hyungi/home-gateway
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Add Note Station proxy and fix iOS DS Note connection issues

Browse Source 
- Add reverse proxy for Note Station (note.hyungi.net)
- Update SSL ciphers to Mozilla Intermediate for iOS compatibility
- Enable WebSocket and disable buffering for mobile app stability
- Add troubleshooting documentation for DS Note iOS errors
This commit is contained in:
hyungi
2026-01-14 15:03:17 +09:00
parent 00c8231925
commit 789de08f99
2 changed files with 124 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
troubleshooting/ds-note-ios-fix.md Normal file
View File

@@ -0,0 +1,47 @@
# Synology DS Note (iOS) Connection Troubleshooting
## Issue
**Symptom**: Unable to connect to Synology Note Station via the DS Note iOS app using the Nginx reverse proxy.
**Error**: `A TLS error caused the secure connection to fail. (NSURLErrorDomain -1200)`
**Environment**: Nginx Reverse Proxy (Docker), Let's Encrypt SSL, Synology Note Station Backend (Port 9350).
## Root Cause
The default SSL configuration (`ssl_ciphers`) in the Nginx setup was set to **"High" security**, which is too restrictive for some mobile clients and specific iOS network stacks. The DS Note app requires a broader set of ciphers (specifically from the **Mozilla Intermediate** compatibility list) to successfully perform the SSL handshake.
Additionally, the mobile app requires **WebSocket** support and **Chunked Transfer Encoding** (buffering disabled) for stable sync and connectivity.
## Solution
### 1. Update SSL Ciphers (Crucial for iOS)
Change the `ssl_ciphers` directive in `nginx-ssl.conf` to the Mozilla Intermediate compatibility list.
**Before (Too Strict):**
```nginx
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384;
```
**After (Compatible):**
```nginx
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
```
### 2. Enable WebSocket & Disable Buffering
Ensure the following settings are present in the `location /` block for Note Station:
```nginx
location / {
proxy_pass http://note_backend;
include /etc/nginx/conf.d/security.conf;
# WebSocket Support (Required for mobile sync)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Disable Buffering (Prevents timeouts/sync issues)
proxy_buffering off;
}
```
### 3. Usage
- **Address**: `https://note.hyungi.net` (or `note.hyungi.net:443` if app defaults to 5001)
- **HTTPS**: Checked