CS

Accessing Synology Docker Service via Domain Name in LAN

Accessing Synology Docker Service via Domain Name in LAN
From 少女歌劇

People who have deployed network service with DNS (Domain Name System) on their own NAS might have noticed one interesting fact: although we can access these services via domain name from WAN (Wide Area Network), in LAN (Local Area Network) domain name does not work and we have to use NAS IP + Port.

For example, NAS has IP 192.168.x.xx and service A is running on port 8000, then we can use http://192.168.x.xx:8000 to access the service.

In most cases, it is enough to use this method to access local service, but self-held websites like Ghost mostly enforce https to ensure security. This means that when trying to access http://192.168.x.xx:8000 (assume it points to Ghost service), we will be redirect to https://192.168.x.xx:8000, but https does not work for local services. It is possible to enable https for local services, and this might solve this problem.

Where is the problem?

Before talking about how to solve this problem, let's understand why using domain name to access local services in LAN does not work as expected.

  • When a client uses domain names to access a service, it performs a DNS query firstly. The domain name will be resolved to a public IP address.
  • TCP three way handshake starts:
  1. The client sends SYN packet from client IP through the router to the public IP.
  2. Then, with the help of router, the server in LAN will receive the SYN packet and reply with SYN+ACK packet. Since the server is in LAN, the reply uses private IP as source IP in the packet.
  3. The client receives packet, and finds that the source IP, which is the private IP, does not match the public IP it aims to communicate with, so the connect will be aborted.

How to solve?

  1. NAT Reflection / NAT Loopback

Some routers have the function called NAT Reflection or NAT loopback. After turning on this function, the rounter will intercept the request when the client in LAN uses public IP or domain names to access local services, and change IP to make connect successful.

  1. Synology DNS Server

If your router does not have NAT Reflection function, another solution is to deploy the DNS Server on Synology.

Download DNS Server. Add root domain and subdomains.

Add domain
Add subdomains

Enable DNS Resolution. Set DNS forwarder 1 to router ip.

DNS Resolution

On your client device (PC), edit IPv4 property of your network connection.

Set DNS Server to your NAS IP, and second one to router.

IPv4 setting

Restart rounter and PC, then you can use domain names to access local service in LAN!

The second method is not stable.

If you find that using domain names cannot work at some point, try:

  • Open up IPv4 setting and click comfirm without changing anything.
  • Then, disconnect and connect the internet .