First Secure Your Synology NAS
Secure your Synology NAS before adding enabling internet access. Follow this post for more information.
You need to own your own domain. You need to understand the basics of DNS and have the ability to add a CNAME to DNS.
Setup Dynamic DNS (DDNS)
Your ISP provides you with a publicly routable IP address. You then connect your router to the ISP modem. Your devices inside your home have NAT'ed IP addresses and are all RFC 1918 addresses. These addresses are not routable on the internet. When you go to a website or use anything on the internet your router will translate your private IP to the public IP address provided by your ISP.
Most ISPs provide DHCP addresses. They change from time to time. To get a SSL certificate you need to be able to map your domain to an IP address. Dynamic DNS will automatically update the forward resolution of your domain name to IP address even if it changes. The TTL (time to live) needs to be short. Normally this is about 15 minutes or so. So any changes won't be immediately available. But for home use it is more than good enough.
You can use any number of DDNS providers. Synology also offers a DDNS service. I already added DDNS to my home router. So I am not going to walk through the setup in this article.
Setup DNS CNAME
Once you setup DDNS you will have a resolvable domain name that maps to the IP address given to you by your ISP. For example Comcast (Xfinity) owns all of 73/8. So if your ISP is Comcast you will have a public IP like 73.x.y.z. (where x.y.z are valid numbers between 0-255) Check what it is by going to ipchicken.com. And if you used noip.com as your DDNS provider you resolve your 73.x.y.z IP address to mysyno.ddns.net. You can choose any available hostname and choose from a number of different domains.
mysyno.ddns.net A 73.x.y.z
If you owned the domain 'example.com' you could then create a subdomain and add a CNAME to mysyno.ddns.net. Lets say you create the subdomain syno.lab.example.com. So you have the following.
- The domain you purchased. Presumably for your personal website. = example.com
- Comcast public IP address (73/8) = 73.x.y.z
- DDNS = mysyno.ddns.net with A record of 73.x.y.z
- Subdomain = lab.example.com (replace lab with anything you desire)
- Fully Qualified Domain Name (FQDN) = syno.lab.example.com (You don't really need to do this. But I wanted to use my Synology FQDN as the URL. You can simply use the subdomain if you desire.)
You now need to setup a CNAME record for either the subdomain or the FQDN. The exact procedure will vary with your DNS provider. But you want to set it up like the following picture.
Here is our DNS zone information.
NAME TYPE VALUE
mysyno.ddns.net. A 73.x.y.z
syno.lab.example.com. CNAME mysyno.ddns.net.
The CNAME is 'mysyno.ddns.net.'. The domain 'syno.lab.example.com.' is an alias to our DDNS domain. (mysyno.ddns.net.)
Since we own 'example.com' we can assign a SSL certificate to the subdomain of 'syno.lab.example.com'. In this example this is actually our Synology FQDN. Our home network domain would actually be 'lab.example.com'. And we can use this internally.
Follow this post to setup Let's Encrypt SSL certificates.