nginx reverse proxy to synology with dynamic ip problems

Hey @ll,

I've got a Debian server with a static ip and multiple domains and a running ISPConfig.
For the hosting on the server itself everything is working fine

But now I've got a second server (Synology Home NAS) running at my home.
The Synology get a dynamic ip which is binded to a dynamic ip service from synology.
(Over a xxx.synology.me domain is my nas always connected)

Now to my problems...

1. Let's encrypt problem
I created a subdomain in ISPConfig and configured it with a reverse proxy to the xxx.synology.me domain.
When i activate SSL and Let's Encrypt after the proxy configuration - the acme challenge failed
(Verify error:2a03:4000:6:869d:4df:cff:fedd:9868: Invalid response from http://{my_domain}/.well-known/acme-challenge/5ld0usydq6irJlF9j9zvMJgt5MqgXsDKP8faB4fiKmo: 404)

When i activate SSL / Let's encrypt with deactivated Proxy - everything works fine.

Problem, when the certificate is outdated - the renewel also failes until i deactivate the proxy settings - and that's a no go :/

2. Nging reverse proxy ip caching
When the reverse Proxy is activated - nginx is caching the ip behind the xxx.synology.me domain...
So when the dynamic ip is changed - nginx is pointing to the old (wrong) ip...
How can i deactivate the caching from the ip over ISPConfig?

I hope someone has similar problems and a workaround for me

 

In the ISPConfig DNS manager, add a CNAME record to your domain with the dynamic DNS name of your Synology NAS, and handle the whole web site with SSL on the NAS. This is far more simpler than running through your web traffic on the ISPConfig host with a reverse proxy.
With this setup, you can run a reverse proxy on the NAS itself to separate the web server from the public internet a step further, and that reverse proxy on the NAS can handle the SSL, too.

 

Thanks for the CNAME tipp - no need for ssl renewal (on ispconfig) with reverse proxy and all stuff is pointed to the nas
The SSL thing is now managed by my synology