sslhYou’re in an office or using public wifi and ports other than 53, 80 and 443 are blocked. How to SSH or VPN to your DiskStation? SSLH provides a solution for this, by acting as a proxy listening on port 443 and passing the traffic to deamons like SSHd, Apache or OpenVPN. The SSLH package is available in the SynoCommunity repository but manual work needs to be done to get it working.

By default, Apache on the Synology listens on port 443 without binding to an IP-address or interface. The first step would be to change the configuration so Apache listens on port 443 on localhost only. SSH to the DiskStation and change the configuration in these 3 files:

  • /etc/httpd/conf/extra/httpd-ssl.conf
  •  /etc/httpd/conf/extra/httpd-ssl.conf-sys
  •  /etc/httpd/conf/extra/httpd-ssl.conf-user

This can be done recursively with sed:

mkdir /root/http-backup
cp -a /etc/httpd/conf/extra/httpd-ssl.conf* /root/http-backup/
sed -i 's/*:443/127.0.0.1:443/g' /etc/httpd/conf/extra/httpd-ssl.conf*

Now change the configuration of SSLH. By default, de service listens on port 3000. The configuration file can be found in /usr/local/sslh/var/sslh.cfg. Also change your host (0.0.0.0) to the IP-address of the Synology. In case you use multiple interfaces, the interface to your router should be the one.

When done, reboot your Synology DiskStation and test if https, ssh and/or OpenVPN works via port 443.