Related Synology NAS - SSH in with SSH key

There is a Synology vendor package called WebStation that is a very simple UI for setting up services/networking. It provides a default server running Nginx to serve static files from the web folder. I ran in to some issues attempting to add a try-rule to the Nginx config - all the config files would get overwritten on restart.

The change was made to the template file /volume1/@appstore/WebStation/misc/nginx_default_server.mustache. This file is a template file that is turned in to /etc/nginx/sites-enabled/server.webstation.conf

location / {
	try_files $uri $uri.html $uri/ =404;
}

This allows nginx to serve an html file without the .html extension. This is desired because quartz outputs code that expects a webserver to serve an html file without the extension. The built-in WebStation does not do that, and has no option for it.

I added this try-rule in a location block in /volume1/@appstore/WebStation/misc/nginx_default_server.mustache. This is a template file that WebStation uses to create the default web server Nginx file. There was not a good/documented/known place to add custom nginx rules.

/volume1/@appstore/WebStation/misc/nginx_default_server.mustache ^ modifying this results in /etc/nginx/sites-enabled/server.webstation.conf

/volume1/@appstore/WebStation/misc/nginx_default_server.mustache
server {
 
listen  unix:/run/webstation_default.sock;
 
root /var/services/web;
 
index index.html index.php index.cgi;
 
  
 
set_real_ip_from unix:;
 
real_ip_header X-Real-IP;
 
  
 
fastcgi_param QUERY_STRING $query_string;
 
fastcgi_param REQUEST_METHOD $request_method;
 
fastcgi_param CONTENT_TYPE $content_type;
 
fastcgi_param CONTENT_LENGTH $content_length;
 
  
 
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
 
fastcgi_param REQUEST_URI $request_uri;
 
fastcgi_param DOCUMENT_URI $document_uri;
 
fastcgi_param DOCUMENT_ROOT $document_root;
 
fastcgi_param SERVER_PROTOCOL $server_protocol;
 
fastcgi_param HTTPS $http_x_https if_not_empty;
 
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
 
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
 
  
 
fastcgi_param REMOTE_ADDR $remote_addr;
 
fastcgi_param REMOTE_PORT $http_x_real_port;
 
fastcgi_param SERVER_ADDR $http_x_forwarded_by;
 
fastcgi_param SERVER_PORT $http_x_port;
 
fastcgi_param SERVER_NAME $host;
 
fastcgi_param REDIRECT_STATUS 200;
 
fastcgi_intercept_errors on;
 
fastcgi_read_timeout 3600s;
 
  
 
{{> /var/packages/WebStation/target/misc/nginx_web_error_page}}
 
location ^~ /_webstation_/ {
 
alias /var/packages/WebStation/target/error_page/;
 
}
 
location ~* \.(php[345]?|phtml)$ {
 
{{#php_handler}}
 
fastcgi_pass unix:/run/php-fpm/{{php_handler}}.sock;
 
{{/php_handler}}
 
{{^php_handler}}
 
return 500;
 
{{/php_handler}}
 
}
 
location ~* \.cgi {
 
fastcgi_pass unix:/run/fcgiwrap.sock;
 
}
 
  
 
# New Rewrite Rule to Serve Files without .html Extension
 
location / {
 
try_files $uri $uri.html $uri/ =404;
 
}
 
}
/etc/nginx/sites-enabled/server.webstation.conf
server {
 
listen  unix:/run/webstation_default.sock;
 
root /var/services/web;
 
index index.html index.php index.cgi;
 
  
 
set_real_ip_from unix:;
 
real_ip_header X-Real-IP;
 
  
 
fastcgi_param QUERY_STRING $query_string;
 
fastcgi_param REQUEST_METHOD $request_method;
 
fastcgi_param CONTENT_TYPE $content_type;
 
fastcgi_param CONTENT_LENGTH $content_length;
 
  
 
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
 
fastcgi_param REQUEST_URI $request_uri;
 
fastcgi_param DOCUMENT_URI $document_uri;
 
fastcgi_param DOCUMENT_ROOT $document_root;
 
fastcgi_param SERVER_PROTOCOL $server_protocol;
 
fastcgi_param HTTPS $http_x_https if_not_empty;
 
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
 
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
 
  
 
fastcgi_param REMOTE_ADDR $remote_addr;
 
fastcgi_param REMOTE_PORT $http_x_real_port;
 
fastcgi_param SERVER_ADDR $http_x_forwarded_by;
 
fastcgi_param SERVER_PORT $http_x_port;
 
fastcgi_param SERVER_NAME $host;
 
fastcgi_param REDIRECT_STATUS 200;
 
fastcgi_intercept_errors on;
 
fastcgi_read_timeout 3600s;
 
  
 
include conf.d/.webstation.error_page.default.conf*;
 
  
 
include conf.d/.webstation.error_page.default.resource.conf*;
 
  
 
location ^~ /_webstation_/ {
 
alias /var/packages/WebStation/target/error_page/;
 
}
 
location ~* \.(php[345]?|phtml)$ {
 
  
 
return 500;
 
  
 
}
 
location ~* \.cgi {
 
fastcgi_pass unix:/run/fcgiwrap.sock;
 
}
 
  
 
# New Rewrite Rule to Serve Files without .html Extension
 
location / {
 
try_files $uri $uri.html $uri/ =404;
 
}
 
}

On startup, check for try-rule

I added this script to run on startup. This is so that if WebStation updates the file, we can still have the rule. It only appends if the try-rule does not exist.

if ! grep -q -e 'location / { try_files $uri $uri.html $uri/ =404; }' /volume1/@appstore/WebStation/misc/nginx_default_server.mustache; then
 
echo "Default web server config does not contain try rule. Adding."
 
sed -i -e '$i\ location / { try_files $uri $uri.html $uri/ =404; }' /volume1/@appstore/WebStation/misc/nginx_default_server.mustache
 
else
 
echo "Default web server config contains try-rule."
 
fi

Other attempts

IpTable modification trick

This routes traffic from port 80 and 443 to a webserver listening at 8080 and 8443. This is a good solution that would allow Synology’s stuff to stay in place, while a self-deployed webserver is deployed alongisde.

iptables -t nat -A PREROUTING -i eth+ -p tcp —dport 80 -j REDIRECT —to-port 8080
iptables -t nat -A PREROUTING -i eth+ -p tcp —dport 443 -j REDIRECT —to-port 8443

Disable DMS listening on ports 80 and 443

Also, ran in to issues try-rule for default nginx web server on Synology NAS > Attempting to restart Nginx

https://gist.github.com/hjbotha/f64ef2e0cd1e8ba5ec526dcd6e937dd7?permalink_comment_id=4534225 This Gist describes the process. I ended up using this idea, but just to modify the existing server so we didn’t have to deploy a new one. This solution would be good if we wanted a more custom setup for MarsSpace.

Disable

sed -i -e 's/80/81/' -e 's/443/444/' /usr/syno/share/nginx/server.mustache /usr/syno/share/nginx/DSM.mustache /usr/syno/share/nginx/WWWService.mustache

Enable

sed -i -e 's/81/80/' -e 's/444/443/' /usr/syno/share/nginx/server.mustache /usr/syno/share/nginx/DSM.mustache /usr/syno/share/nginx/WWWService.mustache

Attempting to restart Nginx

  1. Make some changes to Nginx configuration
  2. Attempt to reload Nginx. It is controlled via systemd so nginx -s reload does not work. Attempted to do systemctl restart nginx but that just hung up and maybe made all of the services restart due to the Nginx reverse proxy. This did not work, and it stopped /video and other services from running.
  3. Restarted NAS and everything is back to how it is supposed to be.