Free ports 80 and 443 on Synology NAS

free_ports.sh

#! /bin/bash

# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
# Steps to install
# Save this script in one of your shares
# Backup /usr/syno/share/nginx/ as follows:
# # cd /usr/syno/share/
# # tar cvf ~/nginx.tar nginx
# Run this script as root
# Reboot and ensure everything is still working
# If not, restore the backup and post a comment on this script's gist page
# If it did, schedule it to run at boot
#   through Control Panel -> Task Scheduler

HTTP_PORT=81
HTTPS_PORT=444

BACKUP_FILES=false
BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=false
KEEP_BACKUP_DAYS=30

DATE=$(date +%Y-%m-%d-%H-%m-%S)

if [ "$BACKUP_FILES" == "true" ]; then
  mkdir -p "$BACKUP_DIR/$DATE"
  cp /usr/syno/share/nginx/*.mustache "$BACKUP_DIR/$DATE"
fi

if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
  find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi

sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache

Thanks!

Thanks for the great script

If you want to change the port variables to something that includes the old port say

1080 and 1443

You can use something like this to not append the same prefix each run
The first run it will turn 80 into 1080, but the second time it will turn 1080 into 101080
Same with 443 -> 1443 -> 11443 and so on

#!/bin/bash

# Save this script in one of your shares and schedule it to run as root at boot
#   through Control Panel -> Task Scheduler
# DSM upgrades will reset these changes, which is why we schedule them to happen automatically
# Set the variables below if you want to customise the ports which DSM will listen on instead
# NOTE: These ports are used for some services, e.g. Photo Station

HTTP_PORT=80
HTTP_PATCH_PORT=1080

HTTPS_PORT=443
HTTPS_PATCH_PORT=1443

sed -i "s/^\( *listen .*\)$HTTP_PATCH_PORT/\1$HTTP_PORT/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\( *listen .*\)$HTTP_PORT/\1$HTTP_PATCH_PORT/" /usr/syno/share/nginx/*.mustache

sed -i "s/^\( *listen .*\)$HTTPS_PATCH_PORT/\1$HTTPS_PORT/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\( *listen .*\)$HTTPS_PORT/\1$HTTPS_PATCH_PORT/" /usr/syno/share/nginx/*.mustache

port 101080

Wait. That's illegal.

Hi @hjbotha, thanks for the script.
Unfortunately since the last update, the script didn't works more.
Do you know why?

Apologies for the edit spam. I made some adjustments to the script to account for ports which contain 80/443. I ran into some bother editing and my mustache files may not be quite the same as they are by default so please use caution and take backups before trying out the new script.

@croghostrider, I've updated to DSM 6.2.2-24922 Update 2 and I don't see anything different. What's it doing on your system?

I am on the same version, Nginx occupies port 80

@NAS:/$ sudo netstat -ltnp | grep -w ':80'
Password:
tcp6       0      0 :::80                   :::*                    LISTEN      11992/nginx: master

if I try to load the webpage I see in Chrome:

400 Bad Request
Request Header Or Cookie Too Large
nginx

with grep I found in the file /etc/nginx/app.d/server.ReverseProxy.conf

server {
    listen 80 default_server;
    listen [::]:80 default_server;

but if I change the ports restart Nginx and check the file again, the port is back on 80.

The nginx server configuration file gets rebuilt from the mustache templates each time it's restarted so that's expected.

What do you get from this?
grep 80 /usr/syno/share/nginx/*.mustache

Also, on the NAS, go to Control Panel -> Application Portal -> Reverse Proxy. Do you have a reverse proxy configured to listen on 80 there? Cos I think that's what that config file might be for, so it would be behaving as expected.

Thank you, that's the problem.

With this script is possible to redirect the access from DSM from port 5001 to 443?

port 101080

Wait. That's illegal.

Sorry for the late answer @lesha-co
But that is correct and will also crash your system

Does someone have a backup file for me? I messed up and forgot to make the backup... Now my dsm is telling me, that there are some problems and i cant access through https anymore

Adding:
sudo synoservicecfg --restart nginx
Will save you from rebooting the whole NAS :)

THANK YOU 🙌. The longer I kept googling, the more I came across comments from others saying it took them way too long to figure their config out. Must've meant I was getting closer 😅

Thank you for this script!

You mentioned in it that the backups weren't 100%. The ONLY thing that was off a little was your folder structures for backup directory and delete old backup directories, as you added traefik to the latter:

BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=/volume1/apps/traefik/backup_free_ports

Cheers, removed the hard-coding.
$DELETE_OLD_BACKUPS is meant to be set to "true" or "false". Old files will be deleted from $BACKUP_DIR.