Like most people i suffer from the one IP address on your home internet connection syndrome.
For normal people this is not a problem but geeks like us like to run their https sites and then this can be a pain on a single IP Address.
Now you think, a problem? Cmon…. So for the not so geekies, normally you can only run a single https site on one IP address. You simply only have one port 443 🙂
You can run your sites on a different port but that’s just ugly.
This problem can be simply solved by using a reverse proxy.
In computer networks, a reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client as though they originated from the proxy server itself. While a forward proxy acts as an intermediary for its associated clients to contact any server, a reverse proxy acts as an intermediary for its associated servers to be contacted by any client.
So you can set up a small linux machine that runs Nginx or HAProxy and that does the trick just fine for free. Even a nice Kemp loadmaster or F5 load balancer does this trick but then you have to have a big wallet and no wife 🙂
But.. Then i found out my Synology NAS can do this also and even stupid simple!
Synology build this functionality in it’s NAS software since DSM 6. Based on nginx.
So here is how you config a Synology as a reverse proxy.
In the control panel go to the application portal and click “reverse proxy”
Now fill in the details:
You can either choose http or https as a protocol. Source is your external url you want the Synology to respond to and destination it the internal IP address of the machine you want to serve.
Now click on “OK”
You can do this as much as you need to. in my case i run my blog, a VMware Horizon environment and a Exchange server. all on HTTPS on port 443.
Next thing you need to do is add the appropriate certificates on the Synology for your https websites.
Synology expects you to import the certificate with a private key. if you have your PFX you can convert it with the beneath commands using openssl. With the new DSM you can also setup certificates with let’s encrypt! The renewal process will be done automatically every 3 months so no worries on that! Just be sure to put in all SAN domains.
export the private key file from the pfx file
openssl pkcs12 -in filename.pfx -nocerts -out key.pem
Export the certificate file from the pfx file
openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem
Remove the passphrase from the private key
openssl rsa -in key.pem -out server.key
Use the cert.pem and server.key with your intermediate cert to get it imported.
When imported you need to go to configure and map the right certificate to the correct service.
And press “OK”
Now just simply map the port 443 in your router to your Synology and you are up and running! Multiple https sites on 1 IP address.