Synology NAS Web Station, Reverse Proxy and mod_rewrite: Manipulating URLs

In this previous post, I described setting up a new NAS to run web services and Ghost blogging platform.  Once personal web sites and Ghost were set up, I wanted to change how the URL reads in address bar of your browser.  My goals are:

• Visitor may just type the domain name without specifying protocol, but we want to use HTTPS for everything.  So there needs to be a way to redirect HTTP traffic to HTTPS port.
• Personal web sites are in the form of domain.tld/~name and I want the URL to be shorter to type, like name.domain.tld.

This post on SynoForum addresses my first goal completely:

https://www.synoforum.com/resources/http-to-https-redirect.86/

And it gave me ideas how to accomplish my second goal.  It had been years since I last worked with mod_rewrite; it'd be nice to review and share with everyone what made it work for me.

General Outline

The "technique" is broken down into the following parts:

1. Set up DNS record by adding CNAME entry to point your subdomain to your NAS, whose address is updated via DDNS.  This means an A+ record for domain.tld, and CNAME of user pointing to domain.tld, so that when someone types user.domain.tld it'll resolve to your NAS and send it requests.
2. Creating a port-based virtual host in Web Station to process the URL rewrite.  This is done from Web Service Portal menu entry from sidebar (see picture above) > Create > Create service portal > Virtual Host.  Port-based so that later I'll use reverse proxy to connect name to this virtual host.  This virtual host needs Apache backend and a directory you create as its document root.  Inside that directory we can create an .htaccess file that will include the mod_rewrite recipe customized for your requirements to generate the final URL.
3. Finally, use reverse proxy from DSM Control Panel > Login Portal > Advanced > Reverse Proxy to create a new mapping for the mapping user.domain.tld to localhost ports you defined previously in step 2, for HTTP and HTTPS.  This completes the routing.

From now on, anyone will be able to send requests to your NAS, reverse proxy will then trigger the rules listed in .htaccess to change the URL automatically for client.

mod_rewrite

Setting up the recipe is mostly writing regular expressions to pull out the strings you need.  Here they are:

HTTP to HTTPS Redirect

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}%{QUERY-STRING} [L]

Nice Names for Personal Web Sites

RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)\.domain\.tld$ [NC] # extract subdomain and save it in %1
RewriteRule (.*) https://seraphene.ninja/user/%1%{REQUEST_URI} [L]

Annotations

Everything that starts with %{ is a  special variable.  # denotes a comment.  The flags (last token in []) are explained here.  Generally you want to stop the rewriting with [L].  Use RewriteCond to reject URLs and abort URL rewriting, for example, if you want to reject rewriting www subdomain because there is no user named www, add:

RewriteCond %{HTTP_HOST} !www.domain.tld [NC] # ignore www

Note that Apache already split the request URL to different parts, HTTP_HOST, REQUEST_URI, and QUERY_STRING. so your regular expression need not match the entire request URL.  There are many other server variables, you may want to read its documentation once.

For the first HTTP to HTTPS Redirect recipe, it just builds a new URL that always useshttps:// protocol.

For the second Nice Names for Personal Web Sites recipe, it rewrites URL from name.domain.tld into domain.tld/user/name.  This works because on the filesystem I created symbolic links at /volume1/web/user/name to point at /volume1/homes/name/www/.  I am doing this because I dont like ~ in my URL, but you can just as easily redirect to domain.tld/~name/ without the symbolic links.  After all, that is the reason for using mod_rewrite, to manipulate the URL to fit your needs.  Experiment and Enjoy!

References

• mod_rewrite documentation: https://httpd.apache.org/docs/current/rewrite/
• Useful tool to test your .htaccess recipe: https://htaccess.madewithlove.be/