Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Free ports 80 and 443 on Synology NAS
#! /bin/bash
# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
# Steps to install
# Save this script in one of your shares
# Backup /usr/syno/share/nginx/ as follows:
# # cd /usr/syno/share/
# # tar cvf ~/nginx.tar nginx
# Run this script as root
# Reboot and ensure everything is still working
# If not, restore the backup and post a comment on this script's gist page
# If it did, schedule it to run at boot
# through Control Panel -> Task Scheduler
HTTP_PORT=81
HTTPS_PORT=444
BACKUP_FILES=false
BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=false
KEEP_BACKUP_DAYS=30
DATE=$(date +%Y-%m-%d-%H-%m-%S)
if [ "$BACKUP_FILES" == "true" ]; then
mkdir -p "$BACKUP_DIR/$DATE"
cp /usr/syno/share/nginx/*.mustache "$BACKUP_DIR/$DATE"
fi
if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache
@kallangerard

This comment has been minimized.

Copy link

@kallangerard kallangerard commented Feb 28, 2019

Thanks!

@Stenudd

This comment has been minimized.

Copy link

@Stenudd Stenudd commented Mar 23, 2019

Thanks for the great script

If you want to change the port variables to something that includes the old port say

1080 and 1443

You can use something like this to not append the same prefix each run
The first run it will turn 80 into 1080, but the second time it will turn 1080 into 101080
Same with 443 -> 1443 -> 11443 and so on

#!/bin/bash

# Save this script in one of your shares and schedule it to run as root at boot
#   through Control Panel -> Task Scheduler
# DSM upgrades will reset these changes, which is why we schedule them to happen automatically
# Set the variables below if you want to customise the ports which DSM will listen on instead
# NOTE: These ports are used for some services, e.g. Photo Station

HTTP_PORT=80
HTTP_PATCH_PORT=1080

HTTPS_PORT=443
HTTPS_PATCH_PORT=1443

sed -i "s/^\( *listen .*\)$HTTP_PATCH_PORT/\1$HTTP_PORT/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\( *listen .*\)$HTTP_PORT/\1$HTTP_PATCH_PORT/" /usr/syno/share/nginx/*.mustache

sed -i "s/^\( *listen .*\)$HTTPS_PATCH_PORT/\1$HTTPS_PORT/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\( *listen .*\)$HTTPS_PORT/\1$HTTPS_PATCH_PORT/" /usr/syno/share/nginx/*.mustache
@lesha-co

This comment has been minimized.

Copy link

@lesha-co lesha-co commented May 14, 2019

port 101080

Wait. That's illegal.

@croghostrider

This comment has been minimized.

Copy link

@croghostrider croghostrider commented Jul 17, 2019

Hi @hjbotha, thanks for the script.
Unfortunately since the last update, the script didn't works more.
Do you know why?

@hjbotha

This comment has been minimized.

Copy link
Owner Author

@hjbotha hjbotha commented Jul 18, 2019

Apologies for the edit spam. I made some adjustments to the script to account for ports which contain 80/443. I ran into some bother editing and my mustache files may not be quite the same as they are by default so please use caution and take backups before trying out the new script.

@croghostrider, I've updated to DSM 6.2.2-24922 Update 2 and I don't see anything different. What's it doing on your system?

@croghostrider

This comment has been minimized.

Copy link

@croghostrider croghostrider commented Jul 19, 2019

I am on the same version, Nginx occupies port 80

@NAS:/$ sudo netstat -ltnp | grep -w ':80'
Password:
tcp6       0      0 :::80                   :::*                    LISTEN      11992/nginx: master

if I try to load the webpage I see in Chrome:

400 Bad Request
Request Header Or Cookie Too Large
nginx

with grep I found in the file /etc/nginx/app.d/server.ReverseProxy.conf

server {
    listen 80 default_server;
    listen [::]:80 default_server;

but if I change the ports restart Nginx and check the file again, the port is back on 80.

@hjbotha

This comment has been minimized.

Copy link
Owner Author

@hjbotha hjbotha commented Jul 19, 2019

The nginx server configuration file gets rebuilt from the mustache templates each time it's restarted so that's expected.

What do you get from this?
grep 80 /usr/syno/share/nginx/*.mustache

@hjbotha

This comment has been minimized.

Copy link
Owner Author

@hjbotha hjbotha commented Jul 19, 2019

Also, on the NAS, go to Control Panel -> Application Portal -> Reverse Proxy. Do you have a reverse proxy configured to listen on 80 there? Cos I think that's what that config file might be for, so it would be behaving as expected.

@croghostrider

This comment has been minimized.

Copy link

@croghostrider croghostrider commented Jul 19, 2019

Thank you, that's the problem.

@davidsudre

This comment has been minimized.

Copy link

@davidsudre davidsudre commented Sep 3, 2019

With this script is possible to redirect the access from DSM from port 5001 to 443?

@Stenudd

This comment has been minimized.

Copy link

@Stenudd Stenudd commented Oct 30, 2019

port 101080

Wait. That's illegal.

Sorry for the late answer @lesha-co
But that is correct and will also crash your system

@Joly0

This comment has been minimized.

Copy link

@Joly0 Joly0 commented Apr 8, 2020

Does someone have a backup file for me? I messed up and forgot to make the backup... Now my dsm is telling me, that there are some problems and i cant access through https anymore

@bruvv

This comment has been minimized.

Copy link

@bruvv bruvv commented May 23, 2020

Adding:
sudo synoservicecfg --restart nginx
Will save you from rebooting the whole NAS :)

@kid-pro-kuo

This comment has been minimized.

Copy link

@kid-pro-kuo kid-pro-kuo commented Jun 22, 2020

THANK YOU 🙌. The longer I kept googling, the more I came across comments from others saying it took them way too long to figure their config out. Must've meant I was getting closer 😅

@tacticalpacket

This comment has been minimized.

Copy link

@tacticalpacket tacticalpacket commented Jul 30, 2020

Thank you for this script!

You mentioned in it that the backups weren't 100%. The ONLY thing that was off a little was your folder structures for backup directory and delete old backup directories, as you added traefik to the latter:

BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=/volume1/apps/traefik/backup_free_ports

@hjbotha

This comment has been minimized.

Copy link
Owner Author

@hjbotha hjbotha commented Aug 4, 2020

Cheers, removed the hard-coding.
$DELETE_OLD_BACKUPS is meant to be set to "true" or "false". Old files will be deleted from $BACKUP_DIR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.