Synology DSM Workarounds

Mobile Application Authentication Failure

Since DSM 7.2.2-72806 Update 3¹, Synology mobile applications such as DS Files, DS Audio, and DS Video fail to authenticate when accessing the NAS via a custom domain that matches the configured server_name directive; QuickConnect remains functional while direct domain access returns HTTP 404 errors.²

The root cause lies in DSM’s nginx configuration: a virtual server returning HTTP 404 uses server_name {{DSM.server_name}} as its directive, causing requests to /webapi/query.cgi from mobile applications to match this catch all server block instead of the intended DSM backend. The mobile application interprets this 404 response as an indication that the required port is closed.

The fix requires modifying DSM’s nginx mustache template. Because Synology DSM lacks the patch utility, an external machine is necessary for applying the patch synology-dms-nginx-diff.txt.

On the Synology NAS, copy the template to the home directory:

$ cp /usr/syno/share/nginx/DSM.mustache ~/

On an external machine with access to the Synology home directory:

$ cd /mnt/synology/home
$ patch -p0 < synology-dms-nginx-diff.txt

Return to the Synology NAS to install the patched template:

$ sudo mv /usr/syno/share/nginx/DSM.mustache{,.orig}
$ sudo chown root:root DSM.mustache
$ sudo chmod 644 DSM.mustache
$ sudo mv DSM.mustache /usr/syno/share/nginx/DSM.mustache
$ sudo systemctl restart nginx

This modification must be reapplied after each DSM upgrade, as the update process overwrites the mustache template with the stock version.

Checksum Verified Backups via rclone

Synology DSM supports SFTP access, enabling rclone to perform checksum verified file transfers; however, the default configuration prevents shell command execution required for checksum computation.³

rclone Configuration

The following rclone configuration enables SFTP access with checksum verification:

[nas]
type = sftp
host = nas.some.host
user = someuser
pass = somepass
shell_type = unix
md5sum_command = md5sum
sha1sum_command = sha1sum
path_override = @/volume1

The path_override directive specifies the target volume on the Synology NAS; adjust volume1 to match the appropriate storage volume.³

Shell Access Requirement

Synology DSM restricts shell command execution to administrative users; granting administrative privileges to a backup user solely for checksum verification introduces unnecessary security risk.

A workaround involves modifying the backup user’s login shell in /etc/passwd from /usr/bin/nologin to /bin/sh:

someuser:x:1026:100::/var/services/homes/someuser:/bin/sh

This modification does not persist across reboots; Synology DSM resets /etc/passwd to its default state during system initialization. The shell modification must be reapplied after each reboot.