A walkthrough starting with buying a domain, publishing a website on a Synology NAS and having a cool email address
János SzuroveczJan 6, 2020·8 min read
I was thinking a lot what title I should give to this post as I am going to cover a bunch of things here. I intentionally did not mention any technology or service provider in the title as you can tailor it for your own needs: you may not have a Synology but a QNAP NAS or you may rather prefer Google G Suite over Zoho Mail.
I would like to show you how I set up my NAS to reach that via HTTPS, how I run my website there, how I managed to create a [email protected] email address, which looks really professional in a CV. I am also sharing with you some best practices and explanations why I decided to use the following technology stack:
- Synology DSM 6.2
- Any DNS provider
- Cloudflare
- Let’s Encrypt
- Zoho mail
Buy your custom domain
First you will need a custom domain name. I decided to use szurovecz.hubecause Szurovecz is my surename and I wanted a cool email address built from my name: janos[at]szurovecz[dot]hu. I also wanted to publish my website on janos.szurovecz.hu. Needless to say this also allows me to let my family members have their own email address and website. If [surename].com (built from your family name)is already registered then try to choose another TLD: [surename].dev or [surename].eu may still be available. Of course you can pick any available domain name you want.
I recommend you GoDaddy, Namecheap, Porkbun or Rackhost but there are thousands of DNS providers on the market. It is worth to check the price, you might be surprised about the differences.
Hey, my ISP does not give me a static IP address. What should I do?
You can pay extra money for a static IP address. It would definitely simplify your life as you will only need to edit a DNS record and you can leave that as is forever. If you do not want to pay for it or your ISP cannot provide you a static IP address then you can workaround this with Cloudflare.
What we need from Cloudflare is the ability to modify a DNS record via an API. The idea is that a background process will be checking your IP address and whenever that changes, it updates the DNS record. It is important to understand that your website may be temporarily not available for a short time until the IP address change is propagated. It should not take more than a few second or minutes, but it also means you should not use this approach for critical websites that must be available all the time.
I was using Dynu.com before I migrated to Cloudflare. Dynu.com also has an API but its free tier limits the number of DNS record you can manage. There is no such limitation in Cloudflare.
Set up Cloudflare
Create an account on cloudflare.com and add a new site. Type your domain name and select the free plan. After a quick scan all the existing records will be listed. Going forward you will be requested to change your name servers. It means you have to login to the administration interface of your domain registrar and replace the existing name servers to the cloudflare ones. Once you are done let’s wait for a while. If everything is fine then all DNS requests for your domain will first go to your registrar but the actual IP address resolution will be done by Cloudflare.
My advice is to create an A record for your NAS like nas.szurovecz.hu. Only this record will need to be updated from your NAS whenever your IP address changes. Please note that the proxy is disabled for this A record above: I do want direct access to my NAS. On the other hand the janos CNAME record is proxied, which means all requests coming to the janos.szurovecz.hu are handled by my NAS too, but users communicate only with Cloudflare not directly with my NAS. The Cloudflare proxy gives you such nice features like HTTPS, HTML compression, DDoS attack handling and last but not least it does not expose your NAS.
Update the DNS record
Docker is a great tool to run almost anything in a controlled way, in isolation on your server/workstation. In general I encourage you to check if there is a Docker-based solution when you need something. Updating the IP address in your DNS record can also be done with Docker. Moreover, Synology DSM has a nice built-in Docker integration.
Download the oznu/cloudflare-ddnsimage from the repository. Once done launch the image and click on the Advanced Settings button. You have to provide some environment variables for the image:
- API_KEY: Here you can find how you can generate a Cloudflare key: https://github.com/oznu/docker-cloudflare-ddns#creating-a-cloudflare-api-token
- SUBDOMAIN: The subdomain you set in the A record.
- ZONE: The domain name you registered.
- PROXIED: Although it is false by default, it is better to explicitly set. If you are updating a proxied record with this approach and you forget this variable then the proxy will be turned off after the first run and your origin IP will be revealed.
After this you can finish the wizard and your new container should be running. The log tab on the container details screen shows whether the domain update was successful.
The NAS domain now should be resolved to the current IP address.
Create a certificate for your NAS
Cloudflare gives you HTTPS support off the shelf but only if the record is proxied. As I wanted to reach my NAS directly, I had to take care off a valid certificate.
Let’s Encrypt gives you valid, trusted certificate for free. However the certificate need to be renewed every 90 days. There are plenty of ways doing this, fortunately DSM has built-in support.
In order to be able to create or renew your certificate, port 80 must be available on your NAS. If your NAS is behind a router then create a port forward in your router or define your NAS as a DMZ. You can find more information about these in your router’s manual. Actually this is one reason why this record cannot be proxied in Cloudflare.
Create a new Let’s Encrypt certificate. Use your NAS domain name and any of your email addresses.
If the certificate is created then you can define which certificate you would like to use for which services.
Publish your website
I really cannot explain in this post how a website can be created. You can host a static website or you can even run a dynamic one. But you have to decide the address of your site: it can be either a subdomain or the root domain. Create a CNAME record in Cloudflare and set your NAS’ domain as target. As you can see above, this record is proxied so I can utilize all those features that are provided by Cloudflare.
For a static website I recommend to use the DSM Web Station: create a new virtual host, set you document root that contains the index.html and you are done. For a more complex site you can use the power of Docker. In this case I suppose you have a running web-server in your container that need to be exposed so make that accessible from the internet.
Expose your Docker web-container
If you have a running Docker container in which there is a running web-server then you need to create a reverse proxy in DSM. You do not need to support HTTPS in your container as
- Your new reverse proxy could also support HTTPS
- Cloudflare also acts as a reverse proxy, so HTTPS support is only need to be enabled there
This setup allows HTTP requests coming from the internet to the janos.szurovecz.hu host and port 80 to reach the container on port 5180. As this subdomain is proxied in Cloudflare, only Cloudflare will reach this endpoint directly.
This way you can easily publish separated websites for your family members.
And finally the email
Hosting a mail server requires high availability, otherwise the incoming emails will be lost when your server is down. Therefore I chose a paid service instead of managing it on my own server. Of course I wanted to keep the cost low so I decided to use Zoho.
I used to use Google G Suite too. That is a really nice service though more expensive than Zoho. The yearly price for 1 user is only €12 in Zoho. For the same price I would go with Google but I am okay with Zoho.
Register an account in Zoho choosing Business Email.Personal email would result a [email protected] address. In the Control Panel you can manage your domain, but it will be asked during the sign-up process. You will need to create records in Cloudflare to prove you ownership and to reduce the risk of being recognized as a spammer. Check my Cloudflare screenshot above.
Good to know that you can create any alias, so you can use [email protected] too for free. You can even register multiple domains and use as alias, you will need to pay only on user basis.
This is like Lego bricks: you have to decide what you would like to achieve and check what you already have in your box. If you do not need a certificate then you can completely ignore that part. If you are using any Linux OS on your NAS then I am sure you will find how you can install Docker or how you can create a reverse proxy in Nginx running on your host. Even if you chose another email service provider quite similar steps will need to be taken.
Quite a few people need exactly the same things and having exactly the same infrastructure but if you understand the steps above, you are ready to customize it. So what is your plan now?
Update: If you would like to use a custom domain name for Photo Station and fixing the /photo path issue then read my related story: https://medium.com/@szjani/custom-domain-for-photo-station-on-a-synology-nas-c80deddb2d1b