Self-Hosted on Synology NAS Docker Container - Issue

Self-Hosted | v5
1

Hi,

Version: latest docker image

Environment: Docker, self-hosted, synology NAS

Checklist

I have looked at logs, but unable to find a solution.

Describe the bug

All 4 docker containers are up and stable (InvoiceNinja, NGINX, REDIS, DB). I go to my IP:PORT# to pull up the site, and receive the following error: 504 Gateway Time-Out NGINX. I was following this guide to get it up and running. I get to step 24, but receive the 504 error. I feel like I am very very close. I am happy to provide my logs, but which of the 4 containers should I provide?

Steps To Reproduce

see above

Expected Behavior

see above

Additional context

This might be something very simple/silly, but I’m just not seeing what it could be.

Screenshots

see above

Logs

Happy to provide logs, but unsure which of the 4 logs to post. I don’t see anything major in there.

2

Hi,

Are you using the standard Docker file?

3

Actually, I figured this out last night. My problem was that I had to allow the container access to the port that my Portainer was running on so it could communicate. Once I did that, it worked instantly. My problem now is email. I tried to setup gmail for the smtp. The funny thing is, I know this is a port issue too. If I disable my firewall, I can successfully send via email, but if I enable the firewall I get the error below:

Connection could not be established with host “smtp.gmail.com:587”: stream_socket_client(): php_network_getaddresses: getaddrinfo for smtp.gmail.com failed: Try again

I know it probably has something to do with port 587, the problem is I opened it up and it won’t work. It only works when the firewall is down, so it’s definitely port related. Any ideas there?

For context, I am running the container through Portainer in a synology NAS.

4

I’m not sure but here’s what ChatGPT suggests:

Thanks for the detailed context! You’re absolutely right that the issue is firewall-related, especially since email works when it’s disabled.

You’re running the Invoice Ninja container via Portainer on a Synology NAS, and Gmail SMTP works only when the firewall is disabled — so the issue is most likely that port 587 (TLS) isn’t properly allowed for outbound traffic.

Here are some ideas and steps to fix this:

:white_check_mark: 1. Double-check the Synology NAS firewall rules

Synology’s firewall UI can be a bit tricky. Make sure:

  • You add an “allow” rule for outbound traffic on port 587.
  • The rule should allow traffic from the Docker network / container to external addresses (like smtp.gmail.com).

:brain: Tip: Synology firewall rules are evaluated top-down, so make sure your allow rule comes before any “deny all” rules.

:white_check_mark: 2. Verify that Docker is using the correct network

Sometimes Docker containers don’t use the NAS’s main network interface. You can try assigning the container to a bridge or host network that has proper access. Here’s how to check:

  • In Portainer, go to your Invoice Ninja container > Network
  • See what network mode it’s using (bridge, host, macvlan, etc.)
  • Try switching to host mode for testing — this will use the NAS’s network stack directly and can bypass some container-network limitations

:white_check_mark: 3. Test the port manually from within the container

To confirm that port 587 is blocked inside the container, you can run:

docker exec -it <container_id_or_name> bash

Then inside:

apt update && apt install telnet -y
telnet smtp.gmail.com 587

If this fails while the firewall is up, but works when the firewall is off, you 100% know it’s the NAS firewall.

:white_check_mark: 4. Alternative Ports

Gmail supports:

  • Port 465 (SSL)
  • Port 587 (TLS)

Try switching to port 465 and changing your encryption method to SSL in the .env or UI settings to see if it bypasses the firewall block.

:white_check_mark: 5. Temporarily log dropped connections

To debug further, you can enable firewall logging on Synology:

  • Go to Control Panel > Security > Firewall > Edit Rules
  • Enable logging for dropped packets (you may need to SSH in and check /var/log/messages)

This will show what’s being blocked.

Let me know what your firewall rules currently look like (screenshot or description), and I can help tweak them!

5

Thanks. I actually looked this up in chatGPT yesterday, lol. The problem is, in my NAS firewall, I enabled port 587, via TCP protocol, to All Source IP’s to allow. I even tried moving that rule to the top of my rule list since I know rule order matters. Still nothing. It makes no sense to me that enabling that port to all would still not work, and I’m not sure I’m savvy enough to figure it out much past that. :frowning:

6

Sorry, I’m a frontend developer. My knowledge of firewalls is limited.

7

Got it. I needed port 53 UDP. Thanks.

1 Like
8

Glad to hear you figured it out, thanks for sharing the solution!