Free ports 80 and 443 on Synology NAS

free_ports.sh

#! /bin/bash

# NEWLY ADDED BACKUP FUNCTIONALITY IS NOT FULLY TESTED YET, USE WITH CARE, ESPECIALLY DELETION
# Developed for DSM 6 - 7.0.1. Not tested on other versions.
# Steps to install
# Save this script in one of your shares
# Edit it according to your requirements
# Backup /usr/syno/share/nginx/ as follows:
# # cd /usr/syno/share/
# # tar cvf ~/nginx.tar nginx
# Run this script as root
# Reboot and ensure everything is still working
# If not, restore the backup and post a comment on this script's gist page
# If it did, schedule it to run as root at boot
#   through Control Panel -> Task Scheduler

HTTP_PORT=81
HTTPS_PORT=444

BACKUP_FILES=true # change to false to disable backups
BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=false # change to true to automatically delete old backups.
KEEP_BACKUP_DAYS=30

DATE=$(date +%Y-%m-%d-%H-%M-%S)
CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"

if [ "$BACKUP_FILES" == "true" ]; then
  mkdir -p "$CURRENT_BACKUP_DIR"
  cp /usr/syno/share/nginx/*.mustache "$CURRENT_BACKUP_DIR"
fi

if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
  find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi

sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache

if which synoservicecfg; then
  synoservicecfg --restart nginx
else
  synosystemctl restart nginx
fi

echo "Made these changes:"

diff /usr/syno/share/nginx/ $CURRENT_BACKUP_DIR 2>&1 | tee $CURRENT_BACKUP_DIR/changes.log

Hello everybody,

thanks to @hjbotha and you guys for this solution! I modified the script and it does the job for DSM 6.2.4-25556 Update 6 ! Yeaaaah!

You may want to use my modified script. I did NOT change the replacements themselve, so the core of the original script is still the same.

Here is what I changed:

* removed option fo disable backups - WE WANT BACKUPS IF CHANGES ARE DONE!

* ... but if the script did NO changes, the backup of this run will be removed. Normally this is the case, if former modifications are still in place.

* only if changes were made they get reported

* only if changes were made NGINX gets restarted

* removed funcionallity to "restore" former changes

Why the "restore"-part was removed and how to restore then? If someone modifies multiple times with different new ports it would be tricky to fiddle the right settings into the script, set the environment-vars and track the resulting changes. So I removed that completely. If you need to restore just look in your backup-folder and restore the version you like manually. Because your backup-folder does not contain "useless" backups it's very easy to see the changes (changes.log) and replace files in /usr/syno/share/nginx/ with backups.

#! /bin/bash
# Script-source and discussion: https://gist.github.com/hjbotha/f64ef2e0cd1e8ba5ec526dcd6e937dd7

# Developed for DSM 6 - 7.0.1. Not tested on other versions.
# run as root at boot through Control Panel -> Task Scheduler

# Ports to free - blocked by nginx on Synology
DEFAULT_HTTP_PORT=80
DEFAULT_HTTPS_PORT=443

# New ports to set instead
CUSTOM_HTTP_PORT=5080  # DO NOT USE 5000 
CUSTOM_HTTPS_PORT=5443 # DO NOT USE 5001 

# Backup-settings
BACKUP_DIR=/volume2/Backups/Settings/DSM-nginx
DELETE_OLD_BACKUPS=true
KEEP_BACKUP_DAYS=90

echo "Replacing port $DEFAULT_HTTP_PORT with $CUSTOM_HTTP_PORT"
echo -e "Replacing port $DEFAULT_HTTPS_PORT with $CUSTOM_HTTPS_PORT\n"

# Always backup...
BACKUP_DIR="$BACKUP_DIR/$(date +%Y%m%d-%H%M%S)"
echo "Backup Dir: "$BACKUP_DIR
mkdir -p "$BACKUP_DIR"
cp -r /usr/syno/share/nginx/* "$BACKUP_DIR"

if [ "$DELETE_OLD_BACKUPS" == "true" ]; then
  find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi

# Replace ports as desired in mustache config files
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)$DEFAULT_HTTP_PORT\([^0-9]\)/\1$CUSTOM_HTTP_PORT\2/" /usr/syno/share/nginx/*.mustache
sed -i "s/^\([ \t]\+listen[ \t]\+[]:[]*\)$DEFAULT_HTTPS_PORT\([^0-9]\)/\1$CUSTOM_HTTPS_PORT\2/" /usr/syno/share/nginx/*.mustache

# create changes.log
diff -r --exclude=changes.log /usr/syno/share/nginx/ "$BACKUP_DIR" > "$BACKUP_DIR/changes.log"

# remove backup if NO changes were made - else restart nginx
if [ $(stat -c%s "$BACKUP_DIR/changes.log") -eq 0 ]; then
	rm -f -r "$BACKUP_DIR"
	echo No changes detected, backup removed.
else
	echo "Made these changes:"
	cat "$BACKUP_DIR/changes.log"
	echo -e "\n[ ] Restarting Nginx..."
	if grep -q 'majorversion="7"' "/etc.defaults/VERSION"; then
		nginx -s reload
		echo "[✔] Nginx reloaded!"
	else
		if which synoservicecfg; then
			synoservicecfg --restart nginx
		else
			synosystemctl restart nginx
		fi
		echo "[✔] Nginx restarted!"
	fi
fi

Why can't we use 5000/5001?

This no longer works as of DSM 7.2. There's still a process remaining for nginx that uses port 443.

@KComrade53 I'm running 7.2.1. Have you made sure to double check all the DSM settings to make sure nothing is proxied or enabled? Have you tried to restart nginx / the nas?

@apearson I changed no settings, I just updated my synology to 7.2.1. I run the free_ports command as a scheduled task on boot and before the update it worked fine, but now netstat shows port 443 in use by nginx

I just wanted to let you know:

I have updated my Synology DS918+ with my modified Script from 6.2 to 7.1.

I had nothing to do to make the dockerizes NGNIX working after the updates.
Just installed the DSM Updates, reboot, still working! :-)