Introduction

Synology, a robust NAS device, offers the functionality of a reverse proxy, making it an ideal substitute for your in-house nginx server. For users aiming to implement SSL certificates on Synology, Acme serves as an excellent tool, given its support for direct SSL certificate deployment to Synology. This guide will walk you through the process of using Acme to configure SSL certificates on Synology.

References

https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_cf
https://github.com/acmesh-official/acme.sh/wiki/deployhooks#20-deploy-the-certificate-to-synology-dsm
https://github.com/acmesh-official/acme.sh/wiki/Synology-NAS-Guide

SSL Certificate Configuration

Initially, we need to create three directories:

• deploy: A container to execute the deployment of SSL certificates to Synology.
• out: A repository for the SSL certificates.
• run: A container to initiate the creation of SSL certificates.

Following this, we need to create two docker-compose.yaml files, one under the run directory, and another under the deploy directory.

The docker-compose.yaml under the run directory is as follows:

version: "3"
services:
  acme:
    image: "neilpang/acme.sh:3.0.7"
    container_name: "acme"
    restart: "always"
    command:
      - --issue
      - --server
      - letsencrypt
      - -d
      - "*.xxx.cn" # Your domain
      - --dns
      - dns_cf # Use cloudflare dns for authentication
      - --force
    environment:
      - "CF_Token=xxx" # Cloudflare token, required for DNS resolution
      - "CF_Email=xxx" # Cloudflare email
    volumes:
      - "/etc/localtime:/etc/localtime"
      - /volume1/data/server/docker/acme/out:/acme.sh

The docker-compose.yaml under the deploy directory is as follows:

version: "3"
services:
  acme-deploy:
    image: "neilpang/acme.sh:3.0.7"
    container_name: "acme-deploy"
    restart: "always"
    command:
      - --deploy
      - --insecure # Required if your Synology SSL certificate has expired
      - -d
      - "*.xxx.cn" # Your domain
      - --deploy-hook
      - synology_dsm
    environment:
      - "SYNO_Username=xxx" # Synology username
      - "SYNO_Password=xxx" # Synology password
      - "SYNO_Hostname=xxx" # Synology address


    volumes:
      - "/etc/localtime:/etc/localtime"
      - /volume1/data/server/docker/acme/out:/acme.sh

Upon completing the above steps, you simply need to run the container in the run directory to generate the SSL certificates, followed by running the container in the deploy directory. This will automatically deploy the SSL certificates to Synology.

Synology Reverse Proxy Settings

The reverse proxy settings for Synology are located under “Settings” -> “Login Portal” -> “Advanced”. You can configure your reverse proxy here.

Feel free to follow my blog at www.bboy.app

Have Fun