Trouble setting up reverse proxy on Synology NAS

Hi, I’m new here and looking for a little help. Before I dive into my issue, please know that I did search high and low for a solution online, using google, chatgpt and anything else at my disposal. So far, I’m coming up empty :slight_smile:

I believe what I am trying to accomplish is very easy, but somehow I can’t get it to work.

1. The problem I’m having:

I have a Synology NAS running multiple containers in docker. Simply put, I want to be able to create “easy” URL’s to point to each of the services in those containers. For example, let’s say I have Glances running on, I’d like to be able to enter glances.local or similar and just be routed to the correct IP and port. I’m doing all this inside my network. I have no requirement to expose anything to the internet as I use a VPN. I also don’t care about HTTPS, or certificates, as everything is happening behind my firewall.

I’ve read online that there are basically three ways to do this…

  1. With Traefik
  2. With NGINX
  3. With Caddy

I’ve tried all three and cannot get any of them to work. I think part of the issue is that Synology blocks ports 80 and 443 for use by the DSM software. It redirects port 80 to port 5000 and 443 to 5001. I’ve tried different networking modes too, including bridge, host, traefik_internal, etc. Still no dice.

2. Error messages and/or full log output:

I don’t have any error logs because I cannot even get Caddy to build. What I really need is a compose.yaml file that will work on a Synology

3. Caddy version:


4. How I installed and ran Caddy:

I created a docker compose file and a Caddyfile, but could not get them to work.

a. System environment:

Synology NAS, Docker

You won’t be able to get Caddy to run, because this is a network issue. And after that, also a DNS issue.

Two possible solutions:

  1. Hack the synology so 80 and 443 are free and then put the reverse proxy on it:
    (I don’t know if that works, I just googled for it and that was one of the solutions offered)

  2. Put the reverse proxy in front of the Synology, maybe on a Raspberry Pi?

Afterwards you also need a local DNS Server that can tell your clients where to find “glaces.local”, because it will be the IP Address of your Reverse Proxy now.

Since this is a scenario with intermediate difficulty in terms of network, dns etc… you should think about if the effort will be worth it in the end. I would just bookmark the services in a browser for easy access without using the reverse proxy.


First off, thanks so much for the response… Aside from the convenience of setting this up, I really want to learn how to do it. I find this stuff fun, although after 4 days of searching I am starting to question that a bit now…

I believe I can handle the DNS piece. I’m running PiHole in a docker container and have other local DNS entries that work, like pointed at my router. My router points to PiHole as its DNS. The Synology itself has Google DNS ( configured. That was part of the instructions I used to setup PiHole.


No problem. The main issue is your network infrastructure. You are currently failing because you don’t have the requirements for a reverse proxy ready.

Lately, there are a lot of people falling into the trap of deploying a lot of containers somewhere because it’s easy (especially on highly integrated solutions like NAS), but forget about the network infrastructure since its mostly handled automatically by these integrated products.

A lot of these issues stem from not giving OSI Layer 1,2,3 enough attention.

So, you should start from bottom to top to solve your problems. A reverse proxy like Caddy is all the way up at the highest layer.

1 Like

Sounds logical. I think solving the port 80 and 443 issue will go a long way to addressing the issue. I asked ChatGPT how to do that, but didn’t really get anywhere. They are very generic and not accurate. I am probably going to have to hack a config file or two somewhere. I’ve heard that you can disable the binding, but the main issue is that it returns on a reboot. I don’t know why Synology locks their devices down like this.

I’m wondering if using “Web Station” might be a way to bypass the port binding. I might look into that.

If you have any tips on where to start, I’d be very grateful :slight_smile:

Sorry I don’t know, maybe this is better asked in a Synology forum. :man_shrugging:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.