# Synology DS Note (iOS) Connection Troubleshooting ## Issue **Symptom**: Unable to connect to Synology Note Station via the DS Note iOS app using the Nginx reverse proxy. **Error**: `A TLS error caused the secure connection to fail. (NSURLErrorDomain -1200)` **Environment**: Nginx Reverse Proxy (Docker), Let's Encrypt SSL, Synology Note Station Backend (Port 9350). ## Root Cause The default SSL configuration (`ssl_ciphers`) in the Nginx setup was set to **"High" security**, which is too restrictive for some mobile clients and specific iOS network stacks. The DS Note app requires a broader set of ciphers (specifically from the **Mozilla Intermediate** compatibility list) to successfully perform the SSL handshake. Additionally, the mobile app requires **WebSocket** support and **Chunked Transfer Encoding** (buffering disabled) for stable sync and connectivity. ## Solution ### 1. Update SSL Ciphers (Crucial for iOS) Change the `ssl_ciphers` directive in `nginx-ssl.conf` to the Mozilla Intermediate compatibility list. **Before (Too Strict):** ```nginx ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384; ``` **After (Compatible):** ```nginx ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ``` ### 2. Enable WebSocket & Disable Buffering Ensure the following settings are present in the `location /` block for Note Station: ```nginx location / { proxy_pass http://note_backend; include /etc/nginx/conf.d/security.conf; # WebSocket Support (Required for mobile sync) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; # Disable Buffering (Prevents timeouts/sync issues) proxy_buffering off; } ``` ### 3. Usage - **Address**: `https://note.hyungi.net` (or `note.hyungi.net:443` if app defaults to 5001) - **HTTPS**: Checked