Application Portal

Application Portal allows you to configure the connection settings of various applications so that you can directly access and run these applications (e.g. File Station) in independent browser tabs or windows.

Note:

Customize Aliases

You can assign an alias for each Synology-developed application like File Station. With the custom alias, you can quickly open the application via a specialized URL.

To customize application aliases:

  1. Go to Control Panel > Application Portal > Application.
  2. Select an application.
  3. Click Edit > General.
  4. In the pop-up window, select Enable customized alias and specify the alias.
  5. Click OK to save the settings.

Note:

To access applications with aliases:

After you set up an alias for an application (e.g. File Station), you can quickly open the application by entering a URL in the following formats: http://DS_IP_OR_SERVER_NAME/ALIAS/ or https://DS_IP_OR_SERVER_NAME/ALIAS/

For instance, you can quickly access File Station via the URLs: http://192.168.xx.xx/file/ or https://MySynologyNAS/file/

Customize HTTP/HTTPS Ports

You can assign an HTTP/HTTPS port for each Synology-developed application like File Station. With the custom port, you can quickly open the application via a specialized URL.

To customize application HTTP/HTTPS ports:

  1. Go to Control Panel > Application Portal > Application.
  2. Select an application.
  3. Click Edit > General.
  4. In the pop-up window, select Enable customized port (HTTP) or Enable customized port (HTTPS).
  5. Specify a custom port number.

Note:

To access applications with HTTP/HTTPS ports:

After you set up HTTP/HTTPS ports for an application (e.g. File Station), you can quickly open the application by entering URLs in the following formats: http://DS_IP_OR_SERVER_NAME:HTTP_PORT or https://DS_IP_OR_SERVER_NAME:HTTPS_PORT

For instance, you can quickly access File Station via the URLs: http://192.168.xx.xx:7000 or https://MySynologyNAS:7001

To configure the certificate and TLS/SSL profile level for HTTPS ports:

After you set up an HTTPS port for an application (e.g. File Station), you can go to Control Panel > Security > Certificate and click Configure. Then find the service name in the format of Application_Name - HTTPS_PORT to configure the certificate used.

Also, you can go to Control Panel > Security > Advanced and click Custom Settings. Then find the service name in the format of Application_Name - HTTPS_PORT to configure the TLS/SSL profile level used.

For instance, if the HTTPS port of File Station is 7001, you can go to the two setting pages mentioned above and find the service under the name of FileStation - 7001 for further configuration.

Customize Domains

You can match a domain name with a Synology-developed application like File Station. With the custom domain, you can quickly open the application via a specialized URL.

To customize application domains:

  1. Go to Control Panel > Application Portal > Application.
  2. Select an application.
  3. Click Edit > General.
  4. In the pop-up window, select Enable customized domain.
  5. Specify a custom domain.
  6. For additional settings, you can select Enable HSTS or Enable HTTP/2 to suit your needs.

Note:

To access applications via domains:

After you set up a domain (e.g. file.example.com) for an application (e.g. File Station), you can quickly open the application by entering a URL in the following formats: http://APP_DOMAIN or https://APP_DOMAIN

For instance, you can quickly access File Station via the URLs: http://file.example.com or https://file.example.com

If the domain name (e.g. FileFile) for an application (e.g. File Station) obeys the NetBIOS naming conventions, Windows users can access it on a Synology NAS in the same local network with a similar URL: http://FileFile or https://FileFile

To configure the certificate and TLS/SSL profile level for domains:

After you set up a domain for an application (e.g. File Station), you can go to Control Panel > Security > Certificate and click Configure. Then find the service name in the format of Application_Name - Domain to configure the certificate used.

Also, you can go to Control Panel > Security > Advanced and click Custom Settings. Then find the service name in the format of Application_Name - Domain to configure the TLS/SSL profile level used.

For instance, if the domain of File Station is file.example.com, you can go to the two setting pages mentioned above and find the service under the name of FileStation - file.example.com for further configuration.

To specify an access control profile:

After you set up an access control profile for an application (e.g. File Station), denied users will not able open the application by entering the specified URLs mentioned in this article.

  1. Go to Control Panel > Application Portal > Application.
  2. Select an application.
  3. Click Edit > General.
  4. In the pop-up window, click Enable access control and select an access control profile. For more information on how to create an access control profile, refer to Customize Access Control Profiles below.
  5. Click OK to save the settings.

Customize Reverse Proxy Rules

Your DiskStation can act as a reverse proxy server that transfers requests from the Internet to devices in the local network. Reverse proxy rules can help you hide sensitive ports from potential threats as in the two scenarios below:

Scenario 1: Suppose the sensitive port is 80, which should not allow external access according to the firewall rule. You can set up a reverse proxy rule to allow trusted users from the Internet to reach the sensitive port 80 via another open port (e.g. 81). In this way, the trusted users can circumvent the firewall and still be able to access the port 80.

Scenario 2: Suppose the sensitive port is 80, which should not allow external access except from a specific device (e.g. a server named "MyTrustee"). With reverse proxy rules, you can allow only traffic from MyTrustee to reach the port 80 while traffic from other devices will not.

To set up reverse proxy rules:

  1. Go to Control Panel > Application Portal > Reverse Proxy.
  2. Click Create and specify the following settings in the General page:
  3. To specify an access control profile, click Enable access control and select an access control profile. For more information on how to create an access control profile, refer to Customize Access Control Profiles below.
  4. Note:

  5. To adjust reverse proxy's other behavior, please go to Advanced Settings page.
  6. Click OK to save the settings.

Customize Access Control Profiles

If you want to restrict user access to Application Portal or reverse proxies according the user's source IP, you can create an access control profile. Denied users will see an access denied page.

To create an access control profile:

  1. Go to Control Panel > Application Portal > Access Control Profile.
  2. Click Create. In the pop-up window, you can customize the rules in this new profile.
  3. Click Create to create a new rule. The rules will be applied according to top to bottom priority, determining the access permissions.
  4. Double click on a rule to edit it. To delete rules, select them and click Delete.
  5. Click OK to save the rule list as a new profile.
  6. Click on the name field of the profile to rename it.

Note: