TOS 5.0.176 - Access to HTTPS NAS WEB UI with a Nginx Proxy

IPv4/6, Port, VPN, proxy, SSH, remote access and more.
Locked
User avatar
fec
Posts: 5
Joined: 31 May 2021, 23:24

TOS 5.0.176 - Access to HTTPS NAS WEB UI with a Nginx Proxy

Post by fec »

TOS 5.0.176 - Access to HTTPS NAS WEB UI with a Nginx Proxy

Hello,

I want to access to my NAS using a HTTPS from Cloudfare for that I need that the Nginx Proxy that I am running as a docker container work as a proxy for the NAS Web UI.

The Nginx seems to work semi-fine, as when I go to the servername of my domain, I got the /tos/ and the wait loading, but then I got a white page so it seems something is not loading correctly, maybe something related with Javascript or so.
Can you please check it?

My Nginx Configuration for the NAS Server Name listening on HTTPS(443) is:
# TOS - WEB
upstream tos_https_docker_network {
server 172.17.0.1:<HTTPS_NAS_PORT>; # WEB-TOS-NAS-HTTPS - 172.17.0.1 IS THE IP of the NAS on the DOCKER NETWORK
}

location / {
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
# NOT WORKING proxy_set_header Connection $connection_upgrade;

add_header Content-Security-Policy "default-src 'self' *.googleapis.com *.<MY-DOMAIN>.es *.cloudflare.com *.terra-master.com *.cloudfront.net *.baidu.com *.bdimg.com *.virtualearth.net *.ditu.live.com *.bing.com 'unsafe-inline' 'unsafe-eval' blob: data: ws: wss:;" always;

proxy_pass https://tos_https_docker_network;
}
User avatar
wilson
Posts: 1
Joined: 03 Jan 2023, 12:45

Re: TOS 5.0.176 - Access to HTTPS NAS WEB UI with a Nginx Proxy

Post by wilson »

Have you tried disabling DOS protection in your router firewall?

Apparently the router is stopping the incessant calls from CF.

I found the info here:
https://www.synoforum.com/threads/exter ... rase.9625/

"The solution was to simply to disable my Asus router's "DoS Protection" found under Firewall > General > Enable DoS Protection. Not exactly sure why it slowed Cloudflare's proxy when enabled, but based on Asus' website, the DoS Protection is meant to do three things:
- SYN-Flooding Protection :Only allow one TCP/SYN packet to pass per second.
- Port Scanner Protection : Protect router from port scanning via external port scan tool
- Ping of Death : Only allow one ICMP packet(type 8) to pass per second or drop the length of ICMP packet over 65535
My guess is that Cloudflare was trying to send TCP requests to my router in a too aggressive way(?). Not sure. I don't see why Cloudflare would need to port scan or Ping my router to death."

I have also tested my TNAS Box using one of my domains under CF and now everything loads instantaneously (previously I have very slow loading and missing icons).
Locked