Accessing Synology Docker Service via Domain Name in LAN
People who have deployed network service with DNS (Domain Name System) on their own NAS might have noticed one interesting fact: although we can access these services via domain name from WAN (Wide Area Network), in LAN (Local Area Network) domain name does not work and we have to use NAS IP + Port.
For example, NAS has IP 192.168.x.xx
and service A is running on port 8000
, then we can use http://192.168.x.xx:8000
to access the service.
In most cases, it is enough to use this method to access local service, but self-held websites like Ghost
mostly enforce https
to ensure security. This means that when trying to access http://192.168.x.xx:8000
(assume it points to Ghost
service), we will be redirect to https://192.168.x.xx:8000
, but https
does not work for local services. It is possible to enable https
for local services, and this might solve this problem.
Where is the problem?
Before talking about how to solve this problem, let's understand why using domain name to access local services in LAN does not work as expected.
- When a client uses domain names to access a service, it performs a DNS query firstly. The domain name will be resolved to a public IP address.
- TCP three way handshake starts:
- The client sends
SYN
packet from client IP through the router to the public IP. - Then, with the help of router, the server in LAN will receive the
SYN
packet and reply withSYN+ACK
packet. Since the server is in LAN, the reply uses private IP as source IP in the packet. - The client receives packet, and finds that the source IP, which is the
private IP
, does not match thepublic IP
it aims to communicate with, so the connect will be aborted.
How to solve?
- NAT Reflection / NAT Loopback
Some routers have the function called NAT Reflection
or NAT loopback
. After turning on this function, the rounter will intercept the request when the client in LAN uses public IP or domain names to access local services, and change IP to make connect successful.
- Synology DNS Server
If your router does not have NAT Reflection
function, another solution is to deploy the DNS Server on Synology.
Download DNS Server. Add root domain and subdomains.
Enable DNS Resolution. Set DNS forwarder 1 to router ip.
On your client device (PC), edit IPv4 property of your network connection.
Set DNS Server to your NAS IP, and second one to router.
Restart rounter and PC, then you can use domain names to access local service in LAN!
The second method is not stable.
If you find that using domain names cannot work at some point, try:
- Open up IPv4 setting and click comfirm without changing anything.
- Then, disconnect and connect the internet .