, and let them point where you want (eg http://www.mittname.com -> 194.63.248.47). You can enter pointers both to IP-addresses (A-records) and to other subdomains (CNAME records). Our DNS administration also supports IPv6 (AAAA records), as well as NS, MX, SRV and TXT records.
Rusty1281 wrote:That parameter needs to point to your NAS.
I understand that I should make sure that hoggorm.no points to my IP address? This is what you mean? What I've done is in the DNS-pointer part of the domain control panel: Here I've made sure that my domain (hoggorm.no for example) goes to my IP address that I find when using for example http://www.whatismyip.com). As a sidenote: When my DiskStation was running the web server package a few weeks ago I could see sort of a webpage when I entered my domain in any web browser. The webpage stated that a website was not yet set up on the Synology NAS. This tells me that the DNS-pointer works, correct? I did however uninstall the webserver since I do not plan to set up a webserver right now. After uninstalling the webserver and closing the relevant ports any attempt to access my website now ends in a timeout. Will I need to open some ports in my router again to allow access to the DiskStation Manager webpage?
Rusty1281 wrote:If your NAS is on a location that has regular IP change you will need to use a DDNS setup (in DSM control panel > remote access) so that you can point your CNAME to your DDNS name and be able to always land on your NAS using your hoggrom.no address.
I do not have a static IP and my ISP do not support this for private customers… However, the IP rarely changes, and never has the last two years, even after a restart of the modem. In any case I assume the IP to be static.
I understand that I should make sure that hoggorm.no points to my IP address? This is what you mean?
Correct
As a sidenote: When my DiskStation was running the web server package a few weeks ago I could see sort of a webpage when I entered my domain in any web browser. The webpage stated that a website was not yet set up on the Synology NAS. This tells me that the DNS-pointer works, correct?
Correct again
After uninstalling the webserver and closing the relevant ports any attempt to access my website now ends in a timeout. Will I need to open some ports in my router again to allow access to the DiskStation Manager webpage?
Yes you will. If you haven't change your default port to access your DSM page (5000 or 5001) then you will have to forward them (or one of them) in order to access your login page.
If you don't have a static IP then setting up a A host record will work just until your IP changes. Some ISPs change it once in 24h others like you said could use the same ip for a long time. The point is if you are pointing to an IP address then use the A host record, if you will setup a DDNS name on your NAS then point to it using a CNAME record.
Bottom line you are on the right track.
Comment
Rusty1281 wrote:Yes you will. If you haven't change your default port to access your DSM page (5000 or 5001) then you will have to forward them (or one of them) in order to access your login page.
If you don't have a static IP then setting up a A host record will work just until your IP changes. Some ISPs change it once in 24h others like you said could use the same ip for a long time. The point is if you are pointing to an IP address then use the A host record, if you will setup a DDNS name on your NAS then point to it using a CNAME record.
Bottom line you are on the right track.
Thank you Rusty,
I've opened port 5000 and 5001 on the router and pointing it to the local NAS IP address with UDP, TCP and Both protocols, but entering my domain address unfortunately still ends in a connection timeout. Just to be sure I've also checked with the DSM Firewall disabled…
And you have setup a correct host record pointing your domain name to your NAS IP? When did you do it? It could take hours for those records to start being in effect. What happens when you ping that host record, does it resolve your public IP address from the location where your NAS is?
Comment
HHoggorm @hoggorm*Dec 12, 2017
0 Likes
Toggle Dropdown
Rusty1281 wrote:And you have setup a correct host record pointing your domain name to your NAS IP? When did you do it? It could take hours for those records to start being in effect. What happens when you ping that host record, does it resolve your public IP address from the location where your NAS is?
As far as I can see yes… I did this a few weeks ago when I tried the web server package in DSM. When I ping my domain, the correct IP shows up, but it says that the site is down (probably because there is nothing that responds?) Should the 5000 and 5001 ports be TCP, UDP or both? (I've tried all, but it would still be best for further testing that they are set correctly)
Synthology
A possible simple alternative that works for me:
I’m using the Synology DDNS service. My array keeps it up to date quite nicely.
I have my domain hosted at XXXXX registrar and I can create DNS entries there. I can then create CNAME entries to point to my DDNS record.
For purposes of the following examples, my array is foobar.synology.me and my DNS domain name is mydomainiscool.com
Create a CNAME in mydomainiscool.com for your VPN at home: CNAME vpn.mydomainiscool.com –> foobar.synology.me
Or how about your website hosted on your Synology?: CNAME www.mydomainiscool.com –> foobar.synology.me
And so on and so on.
IP Terms / Setup on NOip.com
https://www.noip.com/support/knowledgebase/configure-ip-hostname/
How to Configure Your No-IP Hostname [my.noip.com]
If you are confused about how to configure your No-IP hostname, read the information below and see what each setting is used for.
The images below show what you will see when adding a hostname with my.noip.
DNS Host (A): An A Record is the basic setting for DNS. If you are setting up a new hostname with us, this option will most likely be what you will use. A Records are used to map your IP address (usually a dynamic IP address) to a domain name.
Example: A Records make things easier by letting you connect to a site using a hostname and not an IP address. If your IP address is 168.55.43.11 and you want to connect to it using your browser, you simply type your hostname (yourname.no-ip.org) instead of the IP address.
DNS Host (Round Robin): Round Robin is a bit more complex. It is similar to an A Record, but instead of pointing one IP address to a hostname, it points multiple IP addresses to one hostname. Round Robin is used to achieve DNS load balancing on a server.
CNAME: This type of record is used to point one or multiple hostnames to another hostname. This setup makes updating multiple hosts to the same DNS settings easier. When the first is updated, the rest are as well.
Example: If myname.no-ip.com is a CNAME to yourname.no-ip.com then myname.no-ip.com inherits the DNS settings of yourname.no-ip.com.
Port 80 Redirect: This option needs to be used if your Internet Service Provider blocks port 80, which most commonly do. It enables you to reach your server without having to type the port after the hostname.
Example: Without Port 80 redirect you would have to type the following into your browser: yourhost.no-ip.org:8080. With Port 80 redirect you can simply type the hostname: yourhost.no-ip.org
Web Redirect: This maps your hostname to a web URL. Web Redirects only work for HTTP and cannot be used to remotely access your computer.
Example: If you use a Web Redirect yourname.no-ip.com would redirect to www.yourname.com. Traffic that types yourname.no-ip.com into the browser would be automatically redirected to www.yourname.com, effortlessly.
Assign to Groups: Groups simplify updating hosts. If you have multiple hosts and want to update them in an effective way, create a group. By grouping your hosts you can update all the hosts in your group to a given IP address. If you are an Enhanced or Plus DNS user, you can even create sub-accounts and password protect them.
Enable Wildcards: A Wildcard makes all subdomains resolve to the same record as the parent. This means, if you enable Wildcard for yourname.no-ip.org, anything.yourname.no-ip.org would resolve to the same address as yourname.no-ip.org without explicitly creating that host. This is useful if you want to set up many virtual hosts for your personal web server.
Asustor College
https://www.asustor.com/en/online/College_topic?topic=224
COURSE OBJECTIVES
Upon
completion of this course you should be able to:
1. Configure
your network equipment to setup remote access to your NAS via the Internet.
PREREQUISITES
Course Prerequisites:
NAS
221: Remote Access – Using EZ ConnectTM
Students are
expected to have a working knowledge of:
Signing up for DDNS services and setting up routers
OUTLINE
1. Remote
Access
1.1 Accessing your ASUSTOR NAS
using the Internet
1.2 Configuring your router
1.3 Configuring DDNS service
1.4 Additional notes
Appendix
List of Ports Used by ASUSTOR
Applications
1. Remote Access
1.1 Accessing your ASUSTOR NAS using the Internet
ASUSTOR provides users with quick
and convenient solutions that allow them to use their NAS through the internet
and remotely access their files, creating an exclusive private cloud. You can
use any of the following methods to set up remote access to your NAS.
a. Directly
connecting your NAS to the internet
If you have a static IP address,
you can choose to directly connect your NAS to the Internet, without having to
go through any routers or firewalls. Please note that this method will directly
expose your NAS to the Internet and you may be more likely to experience
malicious attacks.
b. Connect your NAS to your router
and then use ASUSTOR EZ ConnectTM
ADM’s built-in EZ ConnectTM function can help you to complete
the necessary router configurations for setting up remote access to your NAS.
For more information please see:
NAS 221 Remote Access – Using
EZ Connect
c. Connect
your NAS to the internet and manually configure your connection.
If you are using an incompatible
router and cannot use EZ ConnectTM to complete your remote connection settings, the instructions below
will explain how to manually configure your router to give you remote access to
your NAS.
1.2 Configuring your router
Ports
are like telephone extension numbers in that they allow you to quickly find the
person or service that you are looking for. To let the NAS on your local area
network allow access from devices on the internet, you must first set up the
correct port forwarding on your router. This way, when connection requests are received
from the internet asking for the appropriate port, the router will know where
to direct them.
Before configuring port forwarding
please first note your router’s IP address, administrator username and
password. Usually port forwarding settings are located under one of the
following headings on your router’s settings page:
▪ Advanced Settings
▪ Firewall Settings
▪ Port Forwarding
▪ Virtual Server
In the following example, we will
demonstrate how to set up port forwarding on a router made by ASUS.
STEP
1
-
Enter the router’s LAN IP address
into a Web browser. The ASUS router’s default IP address is 192.168.1.1. -
Enter the administrator username
and password. The default username and password for the ASUS router is “admin”. -
In the [Advanced Settings] panel
on the left hand side, click on [WAN]. - Click on the [Virtual Server/Port Forwarding] tab.
STEP
2
-
Enable
port forwarding by clicking on the [Yes] radio button beside the [Enable
Port Forwarding] heading. -
Under the [Service Name] field enter a name of your choice, and then enter
the number of the external port you want to open, your NAS’s IP address and
port number in the corresponding fields. If you want to use your Web browser to
access your NAS, you will need to open ADM’s Web page service (default port:
8000). The table below shows you the information that you will need to fill out
for each field.
|
Service Name |
Port Range |
Local IP |
Port |
Protocol |
|
ADM |
8000 |
192.168.2.6 |
8000 |
TCP |
As
mentioned previously, the IP address of the NAS in our example is
192.168.2.6.
-
If you wish to open up other
services in order to access them through the internet, please see the Appendix
of this guide.
Appendix: List of ports used by ASUSTOR applications.
STEP
1
-
Sign up for DDNS service. For instructions please see section 1.2 of NAS
321: Hosting Multiple Websites with a Virtual Host.
STEP
2
-
Enable DDNS service on the NAS. For instructions please see
section 2.2 of NAS 321: Hosting Multiple Websites with a Virtual Host.
1.4 Additional notes
1. The Internet uses ports to
exchange data; each specific port can only be assigned to be used by one specific
application or service. Two computers cannot simultaneously use the same port
to access data.
2. Settings and configuration methods
will differ between routers. If you require more detailed information on port
settings please see the instruction manual for your router or visit the
following website: http://portforward.com/routers.htm