Prevent default redirection from port 80 to 5000 on Synology NAS (DSM 5)

Question

I would like to use a nginx front server on my Synology NAS for reverse-proxying pruposes. The goal is to provide a facade for the non-standard port numbers used by diverse webservers hosted the NAS. nginx should be listening on port 80, otherwise all this wouldn't make any sense.

However DSM comes out of the box with an Apache server that is already listening on port 80. What it does is really silly : it simply redirects to port 5000, which is the entry point to the NAS web manager (DSM).

What I would like to do is disable this functionality, making the port 80 available for my nginx server. How can I do this ?

Answer 1

Since Google redirects to here also for recent Synology DSM, I answer for DSM6 (based on http://tonylawrence.com/posts/unix/synology/freeing-port-80/)

From DSM6, nginx is used as HTTP server and redirection place. The following commands will leave ngingx in place, put run it at port 8880 instead of 80.

1. ssh into your Synology
2. sudo -s
3. cd /usr/syno/share/nginx
4. Make a backup of server.mustache, DSM.mustache, WWWService.mustache
   • cp server.mustache server.mustache.bak
   • cp DSM.mustache DSM.mustache.bak
   • cp WWWService.mustache WWWService.mustache.bak
5. sed -i "s/80/8880/g" server.mustache
6. sed -i "s/80/8880/g" DSM.mustache
7. sed -i "s/80/8880/g" WWWService.mustache
8. Optionally, you can also move 443 to 8881:
   • sed -i "s/443/8881/g" server.mustache
   • sed -i "s/443/8881/g" DSM.mustache
   • sed -i "s/443/8881/g" WWWService.mustache
9. Quit the shell (e.g., via Ctrl+D)
10. Go to the Control Panel and change any setting (e.g. the Application portal -> Reverse Proxy to forward http://YOURSYNOLOGYHOSTNAME:80 to http://localhost:8181 - 8181 is the port suggested by the pi-hole on DSM tutorial).

Answer 2

tl;dr Edit /usr/syno/etc/synoservice.d/httpd-user.cfg to look like:

   {
        "init_job_map":{"upstart":["httpd-user"]},
        "user_controllable":"no",
        "mtu_sensitive":"yes",
        "auto_start":"no"
    }

Then edit the stop on runlevel to be [0123456] in /etc/init/httpd-user.conf:

Syno-Server> cat /etc/init/httpd-user.conf 
description "start httpd-user daemon"
author "Development Infrastructure Team"
console log
reload signal SIGUSR1

start on syno.share.ready and syno.network.ready
stop on runlevel [0123456]
...

... then reboot.

Background infrormation

The answer given by Backslash36 is not the easiest solution and it may also be more difficult to maintain. Here, I give a solution that also doesn't involve starting webstation, which most other solutions demand. Note, for updated documentation see here, which gives a lot of info in general about the synology systems.

It is important to note that the new DSM (> 5.x) use upstart now, so much of the previous documentation is not correct. There are two httpd jobs which run by default on the synology machines:

1. httpd-sys : serves the administration page(s) and is located on 5000/5001 by default.
2. httpd-user : this, somewhat confusingly, always runs even if the webstation program is not enabled.

If webstation:

1. is enabled: then this program serves the user webpages.
2. is not enabled: then this program sets /usr/syno/synoman/phpsrc/web as its DocumentRoot (/usr/syno/synoman/phpsrc/web/index.cgi -> /usr/syno/synoman/webman/index.cgi), meaning that a call to http://address.of.my.dsm will call the index.cgi file. This cgi file is what drives the redirect to 5000 (or whatever you have set the admin_port to be).

From the command line, you can check what the [secure_]admin_port is set to:

Syno-Server> get_key_value /etc/synoinfo.conf admin_port
5184
Syno-Server> get_key_value /etc/synoinfo.conf secure_admin_port
5185

where I have set mine differently.

Ok, now to the solution. The best solution is simply to stop the httpd-user daemon from starting. This is presumably what you want anyways (e.g. to start another server like `nginx' in a docker). To do this, edit the relevant upstart configuration file:

Syno-Server> cat /usr/syno/etc/synoservice.d/httpd-user.cfg 
{
        "init_job_map":{"upstart":["httpd-user"]},
        "user_controllable":"no",
        "mtu_sensitive":"yes",
        "auto_start":"no"
}

so that the "auto_start" entry is "no" (as it is above). It will presumably be "yes" on your machine and by default. Then edit the stop on runlevel to be [0123456] in /etc/init/httpd-user.conf:

Syno-Server> cat /etc/init/httpd-user.conf 
description "start httpd-user daemon"
author "Development Infrastructure Team"
console log
reload signal SIGUSR1

start on syno.share.ready and syno.network.ready
stop on runlevel [0123456]
...

This last step is to ensure that the httpd-user service does actually start, but then automatically stops. This is because there are otherwise a number of services that depend upon it actually starting. Reboot your machine and you will now see that nothing is listening (or forwarding) on Port 80.

Answer 3

Done ! It was tricky, but now I have it working just fine. Here is how I did it.

What follows requires to connect to the NAS with ssh, and may not be recommended if you want to keep warranty on your product (even though it's completely safe IMHO)

TL;DR : In the following files, replace all occurences of port 80 by a non standard port (for example, 8080). This will release the port 80 and make it available to use by whatever you want.

• /etc/httpd/conf/httpd.conf
• /etc/httpd/conf/httpd.conf-user
• /etc/httpd/conf/httpd.conf-sys
• /etc.defaults/httpd/conf/httpd.conf-user
• /etc.defaults/httpd/conf/httpd.conf-sys

Note that modifying a subset of these files is probably sufficient (I could observe that the first one is actually computed from several others). I guess modifying the files in /etc.defaults/ would be enough, but if not, worst-case scenario is to modify all those files and you will be just fine.

Once this is done, don't forget to restart your NAS !

---

For those interested in how I found out

I'm not that familiar with the Linux filesystem, and even less with Apache configuration. But I knew that scripts dealing with startup processes are located in /etc/init. The Apache server that was performing the redirection would be certainly launched from there.

• This is where I had to get my hands dirty. I performed some cat <filename> | grep 80 for the files in that directory I considered relevant, hoping to find a configuration line that would set a port number to 80.

• That intuition paid off : /etc/init/httpd-user.conf contained the line echo "DocumentRoot \"/usr/syno/synoman/phpsrc/web\"" >> "${HttpdConf}" #port 80 to 5000. Bingo !

• Looking at the top of the file, I discovered that the HttpdConf variable was referring to /etc/httpd/conf/httpd.conf. This is where the actual configuration was taking place.

From there it is relatively straightforward, even for those John Snow out there that know nothing about Apache configuration. The trick was to notice that httpd.conf was instantiated from some template at startup (and changing this file was therefore not enough). Performing a find / -name "*httpd.conf*", combined with some grep 80 gave me the list of files to modify.

When you look back all this looks obvious of course. However I wish Synology gave us more flexibility, so we don't have to perform dirty hacks like that...