3.8 KiB
3.8 KiB
Synology Domain Migration Guide
Migrating from *.vishconcord.synology.me to *.vish.gg domains.
Why Migrate?
- Consistency: All services under your own domain
- Control: Full DNS control via Cloudflare
- Security: Can proxy through Cloudflare (orange cloud)
- Professional: Cleaner URLs for sharing
- SSO: Easier Authentik integration with single domain
Current → New Domain Mapping
Calypso Services (Stay at Location A)
| Current | New | Service | Expose? |
|---|---|---|---|
sf.vishconcord.synology.me |
sf.vish.gg |
Seafile | Yes - sharing |
dav.vishconcord.synology.me |
dav.vish.gg |
Seafile WebDAV | Internal |
actual.vishconcord.synology.me |
actual.vish.gg |
Actual Budget | Internal |
paperlessngx.vishconcord.synology.me |
docs.vish.gg |
Paperless-NGX | Internal |
ost.vishconcord.synology.me |
ost.vish.gg |
OST | Internal |
retro.vishconcord.synology.me |
retro.vish.gg |
Retro site | Maybe |
rackula.vishconcord.synology.me |
- | Rackula (broken) | Remove |
Atlantis Services (Move to Location B)
| Current | New | Service | Expose? |
|---|---|---|---|
ollama.vishconcord.synology.me |
ollama.vish.gg |
Ollama AI | Internal |
ssh.vishconcord.synology.me |
- | Termix SSH | Internal/VPN |
rxv4access.vishconcord.synology.me |
- | RXV4 Access | Internal |
rxv4download.vishconcord.synology.me |
- | RXV4 Download | Internal |
Migration Steps
Step 1: Create DNS Records
For each new domain, create an A record in Cloudflare:
# Example: sf.vish.gg
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records" \
-H "Authorization: Bearer TOKEN" \
-H "Content-Type: application/json" \
--data '{
"type": "A",
"name": "sf.vish.gg",
"content": "YOUR_WAN_IP",
"ttl": 1,
"proxied": true
}'
Step 2: Update Synology Reverse Proxy
For each service, add a new reverse proxy entry with the new domain:
- DSM → Control Panel → Login Portal → Advanced → Reverse Proxy
- Create new entry with same backend, new domain
- Assign SSL certificate (Cloudflare origin cert)
Step 3: Update SSL Certificates
The existing *.vish.gg Cloudflare origin certificate should cover new subdomains.
If needed, generate a new certificate covering:
*.vish.ggvish.gg
Step 4: Test New Domains
Test each new domain before removing old ones.
Step 5: Remove Old Entries
Once confirmed working, remove the *.synology.me reverse proxy entries.
Authentik Protection
Services to Protect with SSO
| Domain | Service | Auth Required? |
|---|---|---|
sf.vish.gg |
Seafile | Yes (has share links) |
docs.vish.gg |
Paperless | Yes |
actual.vish.gg |
Actual Budget | Yes |
gf.vish.gg |
Grafana | Yes (already configured) |
git.vish.gg |
Gitea | Yes (already configured) |
Services to Keep Public (or with built-in auth)
| Domain | Service | Reason |
|---|---|---|
sso.vish.gg |
Authentik | Is the auth provider |
pw.vish.gg |
Vaultwarden | Has own auth |
mastodon.vish.gg |
Mastodon | Public social |
ntfy.vish.gg |
Ntfy | Notification endpoint |
Forward Auth Setup
Use Authentik as a forward auth proxy:
# In reverse proxy config
location / {
auth_request /outpost.goauthentik.io/auth/nginx;
# ... rest of config
}
See Authentik Proxy Provider docs for full setup.
Implementation Order
- Phase 1: Create DNS records for new domains
- Phase 2: Add reverse proxy entries (keep old ones working)
- Phase 3: Test new domains thoroughly
- Phase 4: Add Authentik protection where needed
- Phase 5: Remove old
*.synology.meentries - Phase 6: Update any apps/configs using old URLs