Enable SSL on Confluence with Docker on Synology
It depends if your NAS is accessible from the internet or not. If it is, this is how to do it if we want to access Confluence through, for example, https://confluence.somecoolname.synology.me:8998
I wrote a full walkthough here: https://www.giuliomenna.net/confluence-on-synology-nas-via-docker-and-with-lets-encrypt-ssl/ but the part that interests you should be this:
- Create a sub-domain for Confluence with the Reverse Proxy possibilities on your Synology NAS
- Assign it a Let's Encrypt certificate
So:From the DSM homepage, go to:
Control Panel > Application Portal
Select "Reverse Proxy" in the top menu.
Click on "Create" and a new window will appear.
Fill as follows (this is based on the example scenario we mentioned above)
Source
- Description: Confluence
- Protocol: https
- Hostname: https://confluence.somecoolname.synology.me
Port: 8998
Enable HSTS: check
- Enable HTTP/2: check
Destination
- Protocol: HTTP
- Hostname: localhost
- Port: (your Confluence's DockerLocal port)
Press "OK"
Next, assign it a Let's Encrypt certificate:
DSM > Control Pannel > Security
Select the "Certificate" tab
Click on "Add"
Select "Add a new certificate" and click Next
Select "Get a certificate from Let's Encrypt" and click Next (do NOT select "Set as default certificate")
- Domain name: confluence.somecoolname.synology.me
- Email: your email
- Subject Alternative Name: you may leave this empty
Click "Apply"
While still in DSM > Control Pannel > Security, select your newly created certificate and click on "Configure" (next to "Add")
The "Configure" tab appears.
In the column "Services" you will find https://confluence.somecoolname.synology.me:8998 - click on the dropdown under "Certificate" and select the confluence.somecoolname.synology.me (the certificate you have just created.)
Now confluence.somecoolname.synology.me:8998 is protected with an SSL certificate and when you will enter your password and username, it will be secured.
This is really the tip of the Iceberg though:
You will have to open port 8998 on your router (think of the security implications though, before you go ahead) and Tomcat will not be happy.