Enabling Remote Access for Synology NAS with Cloudflare Tunnel

Client Request

The client, Business Owner, reached out with the following request:

”👋 Hello Sigit. I’m about setting up a small trade union and need to grant access over the internet for the union members to some folders on my Synology DS 1819+. I’ve also got a domain ‘*****.fr’ hosted by OVH. My problem is that I don’t have a clue about how to bring things together. Would you please help? Best regards.”

The Challenge

The client’s Synology NAS needed to be accessible over the internet by union members, with specific access control to certain folders. Additionally, they had an existing domain (*****.fr) hosted by OVH, which they wanted to use for the NAS. The main challenge was to integrate the domain with the Synology NAS and make it accessible remotely, while managing user permissions for folder access.

Proposed Solution

After reviewing the client’s needs, I provided the following solution:

1. Set Up Cloudflare Tunnel for Remote Access
   By setting up a Cloudflare Tunnel on the Synology NAS, the client would be able to securely access their NAS from anywhere. This would eliminate the need for complex port forwarding setups and provide enhanced security.

2. Domain Integration with Cloudflare
   I suggested pointing the client’s domain (*****.fr) to Cloudflare for easy DNS management. Cloudflare would handle the DNS settings, such as creating CNAME records, to direct traffic to the NAS.

3. User and Folder Permissions
   I also assisted in configuring folder permissions on the Synology NAS, allowing different levels of access for union members. This ensured that sensitive data was only accessible to authorized individuals.

Implementation Steps

1. Setting Up Cloudflare Tunnel

• Installed and configured Cloudflare Tunnel on the Synology DS 1819+. The Cloudflare Tunnel provides a secure way to access the NAS from any location without exposing the NAS directly to the internet.
• Created a tunnel in Cloudflare and connected it to the Synology NAS, ensuring all traffic to and from the NAS would pass through the secure tunnel.

2. Configuring the Domain in Cloudflare

• Transferred the domain management of *****.fr to Cloudflare. By doing so, the DNS records could be easily managed from the Cloudflare dashboard.
• Set up a CNAME record in Cloudflare to point the domain to the Cloudflare Tunnel, ensuring that the NAS could be accessed using the client’s custom domain.

3. Setting Up Folder Access Permissions

• Configured user accounts on the Synology NAS for each union member.
• Created folder-specific permissions so that only authorized users had access to specific folders, ensuring the privacy and security of sensitive data.
• Each user was assigned a unique set of permissions based on their role within the union, giving them access only to the folders they needed.

4. Testing and Final Adjustments

• After setting up the tunnel and configuring the domain, I tested remote access to ensure the Synology NAS was accessible from outside the local network.
• Verified that union members could log in and access their designated folders according to the permissions set.

Conclusion

With the implementation of Cloudflare Tunnel and domain integration, the client’s Synology NAS is now securely accessible from anywhere in the world. Union members can access the required folders remotely, and the domain *****.fr is properly configured to point to the NAS. The project successfully addressed the client’s needs for both remote access and user permission management.