Moving from Synology to Windows

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: mightyfortress.ddns.net

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Synology 6.2.4 to Win 10 Home

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I was running my apps on Synology under Docker, and had everything set up and working. I'm moving them to a Win 10 Home box. I have searched around a little, but I'm not seeing how to redirect/transfer my incoming secure requests to my new Windows box. I do know how to forward the incoming ports to the correct IP address with my router. But, to my superficial understanding, without the certificate set up on the Windows box, that's only one piece in the puzzle?

Do I just remove the certificates from my Synology control panel and set up my Windows machine as if it's a brand new Let's Encrypt installation? If so, does anyone have a HOWTO/tutorial address handy?

Alternatively, is there a way to let the secure request go ahead and hit the Synology, and it then strips the encryption and redirects everything to/from the Windows IP address?

I'm fine, either way. Going directly to the Windows box is probably the most flexible, going forward. Fewer dependencies.

Thanks,
Drake

1 Like

Hi,

If you are migrating from Synology Docker to Windows 10, there are a few questions:

  1. Where did your docker handle requests? For example, did you just forward requests directly onto Docker? Or you used Synology's port forwarding (proxy) and terminated SSL connection there?
  2. What will you use when you move it to Windows box? Will you use Nginx/Apache or IIS as proxy or something else?
  3. When you migrated to Windows box, did you also changed port-forwarding to Windows box? (Thus, there are no other port forwarding to your Synology?)

In my understanding, if you only have this application on your Synology box that need port forwarding, then you move it to your Windows box: You can just delete your certificate from your Synology machine, then setup Windows machine as the new certificate. Although you might want to find out a way for you to automate the process (on Windows) but it depends on how you handle the requests (again, are you terminating it on your host? or inside docker?). I just need some more information on those kind of things.

Yes. You can setup your Synology proxy to connect to another IP when a request matching the rules hit. (In Settings -> Application Portal -> Reverse Proxy). This do needs some work and will increase connection time. So if you only have one application need to expose to this port, I would say it's better to go through direct setup.

2 Likes

Yeah, sorry, I was a little vague. I'm moving my Plex/Radarr/Sabnzbd collection to the Windows machine. I have an app on my phone to talk to Radarr and Sab.

It was a few months ago that I set it up. Now that you mention Reverse Proxy, that was the mechanism I used on the Synology. From what I've read, that's by far the most straightforward, at least with the Synology. I assume that's true with Windows, too?

So, I guess I need a pointer to a Windows Reverse Proxy tutorial for Let's Encrypt? (off to search, but maybe someone will point me to a good one, here)

2 Likes

Yup. At least with my experience on Synology, I would prefer their reverse-proxy when handling the websites than Nginx Docker instance.

For Windows, if you have multiple Docker instance, you can either choose to use an Reverse proxy on your Host, or use one in Docker... I personally would prefer install one on your host and expose Docker web ports to your host because it's the easiest, but you might have other preferences.

I couldn't find a straight forward way as I'm not a Windows/IIS person, but seems like there are some answers on StackOverflow with Windows host + Nginx container reverse proxy (aka deal with your things in Docker Nginx)

If you choose to go this way, you might want to share your ACME client folder and some web-server configuration files inside your Windows path, just in case you need to delete the web server container and recreate it (since otherwise you need to reconfigure your certificates and web server again).

An additional benefits for this is you will be able to use Name-based DNS(You can use http://plex than an dynamic internal IP) and you only need to expose port 80/443 to your host machine.

1 Like

I'm moving FROM Docker to native Windows. But, not Windows Server IIS. Just plain ole Windows Home.

I saw a lot of hits on Nginx. Kinda sounds like that might be the tool I need. I also saw caddy mentioned a lot. Still not sure if that's another necessary tool, or if that's needed only for a more ambitious setup.

2 Likes

Oh. So you are not migrating to Windows Docker :joy: My bad.

In that case, you can just choose Windows IIS for proxy (port-forwarding). Just make sure two things:

  1. You are able to automate the install and renewal of Let's Encrypt certificate with your preferred ACME client and IIS (Maybe DNS API would work best, if you want complete pass-through for IIS).
  2. The web ports for each service will not block port 80 and 443 (You need that two ports for HTTP/HTTPS)

The best way to do IMHO is to setup SSL termination at IIS and pass plain old HTTP to those application.

I've searched a bit and find some information on configure IIS Radarr and Plex. Those are from internet sources (aka not my own), so proceed with caution

  1. Radarr: Setting up a HTTPS reverse proxy with IIS for Radarr and Sonarr | by Jett Jackson | Medium
  2. Plex: Plex behind IIS reverse proxy

P.S. I suggest go through Radarr one first, because it actually tells you how to install/setup IIS.

1 Like

I appreciate your help. That's good information. Better than I found. I think I can follow that.

But, as I'm testing this, it looks like even though I thought an i5 with a GPU and plenty of RAM would be plenty of machine, I'm seeing that sab is taking up far more CPU cycles than I expected. I can probably leave Radarr on the same machine as Plex, but I'm going to have to move sab somewhere else. I'm thinking a Raspberry Pi would be appropriate. If that gets saturated, I just won't care. I'm never sitting on the edge of my seat waiting for a download to finish.

So, now I also get to figure out how to set up the reverse proxy on that, too. And, I am not at all an experienced Linux user.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.