Synology NAS services occupy ports 80 and 443 by default. Learn how to free ports 80 and 443 on Synology to allow for running a reverse proxy such as Traefik.
Synology is one of the best NAS devices to run Docker. This is the main reason why I went with Synology.
But one of the most basic hurdles in setting up Traefik (or Nginx Proxy Manager) on Synology is the availability or rather non-availability of ports 80 and 443.
September 19, 2023: Address WordPress issues that was messing up the script. August 16, 2023: Guide updated for DSM 7.2.
In this post, I will show you how to free ports 80 and 443 on Synology NAS to allow for running a reverse proxy such as Traefik.
The following 4 services are listed as using ports 80 and 443:
Mail Station
Photo Station
Web Station
Synology Drive Server
Behind all of these is Nginx web server (to show these services via Web UI). Therefore, by default, on Synology ports 80 and 443 are occupied by Nginx.
In addition, Synology Reverse Proxy also uses ports 80 and 443.
Synology Reverse Proxy
If are using (or tried in the past) Synology Reverse Proxy, ensure that all proxies are deleted before proceeding. Otherwise, you will not be able to open ports 80 and 443 on Synology.
Free Ports 80 and 443 on Synology
Now that you know which Synology Services use ports 80 and 443, let us see how to free them up so we can use a reverse proxy like Traefik or Nginx Proxy Manager. SSH into your Synology NAS and let's proceed.
Step 1. Checking if Synology Ports 80 and 443 are Free
First, let us check if ports 80 and 443 are indeed occupied, using the following command:
sudo netstat -tulpn | grep '80\|443'
We are listing all used Synology ports and filtering just those with 80 and 443 to not have to dig through the whole list.
Check If Ports 80 And 443 Are Open On Synology
The above output shows that ports 80 and 443 are being used by Nginx. In other words, ports 80 and 443 are not free on Synology.
Let's also check Nginx configuration files located in /usr/syno/share/nginx/ for instances where ports 80 and 443 are mentioned. We do this using the following grep command:
sudo grep -ri "listen 80" /usr/syno/share/nginx/
Next, we run the same command with listen 443.
Nginx Using Ports 80 And 443 On Synology
If you have made any changes to the configuration files in the past, you should see about 4 mentions each for ports 80 and 443, as shown above.
Step 2. Backup Default Configuration
IMPORTANT! Do not ignore this step. This will help you recover faster if there are any issues.
Backup Nginx Configuration
Just in case something goes wrong, let's backup the default Nginx configuration files on Synology. Use the following command to make a backup of the Nginx folder:
sudo cp -a /usr/syno/share/nginx /usr/syno/share/nginx_backup
If something goes wrong, just rename the nginx_backup folder to nginx and restart Nginx using the command below.
Backup DSM Configuration
I have automatic backups enabled for my Synology DSM configuration. But I recommend you to take a manual backup as well from Control Panel -> Update & Restore -> Configuration Backup.
Synology Dsm Configuration Backup
Save it in an accessible location.
Step 3. Free Ports 80 and 443 on Synology
The manual way to free ports 80 and 443 on Synology would be open the 4 instances shown above in Step 1 and change 80 to 81 and 443 to 444. Then issue, the following command to restart Nginx:
sudo synosystemctl restart nginx
Unfortunately, you will lose the changes after a reboot.
Script to Change Ports 80 and 443 on Synology
To automate the process of freeing ports 80 and 443 on Synology, let's create a bash script. Create an empty file in a known location and call it, for example, switch_ports.sh.
Copy the following contents to it.
WordPress was messing up the code. So, I am including the image of the script below. You can find the copyable script in my GitHub Repo.
Of course, replace /volume1/docker/scripts/synology/ with the path to the folder containing your switch_ports.sh. The output should look similar to what is shown below:
Script To Change Synology Nginx Ports 80 And 443
After Nginx is restarted, ports 80 and 443 should be free on Synology NAS. Optionally, you may repeat Step 1 for verification and you should see nothing as output.
Step 4. Automate Freeing Ports 80 and 443 on Synology
Now that we have a script that can automate the steps to free ports 80 and 443 on Synology NAS for us, let's add it to task scheduler.
As said before, the changes are overwritten during a reboot. Therefore, we are going to make this script run during reboot so we overwrite the overwritten changes :-p.
From Control Panel -> Task Scheduler, create a new task. Call it whatever you want, set it to be run as root during Boot-up event, as shown below.
Synology Task To Free Ports 80 And 443 On Synology During Boot
In the Task Settings tab, optionally, specify an email ID to be notified in case of an error (if you have Email notifications properly configured). For run command, specify bash /volume1/docker/scripts/synology/switch_ports.sh, with the correct path to the script.
Synology Task To Change Ports 80 And 443 On Synology During Boot
Save the task. Ensure that it is enabled with a check mark in the list of tasks.
Let's reboot Synology and NAS check.
Step 5. Verify if Synology Ports 80 and 443 are Open
To verify if the above script worked and Synology Ports 80 and 443 are open, go back and redo Step 1.
In the example output below, I am first searching for port 443 and nothing is shown - meaning no services are listening in port 443 (Yah!).
Now when I repeat the command with 444 instead, I see that Nginx is listening on port 444.
Synology Ports 80 And 443 Are Now Free
Similarly, you check ports 80 and 81.
Troubleshooting
If you tried another way and messed up your setup, then using this guide will NOT automatically fix the mess before changing the ports. The reason is, this script relies on recognizing patterns in the configuration files and changing them. If the pattern in the configuration is messed up to begin with (because of other reasons or attempts), then this script will produce unexpected results.
When the configuration files are missed up, services such as File Station, Video Station, etc. become inaccessible.
Broken Synology Services Due To Incorrect Port Configuration
Restoring from Nginx Backup
The above is exactly the situation backups are so important and why I recommended you to take a backup of /usr/syno/share/nginx folder before starting. I hope you did.
Use the following commands in sequence (disable switch_ports.sh script from running during boot first) :
If your services do not already become accessible, reboot your NAS and you should be good. You may then start over with the script.
Resetting DSM
The other option is to reset your DSM using the following steps:
In Task Scheduler, disable the script from running during boot.
Backup DSM configuration from Synology Web UI, if you did not already do this as described previously.
Reset Synology DSM: Press the power button and hold for about 3 seconds until 1 beep. Let go and press the power button immediately for about 3 seconds. You should here 3 fast beeps indicating a reset of DSM.
Access your web interface and import the DSM settings you saved in step 2.
All your services should be working as before. Now go back to triple-checking the script for any mistakes and retry.
FAQ
Does Synology use port 443?
Yes, Synology services such as Mail Station, Photo Station, Web Station, and Synology Drive Server use port 443.
What is the default HTTPS port for Synology?
The default HTTPS for Synology DSM is 5001. Nginx service on Synology uses port 443.
What ports does Synology web Interface use?
The main Synology web interface (Synology DSM) uses port 5000 (HTTP) and 5001 (HTTPS) by default. Other services could use different ports.
Concluding Remarks
At this point, we have successfully freed up ports 80 and 443 on Synology NAS and it is ready to run another reserve proxy such as Traefik or Nginx Proxy Manager.
With Traefik and Nginx Proxy Manager, you can put your Synology Services such as DSM, Photo Station, etc. behind a reverse proxy with the security of a LetsEncrypt SSL certificate.
Anand is a self-learned computer enthusiast, hopeless tinkerer (if it ain't broke, fix it), a part-time blogger, and a Scientist during the day. He has been blogging since 2010 on Linux, Ubuntu, Home/Media/File Servers, Smart Home Automation, and related HOW-TOs.
