How to use Synology NAS as WebDAV sync location

Since the question arises occasionally, the following steps might help in setting up a Synology NAS as a WebDAV sync location for DEVONthink. This explanation uses port-forwarding. There’s a TL;DR about the basics that might help to set this up with another NAS. An alternative to port-forwarding would be to set up your router as a VPN server and your mobile devices as VPN clients to connect to it.

• install WebDAV from Synology’s packet repository
• in its settings, turn on HTTPS, leave HTTP off and select the option to redirect HTTP requests to HTTPS. That encrypts all traffic to and from the NAS via WebDAV.
• set up a shared folder, which will be called DT here
• make sure that one of the NAS users has read and write access to DT. This user’s password should be excellent, i.e. long. Instead of re-purposing an existing user, you could create a new user who has access only to this folder.
• make sure that your NAS is accessible from the internet by port-forwarding:
  • set up “Remote Access” for the NAS: select Synology as DDNS provider. You’ll get a pseudo host name of the form host.synology.me. Make sure that its status is “Normal” in the DDNS overview.
  • Open the tab “router configuration” and select “configure router”.
  • In my experience, automatic router configuration does not always work. The Synology NAS tries it, but if it fails, follow the next step.
  • define the port forwarding in your router. Make sure that the router’s port 5006 is forwarded to the NAT’s port 5006. Choose HTTPS as the protocol for this rule. Note: You can choose any incoming port above 1024 on your router, but the one on the NAS should be 5006.
• the DDNS setup on the NAS should now show the port forwarding, and you can check that it’s working by clicking “check connection”
• In DT’s sync settings, set up a new sync location: set the protocol to WebDAV, enter the URL https://host.synology.me:5006/DT, replacing host with the first part of your DDNS host name and DT with the name of the shared folder you created before.
• enter the name and password of the user who has read/write access to this folder.
• employing DDNS ensures that you can use the same sync provider on your LAN and also from the outside. If you only want to use sync inside your local network, you can simply use the NAS’s local name or IP address like so SynologyDS.local:5006/DT

TL;DR: What’s this “DDNS” and “port forwarding” all about?

Usually, your router shields all your devices from the Internet. The router has an IP address that’s visible and accessible from the outside (assigned to it from your Internet provider). All your desktops, notebooks, smart speakers, and the NAS have only “private” IP addresses: they are inaccessible directly from the outside. Which is fine because usually you do not want the big, bad Internet to have access to your private machines.

That might be different for a NAS, though: Many people would want at least part of its content to be accessible when they’re abroad. In particular, if you want to sync DT databases while you’re not at home, DT must have a way to access the NAS.

There are two hurdles to scale here: First, your router has to make sure that you can talk to the NAS. That’s what port forwarding does. Second, you have to know the current IP address of your router – many providers change it regularly, and since your router is not registered in the Domain Name System (DNS), you cannot simply use something like myrouter.myprovider.com to address it.

DDNS (dynamic DNS) to the rescue: It provides a (pseudo) name for your router and registers every change of its IP address. Synology offers such a DDNS with its host.synology.me, but there are other DDNS providers too (e.g., users of the German AVM routers can get a “MyFritz” name).

So, with DDNS you can talk to your router by using something like host.synology.me.

But you want to talk to your NAS, and that is still not visible from the net. Therefore, you have to tell your router to send all internet traffic arriving at its port 5006 (or any other port above 1024 that you fancy) to your NAS’s port 5006 (which is encrypted WebDAV on your Synology).

An alternative to port-forwarding, which many consider unsafe as it pokes a hole in your firewall, would be a VPN. If your router permits that, you can use it as a VPN server and set up your mobile machines (macOS or iOS/iPadOS) as clients. You’ll probably still need a DDNS name for that to work, though. If you’re running a VPN, your mobile devices can talk directly to the NAS in your home network, using its IP address.

Well said. Thanks for taking the time to share this.

Many thanks for this instruction!!

Hi chrillek, I’m a Synology user (and more recently a DEVONthink user). It’s possible that I’m experiencing an issue in establishing WebDAV connections from my NAS. I tried your suggestions but to no avail, but I’m a little unclear how creating a new shared folder would actually help. Why would I need to append the name of a new shared folder to the file path ending in :5006 (i.e. https://…5006/DT)?

Fyi this instructions worked fine for me. The “why” is that it is how it needs to be.

What error message is being reported? Sure that permissions on the NAS set up? Sure that you have the Https set up and running?

This is NOT a path. 5006 is the default port number of the WebDAV server.

Thanks. Unable to get connect to DT from DSM via WebDAV. Error message is:

Error while setting up location “DEVONthink.dtCloud”
Cannot connect to host. (NSURLErrorDomain -1004)

However the failure to connect is not because I did or didn’t append a new shared folder from my NAS (which is why I was questioning the need for it). I actually did create one, but that didn’t remedy the problem. Perhaps I misunderstood, but chrillek’s blog post appeared to suggest that the creation of such a folder would help resolve WebDAV connection issues on DT. I have no issues using WebDAV with regular file servers, and I don’t need to create a shared folder to establish a connection.

OK, I used an incorrect term to describe the URI. I know what 5006 is.

@chrillek’s post documented the procedure to setup a DEVONthink Sync Location located on a Synology NAS. I confirm those instructions work fine for me and I appreciated those instructions being available. I’ve copy/pasted into my DEVONthink those instructions as a document for future use.

Thanks for your response. If it’s about a sync location, then I did misunderstand the post. Being new to DT, I’m still not sure what a sync location actually is, but I’ll find out. I’ll save the instructions since they’re obviously of value for Synology NAS users. Just need to figure out why my WebDAV connection isn’t working properly. But it’s the end of the world. Cheers.

PS: It’s NOT the end of the world.

I’m still not sure what a sync location actually is, but I’ll find out.

First step, read about sync-ing starting on page 55 of the DEVONthink manual available from DEVONtechnologies | Handbooks and Extras. While there download and read the excellent “Take Control of DEVONthink” ebook freely of charge compliments of DEVON Technologies. There you will learn what a “Sync Location” is and how to use it.

Second Step. Consider starting with Bonjour sync method. Faster and trivial to setup.

Third Step. Decide if you REALLY need syncing, and if so what to sync. Syncing large amounts of data to an iPhone not always a good idea.

Fourth Step. After deciding you need sync, and you have Bonjour working, you can add WebDAV. Nothing stops having more than one Synch Location.

I appreciate the tips, thank you! For me, it’s a lack of time/other priorities; I have the manual, and the e-book (just have to find time to read them) and yes, I made the Bonjour connections first. BTW if I gave the impression of accessing any content I store in or sync to DT via an iPhone, that’s certainly not the case; the likely (only) other devices would be another Mac and an iPad. And yes, my life wouldn’t suffer without WebDAV.

This discussion really only came about because the option was there in Preferences (with Synology as the WebDAV client) and that for some reason I couldn’t establish a connection. But I’m sure it’ll sort itself out in time. Plenty of other stuff to focus on in the meantime.

Thanks again for taking the trouble to write!

Glad you are busy. So are we.

Chill, my friend!

You need to provide the path to the folder being shared by the WebDAV server. Without the path you’re connecting to the root of the server.

Here’s my URL on my Synology drive: https://devontech_nas.local:5006/DTSync.

I recently migrated away from using Dropbox for sync to using WebDAV, I didn’t see this “tip” prior but it does seem to match the steps I went through. My Synology device was already exposed under my personal domain using DDNS and various port forwarding rules in my router, as I host several other services and apps largely in order to move away from paying for Dropbox and other file services.

There is no requirement to create a dedicated shared folder for this purpose, you can also use the default “home” path for your user. Create a folder within that home directory via whatever method you wish, you can then connect to it with https://mynas.mydomain.tld:5006/home/DEVONthink/ as an example, the “home” will automatically be mapped by Synology based on the username you are signing in as.

Depending on your home router, this may or may not work from your home network though. Not all home routers will support “hairpin” connections back to itself, so you may need to have a static DNS entry in your network’s DNS server that points to the private IP address of your Synology. When on the internet it would go to the public Internet IP address, when on your private network it would connect to the private LAN IP.

Ultimately this forum and DT can’t be expected to cover explicit user guidance for all scenarios, we can only provide the general “intent” guide and users may have to consult with their NAS or home router product documentation to match it to their specific environment.

Hi Bluefrog + efndc:

Thank you both so much for this! Bluefrog’s solution worked immediately, so I went with his. My problem was that I didn’t realize that I needed to use my customized domain (“synologynas”) in the URI/file path (which other WebDAV connections I use don’t require) in addition to the shared folder.

efndc: I guess your solution is the same, although I wasn’t sure why you chose a triple-barreled domain (“mynas” + “mydomain” + “tld”)—but especially as I didn’t recognize “tld” or TLD, except that it resembles the subheading in chrillek’s response that contains: “TL;DR:” (which I obviously also didn’t recognize). Notwithstanding that, I also migrated to NAS from expensive commercial cloud services like Dropbox, and for the same reason. Not surprisingly, I could have also taken advantage of my Synology’s “readiness” for DT, using my DDNS-governed personal domain and port forwarding. I could have therefore just done as you did, i.e. provision a folder within the NAS home directory (rather than dedicating a separate new one)—but I don’t see a significant difference between the two in terms of consequence.

Two other points: (1) there’s no need to invent an additional user (as long as you have the correct privileges already); (2) nor does any of this depend on your router’s configuration (as far as Synology is concerned): I realized this only because of a “fortuitous” internet outage in my area for most of today, and I managed to make a successful WebDAV connection while using my iPhone’s Wi-Fi hotspot—bypassing my modem and router altogether (the connection prevailed when my home came back online a short time ago).

Finally, I take your point that “Ultimately this forum and DT can’t be expected to cover explicit user guidance for all scenarios”, but please note that I did reach out to Synology first (for that exact reason)—but of course they was entirely unhelpful. It therefore seemed reasonable to me to connect with the official DEVONtechnologies community, as I thought it was more than likely that others had successfully connected their Synology NAS to their DT databases with WebDAV.

Thank you to all for providing your insights and showing me how it’s done.

This is correct only if you do access the NAS exclusively from inside your own network.
Basically, there are three ways to specify the host (aka the NAS)

• by IP address (in your local network, 192.168.xxx.yyy or 10.… or 172…))
• by a pseudo host name like synology.local (basic only in your local network)
• by a fully qualified name (FQDN) like nas.example.com. In this case com is the TLD, aka top level domain.

A special version of the last variant is a DynDNS: since the external IP address of your router is determined by your internet provider, it may change occasionally. A DynDNS service like the one offered by Synology tracks these changes and makes sure that the FQDN always points to the current IP address of your router.

And you definitely do need some version of DynDNS if you want to access your NAS from outside your local network. (Unless you are running your own DNS server somewhere on the internet) Also, in this case, you have to set up port forwarding in your router. Alternatively, set up a VPN server on the router. Change its configuration, in your words.

On the other hand, if you do not need to access the NAS from the outside, why use it to sync DT at all? Bonjour is perfectly fine in this case and requires near zero setup.

TL;DR means “too long; don’t read”

I think I mentioned that I have my NAS and router already configured that way with port forwarding.