Joplin Server on Synology with Docker and Portainer, local use and VPN only

Hi,

I'm trying to run Joplin Server on my Synology NAS DS220+ with Docker already installed. I'm inexperienced with Docker so I use Portainer to deploy a stack.

What I want to achieve is running Joplin Server without a reverse proxy and without port forwarding other than port 1194 for OpenVPN (OpenVPN already works). So I try to use localhost:22300 for local Joplin access, but the page 192.168.x.x:22300 does not load (192.168.x.x is my static NAS IP).

Following code is deployed in Portainer:

version: '3'

services:
    db:
        image: postgres:latest
        container_name: postgres
        volumes:
            - /volume1/docker/joplin:/var/lib/postgresql/data
        ports:
            - "5435:5432"
        restart: unless-stopped
        environment:
            - POSTGRES_PASSWORD=joplin
            - POSTGRES_USER=joplin
            - POSTGRES_DB=joplin
    app:
        image: joplin/server:latest
        depends_on:
            - db
        ports:
            - "22300:22300"
        restart: unless-stopped
        environment:
            - APP_BASE_URL=http://localhost:22300
            - DB_CLIENT=pg
            - POSTGRES_PASSWORD=joplin
            - POSTGRES_DATABASE=joplin
            - POSTGRES_USER=joplin
            - POSTGRES_PORT=5432
            - POSTGRES_HOST=db

It only works, when I use APP_BASE_URL=https://joplin.mydomain.synology.me and use a reverse proxy source https, joplin.mydomain.synology, 443; target http, localhost, 22300; and port forwarding https 443 to my NAS IP in my router.

I've read in some threads on this forum, that local access should work with code given above. But I can't see any reason why it does not work.

Do you have any clue where I have to start looking for errors?

I've got a similar setup, but use an Ubuntu laptop running docker with a Joplin server container. I've got the APP_BASE_URL set as http://hostname:22300, and it works well. You do have to make sure your client can resolve hostname to the IP address of the Synology. I think there are various ways; hosts file, your router, maybe a pihole (very much recommended as another container on your synology) or perhaps your own DNS server if you're looking for something else to learn/set up.
For external access, I use OpenVPN into the same Ubuntu laptop, and client can then also sync using http://hostname:22300 as the sync target.
Works beautifully, so thanks to Team Joplin!

Thanks for the input, and it is good to know that my plan should work out.

I don't have problems with my clients (yet). The problem is that I can't access the Joplin Server by typing 192.168.x.x:22300 in my browser. If I get things right, this should work.

If I needed to edit my hosts file, what should I enter? Isn't 192.168.x.x:22300 the correct address to access the joplin server site within my LAN?

A pihole is planned as a next project, btw.

Does your Synology NAS have a name? What happens if you try to ping it by name?
If you can ping it by name, try hitting http://[name]:22300 and see what you get.
If you can't ping it by name, you could add an entry into your hosts file like this:
192.168.x.x name
Once you have, you should be able to ping it by name and access it by http://[name]:22300
(you will also have had to set the BASE_URL to http://[name]:22300 or Jopin Server won't let you in).

My NAS has a name. The hosts file was edited before I startet my Joplin project, I added the line 192.168.x.x mydomain.synology. me.

I can access the NAS UI with either mydomain.synolgy. me:5001, 192.168.x.x:5001 or NAS_name:5001.

If i try to ping any of these (without a port), I get four timeouts in all cases. Can this be an issue? All other services work. I also have paperless-ng via docker, that can be called with 192.168.x.x:8931 without any issues.

Ok to ping my did not work because of the synology firewall. When I disable it, I can ping my NAS local IP. Port 22300 was allowed by the firewall all the time.

Now I retried to use APP_BASE_URL=http://[NAS_name]:22300 and it works. It had to wait a bit after it worked in the same browser Portainer was active.

Syncing with my desktop client and mobile client works, but when I use OpenVPN, no connection can be established. Does [NAS_name]:22300 not work when accessing via VPN? What else can I use then?

Edit: I re-enabled the firewall. The firewall was not an issue at any time. Access to Joplin server only works with [NAS_name]:22300, but not with 192.168.178.50:22300, which I don't understand.

Access via OpenVPN to my NAS is possible with the NAS IP 192.168.x.x but not with the NAS name. This seems to be expected and has to solved with a DNS server, as I found out.

If Joplin was accessible via the NAS IP and only via the NAS name, it would be easier to connect with OpenVPN.

I'll try to figure out on how to set up the DNS server, then I will state here what is the end result.

I see that hostnames cannot be resolved using VPN, if I don't use my own DNS server or edit hosts files.

The problem should be solved, if Joplin could be accessed by IP address instead of by hostname. In this answer: Guide for Joplin-Server on Raspberry Pi - #21 by MrKanister It is stated, that http://192.168.x.x:22300 should give me access to Joplin. However, http://hostname:22300 is the only option that works, regardless of any variant of APP_BASE_URL in the docker compose file.

What could cause this?

I use OpenVPN and specify in its config that the VPN client should use my local DNS (that PiHole I mentioned earlier). Config line in server.conf is:
push "dhcp-option DNS 192.168.xx.x"
That means my Android phone can access Joplin using [NAS_name]:22300

I might use a PiHole, that would help as I see and have other benefits. But for now I want to keep things simple.

Do you have any idea why the hostname works and the IP adress not when accessing Joplin? In general it should work, and I'm curious what is the issue on my end.

So to summarize: You are able to call the Synology GUI with it's IP address, and you are also able to call a docker container with it's specified port via IP address, but joplin-server is not responding to the calls via IP address and the port specified in the docker file (22300)?
And everything, even joplin-server works with the hostname of the Synology NAS (at least without VPN)?

Kind regards

This is absolutely correct!

Kind regards

Hmm, I really don't know if I can help in this case...you could possibly try to map the container port 22300 to some other port on the host (for example port 80 or 2000 or something..) and point the ip address to that port:

In the docker compose file:

ports:
    - "2000:22300"

In the browser:

[ip-address]:2000

With that.you can maybe check if it's the fault of the chosen port...

Unfortunately, this does not work either. With both APP_BASE_URL=http://hostname:22300 and APP_BASE_URL=http://192.168.x.x:22300 the container is not accessible.

I guess I have to use some of the known workarounds then.

But in general, using the IP instead of the hostname should work, right? So I assume that some configuration of my NAS blocks using the IP?

Did you try it with port 2000 as I said? But yeah, doesn't really matter, it is supposed to work either way...

Sure, this is the code I used:

version: '3'

services:
    db:
        image: postgres:latest
        container_name: postgres
        volumes:
            - /volume1/docker/joplin:/var/lib/postgresql/data
        ports:
            - "5435:5432"
        restart: unless-stopped
        environment:
            - POSTGRES_PASSWORD=joplin
            - POSTGRES_USER=joplin
            - POSTGRES_DB=joplin
    app:
        image: joplin/server:latest
        depends_on:
            - db
        ports:
            - "2000:22300"
        restart: unless-stopped
        environment:
            - APP_BASE_URL=http://192.168.x.x:22300
            - DB_CLIENT=pg
            - POSTGRES_PASSWORD=joplin
            - POSTGRES_DATABASE=joplin
            - POSTGRES_USER=joplin
            - POSTGRES_PORT=5432
            - POSTGRES_HOST=db

Then in the browser I entered

192.168.x.x:2000

But there is no reaction.

I the synology GUI there is no option I can think of, which would block this. But I guess it must be something in there.

Would be helpful to post any details of the running docker container?

Well, I changed APP_BASE_URL to

APP_BASE_URL=http://192.168.x.x:2000

which should make sense I guess and now it works. This is almost too good to be true

So port 22300 didn't work. May there be any obvious reason for this? But anyways, thanks a lot!

Strange behavior...I can't think of any reason why it should be intended that way, but I think I'm definitely the wrong person to judge that too

But hey, now it works

@MrKanister: Yes it works, and I can live with the other port. So thanks a lot!

@Glyn: Thanks a lot to you too, as your hint with the hostname made Joplin run in the first place.

Here is the final code I used:

version: '3'

services:
    db:
        image: postgres:latest
        container_name: postgres
        volumes:
            - /volume1/docker/joplin:/var/lib/postgresql/data
        ports:
            - "5435:5432"
        restart: unless-stopped
        environment:
            - POSTGRES_PASSWORD=joplin
            - POSTGRES_USER=joplin
            - POSTGRES_DB=joplin
    app:
        image: joplin/server:latest
        depends_on:
            - db
        ports:
            - "2000:22300"
        restart: unless-stopped
        environment:
            - APP_BASE_URL=http://192.168.x.x:2000
            - DB_CLIENT=pg
            - POSTGRES_PASSWORD=joplin
            - POSTGRES_DATABASE=joplin
            - POSTGRES_USER=joplin
            - POSTGRES_PORT=5432
            - POSTGRES_HOST=db

I deleted all docker containers including portainer and started with a fresh installation of portainer. Now Joplin works with the default port 22300.