Problem Description
When accessing ONLYOFFICE DocSpace directly via its internal IP and port (e.g., http://192.168.x.x:80), the login page loads correctly. However, when routing traffic through the Synology NAS built-in reverse proxy (DSM — DiskStation Manager), the DocSpace login page is not displayed and the application fails to load.
This typically occurs because the Synology DSM reverse proxy, which is powered internally by Nginx, does not automatically forward the required HTTP headers to the backend service. Without these headers, DocSpace cannot determine the correct protocol and hostname used by the incoming request.
Root Cause
ONLYOFFICE DocSpace (and ONLYOFFICE Docs in general) requires two forwarded HTTP headers to function correctly behind any reverse proxy:
X-Forwarded-Proto— tells the backend the protocol the client used (e.g.,https)X-Forwarded-Host— tells the backend the original hostname requested by the client
Without these headers, DocSpace may generate incorrect internal links or fail to render its login page entirely. See the ONLYOFFICE Docs behind proxy documentation for background.
Solution: Add Custom Headers in Synology DSM Reverse Proxy
Synology DSM allows adding custom headers to reverse proxy rules through the DSM Control Panel UI. WebSocket support must also be enabled for DocSpace to work correctly over HTTPS.
Step 1 — Open the Reverse Proxy settings
In DSM, go to Control Panel → Login Portal → Advanced tab → Reverse Proxy.
Step 2 — Edit the existing DocSpace reverse proxy rule
Select the rule that forwards your external domain (e.g., https://onlyoffice.yourname.synology.me:443) to the internal DocSpace server (e.g., http://192.168.x.x:80) and click Edit.
Step 3 — Add the required custom headers
Switch to the Custom Header tab within the rule editor. Add the following two headers:
| Header Name | Value |
|---|---|
| X-Forwarded-Proto | https |
| X-Forwarded-Host | $host |
Step 4 — Enable WebSocket support
Still on the Custom Header tab, click Create and select WebSocket from the dropdown. This automatically adds the Upgrade and Connection headers required for real-time features in DocSpace.
Step 5 — Save and apply
Click Save. DSM will automatically reload its internal Nginx configuration. No manual Nginx reload is required.
Step 6 — Verify
Navigate to your external domain (e.g., https://onlyoffice.yourname.synology.me) in a browser. The DocSpace login page should now load correctly.
Additional Notes
- Make sure a valid SSL certificate (e.g., a Synology DDNS wildcard certificate or Let's Encrypt) is assigned to the domain in Control Panel → Security → Certificate.
- Enabling HTTP/2 (Control Panel → Network → Connectivity → Enable HTTP/2) and HTTP Compression (Control Panel → Security → Advanced → Enable HTTP Compression) can improve performance.
- The Synology DSM reverse proxy does not expose direct Nginx config files for editing, so all customization must be done through the DSM UI Custom Header tab.
Related Documentation
Comments
0 comments
Please sign in to leave a comment.