| #! /bin/bash | |
| # NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION | |
| # Developed for DSM 6 - 7.0.1. Not tested on other versions. | |
| # Steps to install | |
| # Save this script in one of your shares | |
| # Edit it according to your requirements | |
| # Backup /usr/syno/share/nginx/ as follows: | |
| # # cd /usr/syno/share/ | |
| # # tar cvf ~/nginx.tar nginx | |
| # Run this script as root | |
| # Reboot and ensure everything is still working | |
| # If not, restore the backup and post a comment on this script's gist page | |
| # If it did, schedule it to run as root at boot | |
| # through Control Panel -> Task Scheduler | |
| HTTP_PORT=81 | |
| HTTPS_PORT=444 | |
| BACKUP_FILES=true # change to false to disable backups | |
| BACKUP_DIR=/volume1/apps/free_ports/backup | |
| DELETE_OLD_BACKUPS=false # change to true to automatically delete old backups. | |
| KEEP_BACKUP_DAYS=30 | |
| DATE=$(date +%Y-%m-%d-%H-%M-%S) | |
| CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE" | |
| if [ "$BACKUP_FILES" == "true" ]; then | |
| mkdir -p "$CURRENT_BACKUP_DIR" | |
| cp /usr/syno/share/nginx/*.mustache "$CURRENT_BACKUP_DIR" | |
| fi | |
| if [ "$DELETE_OLD_BACKUPS" == "true" ]; then | |
| find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \; | |
| fi | |
| sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache | |
| sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache | |
| if which synoservicecfg; then | |
| synoservicecfg --restart nginx | |
| else | |
| synosystemctl restart nginx | |
| fi | |
| echo "Made these changes:" | |
| diff /usr/syno/share/nginx/ $CURRENT_BACKUP_DIR 2>&1 | tee $CURRENT_BACKUP_DIR/changes.log |
@alexdelprete Running DSM 7.0.1 and can't find the synoservicecfg command. Is there an equivalent that I'm missing?
Did you google for it? :)
should be: systemctl restart nginx but try it first, since I can't test it, I have an old DS1812+.
Thanks for the info all.
- Fixed the DATE and BACKUP_DIR var order (oof)
- Added some logic to use different commands to restart nginx depending on what's available.
For some reason my DS220+ running DSM 7.0.1 doesn't like the way the date is being generated. Every time I try to save I get an error saying "Connection failed. Pleased check your network settings." I've had to add single quotes around the date creation like this:
Before: DATE=$(date +%Y-%m-%d-%H-%M-%S)
After: DATE=$(date '+%Y-%m-%d-%H-%M-%S')
I don't know if this affects other DSM 7 users or if making the change would hurt DSM 6 users.
Unfortunately not working on my DS1817+ (current version: DSM 7.0.1-42218 Update 2)
Restarting system didn't help. Script was executed new ports have been take additionally but 80 + 443 still occupied.
sudo netstat -tulpn | grep LISTEN | grep ':80 \|:443 '
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 723/nginx: worker p
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 723/nginx: worker p
tcp6 0 0 :::443 :::* LISTEN 723/nginx: worker p
tcp6 0 0 :::80 :::* LISTEN 723/nginx: worker p
Update: WebStation is installed.
Fixed: Had some "Web service portals" running inside "WebStation" that seem to block the ports from getting free.
@sebastianseidel did you use the modified script provided by @flo-mic? I think his fix was taking care of your issue.
This worked for me! Thanks.
I was able to free up 80, but 443 was still being grabbed by nginx. Took me a long time to figure out the solution, simply had to uncheck the setting:
Control Panel -> Login Portal -> Uncheck/Disable "Automatically redirect HTTP connection to HTTPS for DSM desktop."
Hope this helps someone. And thanks for the original script!
@Synaesthesia0 So I applied this same fix a few days ago and I did not have to disable redirection. It just worked.
My SWAG listens at port 443 now with that setting enabled. Not sure why it's a different case with yours.
@Synaesthesia0 I had the same issue, fixed by removing a record in the DSM reverse proxy - forgot it was there lol.
it's python version for DSM7
import os
import shutil
import time
print("Start OK")
HTTP_PORT=81
HTTPS_PORT=444
NGINX = "/usr/syno/share/nginx"
MUSTACHE = ["DSM.mustache","server.mustache","WWWService.mustache"]
BACKUP_FILES = True # change to false to disable backups
BACKUP_DIR = "/volume1/sw/nginx/backup"
DELETE_OLD_BACKUPS = True # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS = 30
DATE = time.strftime("%Y-%m-%d_%H-%M-%S")
CURRENT_BACKUP_DIR = os.path.join(BACKUP_DIR,DATE)
for file in MUSTACHE:
if BACKUP_FILES:
os.makedirs(CURRENT_BACKUP_DIR, exist_ok=True)
shutil.copy(os.path.join(NGINX,file),CURRENT_BACKUP_DIR)
print("Backup Done")
data = open(os.path.join(NGINX,file), 'rt').read().replace('listen 80', 'listen 81').replace('listen [::]:80','listen [::]:81').replace('listen 443','listen 444').replace('listen [::]:443', 'listen [::]:444')
open(os.path.join(NGINX,file), 'wt').write(data)
print("Mod Done")
if not DELETE_OLD_BACKUPS:
for f in os.listdir(BACKUP_DIR):
f = os.path.join(BACKUP_DIR, f)
if os.stat(f).st_mtime < time.time() - KEEP_BACKUP_DAYS * 86400:
if os.path.isdir(f):
shutil.rmtree(f)
#
# Perform nginx reload if running on DSM 7.X
if open('/etc.defaults/VERSION','r').read().find('majorversion="7"') != -1:
print("Restart service")
os.system('systemctl restart nginx')
print("All Done")
It's work for me after reboot DSM
@thatisfree I changed your code a little bit, by adding 4 variables regarding the ports, so other users can change the values easier.
Besides that, thanks for the code! It worked for me DS918+ DSM 7.0.1-42218 Update 3
import os
import shutil
import time
print("Start OK")
HTTP_PORT=81
HTTPS_PORT=444
NGINX = "/usr/syno/share/nginx"
MUSTACHE = ["DSM.mustache","server.mustache","WWWService.mustache"]
BACKUP_FILES = True # change to false to disable backups
BACKUP_DIR = "/volume1/docker/nginx/backup"
DELETE_OLD_BACKUPS = True # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS = 30
DATE = time.strftime("%Y-%m-%d_%H-%M-%S")
CURRENT_BACKUP_DIR = os.path.join(BACKUP_DIR,DATE)
NEW_HTTP_PORT=79
OLD_HTTP_PORT=80
NEW_HTTPS_PORT=444
OLD_HTTPS_PORT=443
for file in MUSTACHE:
if BACKUP_FILES:
os.makedirs(CURRENT_BACKUP_DIR, exist_ok=True)
shutil.copy(os.path.join(NGINX,file),CURRENT_BACKUP_DIR)
print("Backup Done")
data = open(os.path.join(NGINX,file), 'rt').read().replace('listen 80', 'listen 81').replace('listen [::]:80',f'listen [::]:{NEW_HTTP_PORT}').replace('listen 443',f'listen {NEW_HTTPS_PORT}').replace('listen [::]:443', F'listen [::]:{NEW_HTTPS_PORT}')
open(os.path.join(NGINX,file), 'wt').write(data)
print("Mod Done")
if not DELETE_OLD_BACKUPS:
for f in os.listdir(BACKUP_DIR):
f = os.path.join(BACKUP_DIR, f)
if os.stat(f).st_mtime < time.time() - KEEP_BACKUP_DAYS * 86400:
if os.path.isdir(f):
shutil.rmtree(f)
#
# Perform nginx reload if running on DSM 7.X
if open('/etc.defaults/VERSION','r').read().find('majorversion="7"') != -1:
print("Restart service")
os.system('systemctl restart nginx')
print("All Done")
@thatisfree what do you mean by "it's python version" for DSM7? I used the original code on my DS1817+ DSM7 and it seems to be working fine so I want to understand what is wrong with it and what improvements you made?
@JVT038 since you added new variables, you should remove the old ones as they're no longer being used in the code:
HTTP_PORT=81
HTTPS_PORT=444
Oops yeah, forgot about those 2 vars, my bad
@thatisfree thanks for the original work.
@JVT038 Thank you so much for producing a python version. You saved me the exercise :)
Works like a charm with python3.8 on my Synology DS916+.
Extremely happy I just needed that today and here it is done just 3 weeks ago! You ROCK!
Hi all!
I've had this script runningin my ds918+ with dsm7 and the drive where it was stored (with the backups) crashed.
Now i Want/need to access DSM at ports 80/433 but they don't work anymore. I can access by ports 5000 and 5011..
Is there anything I can do?
Thank you
Hi all!
I've had this script runningin my ds918+ with dsm7 and the drive where it was stored (with the backups) crashed.
Now i Want/need to access DSM at ports 80/433 but they don't work anymore. I can access by ports 5000 and 5011..
Is there anything I can do?
Thank you
You could change the values of the port variables in the script so it changes them to 80/443.
The script did not work for me. After executing it there where 3 files that changed: server.mustache, WWWService.mustache, DSM.mustache.
The ports 80 and 443 are still not available. They still redirect to the DSM login page running on port 5000. Reboot didn't work either.
Here my setup:
DS920+
DSM 7.0.1-42218 Update 3
Also why do i need to add the script as a scheduled task which runs at boot-up? After restarting my synology diskstaion, the changes in those files where still there.
@danielstorch because after an update of DSM those changes will be reverted. Can you try and run this command: sudo systemctl restart nginx this will restart the whole nginx service. Reload did not work for me on DSM 7.1 maybe that also changed on Updated 3 of DSM 7.0
The redirect thing doesn't seem to be true. With firefox or safari the port 80 gives me connection failed. So the Ports seem to be free. But i still can't create a docker container using the ports?
Im trying to create a container in bridge which uses port 80 and 443.
The most elegant solution I can imagine is the following. There is no need to change configuration files of the already running nginx server. Use the following commands to redirect incoming traffic on ports 80 and 443:
iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 443 -j REDIRECT --to-port 8443
When this is done, you can put your your new webserver on ports 8080 and 8443. The original webserver is still running on 80/443 but the traffic from outside will never reach it anymore.
For anyone who might have the same problem. After running the script the ports where free. But i couldn't create the container with the Synology UI or Portainer. I had to create the nginx container on ports 80 and 443 with Docker cli. Now it works fine.
I saw, elsewhere, that someone was running this @restart.....Is that good? Should it be run more or less often possibly?
On a related note:
The most elegant solution I can imagine is the following. There is no need to change configuration files of the already running nginx server. Use the following commands to redirect incoming traffic on ports 80 and 443:
iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -i eth+ -p tcp --dport 443 -j REDIRECT --to-port 8443
When this is done, you can put your your new webserver on ports 8080 and 8443. The original webserver is still running on 80/443 but the traffic from outside will never reach it anymore.
While this does work, for most....I am trying to free the ports up, so that I can have another application take them over. Your solutions would actually make things much worse. (for those out there trying to do the same; e.g. Traefik)
@thatisfree I changed your code a little bit, by adding 4 variables regarding the ports, so other users can change the values easier. Besides that, thanks for the code! It worked for me DS918+ DSM 7.0.1-42218 Update 3
import os import shutil import time print("Start OK") HTTP_PORT=81 HTTPS_PORT=444 NGINX = "/usr/syno/share/nginx" MUSTACHE = ["DSM.mustache","server.mustache","WWWService.mustache"] BACKUP_FILES = True # change to false to disable backups BACKUP_DIR = "/volume1/docker/nginx/backup" DELETE_OLD_BACKUPS = True # change to true to automatically delete old backups. KEEP_BACKUP_DAYS = 30 DATE = time.strftime("%Y-%m-%d_%H-%M-%S") CURRENT_BACKUP_DIR = os.path.join(BACKUP_DIR,DATE) NEW_HTTP_PORT=79 OLD_HTTP_PORT=80 NEW_HTTPS_PORT=444 OLD_HTTPS_PORT=443 for file in MUSTACHE: if BACKUP_FILES: os.makedirs(CURRENT_BACKUP_DIR, exist_ok=True) shutil.copy(os.path.join(NGINX,file),CURRENT_BACKUP_DIR) print("Backup Done") data = open(os.path.join(NGINX,file), 'rt').read().replace('listen 80', 'listen 81').replace('listen [::]:80',f'listen [::]:{NEW_HTTP_PORT}').replace('listen 443',f'listen {NEW_HTTPS_PORT}').replace('listen [::]:443', F'listen [::]:{NEW_HTTPS_PORT}') open(os.path.join(NGINX,file), 'wt').write(data) print("Mod Done") if not DELETE_OLD_BACKUPS: for f in os.listdir(BACKUP_DIR): f = os.path.join(BACKUP_DIR, f) if os.stat(f).st_mtime < time.time() - KEEP_BACKUP_DAYS * 86400: if os.path.isdir(f): shutil.rmtree(f) # # Perform nginx reload if running on DSM 7.X if open('/etc.defaults/VERSION','r').read().find('majorversion="7"') != -1: print("Restart service") os.system('systemctl restart nginx') print("All Done")
This had a hard coded value for replacing 80 with 81 which was causing the files to have 2 different ports in the configuration, port 81 and the NEW_HTTP_PORT value. It was reading "replace('listen 80', 'listen 81')" when it should have read "replace('listen 80',f'listen {NEW_HTTP_PORT}')". You can see it in the quote. Also removed the old HTTP_PORT and HTTPS_PORT values.
Here is the updated python script
import os
import shutil
import time
print("Start OK")
NGINX = "/usr/syno/share/nginx"
MUSTACHE = ["DSM.mustache","server.mustache","WWWService.mustache"]
BACKUP_FILES = True # change to false to disable backups
BACKUP_DIR = "/volume1/docker/nginx/backup"
DELETE_OLD_BACKUPS = True # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS = 30
DATE = time.strftime("%Y-%m-%d_%H-%M-%S")
CURRENT_BACKUP_DIR = os.path.join(BACKUP_DIR,DATE)
NEW_HTTP_PORT=79
OLD_HTTP_PORT=80
NEW_HTTPS_PORT=444
OLD_HTTPS_PORT=443
for file in MUSTACHE:
if BACKUP_FILES:
os.makedirs(CURRENT_BACKUP_DIR, exist_ok=True)
shutil.copy(os.path.join(NGINX,file),CURRENT_BACKUP_DIR)
print("Backup Done")
data = open(os.path.join(NGINX,file), 'rt').read().replace('listen 80',f'listen {NEW_HTTP_PORT}').replace('listen [::]:80',f'listen [::]:{NEW_HTTP_PORT}').replace('listen 443',f'listen {NEW_HTTPS_PORT}').replace('listen [::]:443', F'listen [::]:{NEW_HTTPS_PORT}')
open(os.path.join(NGINX,file), 'wt').write(data)
print("Mod Done")
if not DELETE_OLD_BACKUPS:
for f in os.listdir(BACKUP_DIR):
f = os.path.join(BACKUP_DIR, f)
if os.stat(f).st_mtime < time.time() - KEEP_BACKUP_DAYS * 86400:
if os.path.isdir(f):
shutil.rmtree(f)
#
# Perform nginx reload if running on DSM 7.X
if open('/etc.defaults/VERSION','r').read().find('majorversion="7"') != -1:
print("Restart service")
os.system('systemctl restart nginx')
print("All Done")
Got bit by the generic system event "Some web pages cannot function properly because of web server error. Please contact Tech support..." with this script running on boot after I updated to DSM 7.1 update 2 this afternoon.
I've tweaked the original script provided by the OP (with a few suggested changes in the comments since it was posted) to enable easily resetting the ports for Nginx back to the defaults expected in addition to supporting changing the defaults to custom ports (as is the default behavior). This allowed me to reset the ports back to defaults, update my packages that were failing within Package Center, and then re-enable my custom ports and free up ports 80 and 443 for Traefik as usual.
In case anyone is interested in it, here's my modified version:
#! /bin/bash
# SRC: https://gist.github.com/hjbotha/f64ef2e0cd1e8ba5ec526dcd6e937dd7
# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
# Developed for DSM 6 - 7.0.1. Not tested on other versions.
# Steps to install
# Save this script in one of your shares
# Edit it according to your requirements
# Backup /usr/syno/share/nginx/ as follows:
# # cd /usr/syno/share/
# # tar cvfz $DOCKER_USER_DIR/.bak/nginx.bak.tar.gz nginx
# Run this script as root
# Reboot and ensure everything is still working
# If not, restore the backup and post a comment on this script's gist page
# If it did, schedule it to run as root at boot
# through Control Panel -> Task Scheduler
DEFAULT_HTTP_PORT=80
DEFAULT_HTTPS_PORT=443
CUSTOM_HTTP_PORT=5080 # DO NOT USE 5000 as it creates a duplicate server config block in Nginx and pukes
CUSTOM_HTTPS_PORT=5443 # DO NOT USE 5001 as it creates a duplicate server config block in Nginx and pukes
if [ "$RESET_TO_DEFAULTS" == "true" ]; then
# Reverse the port replacement logic in the mustache files to "reset"
HTTP_PORT_TO_REPLACE=$CUSTOM_HTTP_PORT
HTTPS_PORT_TO_REPLACE=$CUSTOM_HTTPS_PORT
HTTP_NEW_PORT=$DEFAULT_HTTP_PORT
HTTPS_NEW_PORT=$DEFAULT_HTTPS_PORT
echo "Resetting ports to default ports..."
else
# Default behavior is to update Nginx for DSM to use ports 5000 & 50001
HTTP_PORT_TO_REPLACE=$DEFAULT_HTTP_PORT
HTTPS_PORT_TO_REPLACE=$DEFAULT_HTTPS_PORT
HTTP_NEW_PORT=$CUSTOM_HTTP_PORT
HTTPS_NEW_PORT=$CUSTOM_HTTPS_PORT
echo "Overriding default ports..."
fi
echo "Replacing port $HTTP_PORT_TO_REPLACE with $HTTP_NEW_PORT"
echo "Replacing port $HTTPS_PORT_TO_REPLACE with $HTTPS_NEW_PORT"
echo " "
if [ "$BACKUP_FILES" == "false" ]; then
BACKUP_FILES=false
else
# Default to backing up all modified files
BACKUP_FILES=true
fi
BACKUP_DIR=${HOME}/.bak/free_ports/
DELETE_OLD_BACKUPS=false # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS=365
DATE=$(date +%Y-%m-%d-%H-%M-%S)
CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"
if [ "$BACKUP_FILES" == "true" ]; then
mkdir -p "$CURRENT_BACKUP_DIR"
cp -r /usr/syno/share/nginx/ "$CURRENT_BACKUP_DIR"
fi
if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi
# Replace ports as desired in mustache config files
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)$HTTP_PORT_TO_REPLACE\([^0-9]\)/\1$HTTP_NEW_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)$HTTPS_PORT_TO_REPLACE\([^0-9]\)/\1$HTTPS_NEW_PORT\2/" /usr/syno/share/nginx/*.mustache
echo "Made these changes:"
diff /usr/syno/share/nginx/ $CURRENT_BACKUP_DIR 2>&1 | tee $CURRENT_BACKUP_DIR/changes.log
echo " "
echo "[ ] Updating Nginx..."
if grep -q 'majorversion="7"' "/etc.defaults/VERSION"; then
nginx -s reload
echo "[✔] Nginx reloaded!"
else
if which synoservicecfg; then
synoservicecfg --restart nginx
else
synosystemctl restart nginx
fi
echo "[✔] Nginx restarted!"
fi
exit 0Then you would simply invoke this with sudo as usual, but pass in an ENV variable to restore the configs to their default ports:
sudo RESET_TO_DEFAULTS=true ./free_ports.sh
Script worked good on DSM 7.0.3
Thank you
This is exactly what I need to free up port 80/443 on my Synology box.
Thanks to all who contributed !!
Anyone tried this on DSM 7.1-42661 Update 4 ?
Updated recently and port 443 still seems to be held by nginx
sudo netstat -tulpn | grep LISTEN | grep ':80 \|:443 '
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 15598/nginx: master
tcp6 0 0 :::443 :::* LISTEN 15598/nginx: master
Nevermind me, I had a rogue reverse proxy entry in the DSM control panel. Removed and all good now.
Thanks.
Had to move the DATE line before the CURRENT_BACKUP_DIR to make the backup versioning work as expected.
I also added this line at the end so no reboot is necessary: