Silverbullet docker image on Synology

adxsoft · February 14, 2026, 3:07am

I'm running silverbullet latest docker version on a Synology NAS (DSM415+) on my LAN. I can VPN into the LAN remotely via openVPN. I can access silverbullet on the NAS docker image but get the message that https is required. So I therefore know that silverbullet is working as expected. I have tried for many hours trying to set up a reverse proxy using a Duckdns subdomain which directs incoming https requests to silverbullet in the docker image but with no success.

I can however cheat by allowing unsafe access in Chrome which I'm ok with as I'm operating within a VPN however I'd really like to find out if anyone else has had success setting up their synology to pass through https to silverbullet.

Any help appreciated.
Cheers

vxnick · February 14, 2026, 10:40am

I have a Synology NAS too and while I don't do it the same way you do, there is a built-in reverse proxy that can terminate HTTPS for you. You then set the destination to the Docker port.

paletochen · February 14, 2026, 1:52pm

I use Silverbullet in the same way, just with different tools.

I ran an instance of the docker container in my Synology NAS.
The i have SWAG as my reverse proxy
I also use Authelia as my authentication layer, which allows me to setup 2FA. I use both OTP and/or security keys.

I did use other reverse proxies in the past, like Caddy, Nginx Proxy Manager or Traefik without any issues. All of them should work.
I just settled on SWAG at some point because i needed something very specific from an "nginx type" proxy, proxy_set_header X-SSL-Cert $ssl_client_cert which most of the other reverse proxy apps do not provide. But this is for a different service than Silverbullet.

Then all i need is a subdomain that points to my machine and works like wonders.

I'm not sure what issues you are having but if you could share maybe a bit more your config, and what exactly fails, we may be able to figure out the solution

adxsoft · February 16, 2026, 8:08am

Thanks for the responses. Here's more detail

CURRENT HACKED APPROACH

Synology NAS on LAN at 192.168.0.54
On NAS
- Docker instance 1 has silverbullet 2.4.1 on NAS and maps port 7010 to 3000
- VPN server running using openvpn config
On Desktop
- use Chrome with
  - 'chrome://flags/#unsafely-treat-insecure-origin-as-secure' enabled.
    - its cheating but I figured as I'm using VPN not so dangerous
  - access silverbullet successfully http://192.168.0.54:7010
Externally on Android phone
- Use openvpn
- use Chrome with
  - 'chrome://flags/#unsafely-treat-insecure-origin-as-secure' enabled.
  - access silverbullet successfully http://192.168.0.54:7010

WHAT I HAVE TRIED

ATTEMPT 1

on modem
- port forwarded 80 and 443 to NAS 192.168.0.54
On NAS
- using my xxxx.synology.me certificate and default Synology DDNS (shows Normal status)
- Set up a reverse proxy
  Name: sbprod
  Source: HTTPS, xxxx.synology.me, 7020
  Destination: HTTPS, 192.168.0.54, 7010
- checked xxxx.synology.me includes xxxx.synology.me:7020 in the 'For' list
- In Certificate, Settings ensured service 'xxxx.synology.me:7020' is linked to xxxx.synology.me certificate
- Ensured firewall was letting All requests through (temporarily for this attempt)
On mobile (Wifi off and VPN active)
- In Chrome and Firefox tried https://192.168.0.54:7020 get '404 not found'
- In Chrome and Firefox tried https://xxxx.synology.me:7020 get 'This site can't be reader' ERR_CONNECTION_REFUSED

ATTEMPT 2

on modem
- port forwarded 80 and 443 to NAS 192.168.0.54
on DUCKDNS got subdomain xxx.duckdns.org
On NAS
- Got a new Lets Encrypt Certificate for xxx.duckdns.org
- on NAS DDNS added xxx.duckdns.org which tests normal
- using my xxx.duckdns.org certificate and xxx.duckdns.org DDNS
- Set up a reverse proxy
  Name: sbprod
  Source: HTTPS, xxx.duckdns.org, 7020
  Destination: HTTPS, 192.168.0.54, 7010
- checked xxx.duckdns.org includes xxx.duckdns.org:7020 in the 'For' list
- In Certificate, Settings ensured service 'xxx.duckdns.org:7020' is linked to xxx.duckdns.org certificate
- Ensured firewall was letting All requests through (temporarily for this attempt)
On mobile (Wifi off and VPN active)
- In Chrome and Firefox tried https://192.168.0.54:7020 get warning then '404 Not Found'
- In Chrome and Firefox tried https://sbprod.duckdns.org:7020 get 'This site can't be reached' ERR_CONNECTION_REFUSED

Hope this all makes sense
Cheers

vxnick · February 16, 2026, 10:40am

In your Synology reverse proxy config, set the source port to 443 and the destination to HTTP unless you want to serve TLS between the NAS and the container on port 7010.

Upload the cert under Certificate > Security. Once added, click Settings for the selected certificate and make sure your reverse proxy hostname is set to use it. It looks like you did this already so that's good (and easily missed!).

I could be wrong but I think the issue is that Synology's Nginx (which handles the reverse proxy) only runs on ports 80 and 443, so because you're specifying port 7020 it's completely bypassing it.

adxsoft · February 22, 2026, 4:21am

Setting destination to HTTP fixed the issue. I was able to use source port HTTPS and 70xx and did not need 443.
Thanks for the help