1

i have an exchange server in a small office, and a synology web server running the website. Iam forwarding https 443 to my exchange server from my router for owa/ecp etc with a SSL. The synology NAS running my website is just using 80 right now, id like to add a SSL cert to the website for this id need to forward 443 to the NAS also.

so right now the flow is - external 443 > mydomain (my public ip / router) > forwards to exchange server IP.

My ask is can i forward 443 to my NAS IP also?, because if i type in htts://example.com it brings up the OWA (as expected). And if its just http://example.com it brings up my website. But i want to add ssl to my website which will mean all http will redirect to https.

is this possible?

Tecnhnik
  • 11
  • 1

2 Answers2

1

This could be done if you accept that the domain names have to be different for each purpose.

Like exchange.mydomain.com and nas.mydomain.com

IN which case you could put a proxy on 443 like HAProxy or NGINX

Both domains could be pointed at the same port, same IP, and let the host headers sort out where it gets forwarded on the back end. This way you do not have to remember non standard ports to append to a URL.

This is how web hosts that host multiple sites per IP do it, either in the web server or by proxy. And why if you do a reverse DNS lookup on multiple sites they will sometimes resolve to the same IP but still both run on 443.

Not terribly hard, but not a point and click deploy either, just totally doable.

Sabre
  • 425
  • 2
  • 15
  • thanks ill look into setting up a proxy, will be a learning curve at the same time – Tecnhnik May 25 '23 at 20:51
  • Beware that with a reverse proxy and Exchange, it will be tricky to make NTLM auth work. Nginx only can do it in its paid version, Apache can't do, I don't know about haproxy but I doubt it can do it too. The way to do it using FOSS is to use Caddy reverse proxy server, custom build with nonstandard module; that's easy, just pick module on their web build page. – Nikita Kipriyanov May 26 '23 at 05:03
0

My ask is can i forward 443 to my NAS IP also?

Short answer: No. A specific port can only be forwarded to a single host.

You can work around this limitation by using an alternative HTTP port for the synology NAS.

You would need to login to your NAS admin page, go to Control Panel/Network/DSM Settings and under DSM ports change the HTTPS port to something that is not in use. I'd recommend either 8443 or 8080. These are pretty common ports to use, and are not likely to interfere with any other services you are running in your environment. If you are using 8080, you could try 8081. Really almost anything (that is not in use) will work, but try to keep it under 10000.

Dre
  • 1,710
  • 7
  • 12
  • 1
    Or you can use name based vhosting and a reverse proxy. – vidarlo May 25 '23 at 18:03
  • thanks for the reply, i dont think synology allows you to change the webstatiion port which is the application used to host websites. i can change the web services port which is the admin page of the nas but thats not what i want. – Tecnhnik May 25 '23 at 20:50
  • Hi. This link may have a way to change the ports on the application side: https://kb.synology.com/en-ro/DSM/tutorial/How_do_I_customize_the_alias_port_or_domain_for_specific_Synology_services – Dre Jun 05 '23 at 21:57