Free ports 80 and 443 on Synology NAS

free_ports.sh

#!/bin/bash

# WARNING: Use at your own risk. Test carefully before applying in production.
# THIS SCRIPT WAS UPDATED FROM THE ORIGINAL USING CHATGPT!
# IT worked on a DS920+ as of 19th May 25.
# Updated for DSM 7.2.2 compatibility.
# STILL working on DSM 7.2.2-72806 Update 3 (9th Jan 26)
# This script will attempt to free up ports 80 and 443 used by the built-in nginx.

HTTP_PORT=81
HTTPS_PORT=444

BACKUP_FILES=true
BACKUP_DIR=/volume1/apps/free_ports/backup
DELETE_OLD_BACKUPS=false
KEEP_BACKUP_DAYS=30

NGINX_DIR="/usr/syno/share/nginx"
DATE=$(date +%Y-%m-%d-%H-%M-%S)
CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"

if [ "$BACKUP_FILES" = "true" ]; then
  mkdir -p "$CURRENT_BACKUP_DIR"
  cp "$NGINX_DIR"/*.mustache "$CURRENT_BACKUP_DIR"
fi

if [ "$DELETE_OLD_BACKUPS" = "true" ]; then
  find "$BACKUP_DIR/" -type d -mtime +$KEEP_BACKUP_DAYS -exec rm -r {} \;
fi

# Replace IPv4 listen ports 80 and 443
sed -i "s/^\([ \t]*listen[ \t]*\[\?:\?]*\)80\([^0-9]\)/\1$HTTP_PORT\2/" "$NGINX_DIR"/*.mustache
sed -i "s/^\([ \t]*listen[ \t]*\[\?:\?]*\)443\([^0-9]\)/\1$HTTPS_PORT\2/" "$NGINX_DIR"/*.mustache

# Replace IPv6 listen ports [::]:80 and [::]:443
sed -i "s/^\([ \t]*listen[ \t]*\[::\]:\)80\([^0-9]\)/\1$HTTP_PORT\2/" "$NGINX_DIR"/*.mustache
sed -i "s/^\([ \t]*listen[ \t]*\[::\]:\)443\([^0-9]\)/\1$HTTPS_PORT\2/" "$NGINX_DIR"/*.mustache

if command -v synoservicecfg >/dev/null; then
  synoservicecfg --restart nginx
elif command -v synosystemctl >/dev/null; then
  synosystemctl restart nginx
elif systemctl status nginx >/dev/null 2>&1; then
  systemctl restart nginx
else
  echo "Could not find nginx service restart command."
fi

echo "Port replacements complete. Here are the diffs:"
diff -u "$CURRENT_BACKUP_DIR" "$NGINX_DIR" | tee "$CURRENT_BACKUP_DIR/changes.log"

The original script does not work for DSM 7.2. I asked CHATGPT to look at it and make changes to get it to work again and it does. Don't forget to setup a scheduled task to run on boot.

`#!/bin/bash

WARNING: Use at your own risk. Test carefully before using in production.

This script frees up ports 80 and 443 used by Synology's built-in nginx.

Confirmed working on DSM 7.2.2 (e.g. DS920+) as of May 19, 2025.

HTTP_PORT=81
HTTPS_PORT=444

BACKUP_FILES=true
BACKUP_DIR="/volume1/apps/free_ports/backup"
DELETE_OLD_BACKUPS=false
KEEP_BACKUP_DAYS=30

NGINX_DIR="/usr/syno/share/nginx"
DATE=$(date +%Y-%m-%d-%H-%M-%S)
CURRENT_BACKUP_DIR="$BACKUP_DIR/$DATE"

Ensure the script is run as root

if [ "$EUID" -ne 0 ]; then
echo "This script must be run as root."
exit 1
fi

Check for .mustache files

shopt -s nullglob
mustache_files=("$NGINX_DIR"/*.mustache)
if [ ${#mustache_files[@]} -eq 0 ]; then
echo "No .mustache files found in $NGINX_DIR"
exit 1
fi

Create backup

if [ "$BACKUP_FILES" = "true" ]; then
mkdir -p "$CURRENT_BACKUP_DIR"
cp "${mustache_files[@]}" "$CURRENT_BACKUP_DIR"
echo "Backup created at: $CURRENT_BACKUP_DIR"
fi

Delete old backups if enabled

if [ "$DELETE_OLD_BACKUPS" = "true" ]; then
find "$BACKUP_DIR/" -type d -mtime +"$KEEP_BACKUP_DAYS" -exec rm -r {} +
echo "Deleted backups older than $KEEP_BACKUP_DAYS days."
fi

Replace ports in mustache files

echo "Replacing ports: 80 → $HTTP_PORT, 443 → $HTTPS_PORT"

for file in "${mustache_files[@]}"; do
sed -i
-e "s/(^[ \t]listen[ \t])[::]:80([^0-9])/\1[::]:$HTTP_PORT\2/"
-e "s/(^[ \t]listen[ \t])[::]:443([^0-9])/\1[::]:$HTTPS_PORT\2/"
-e "s/(^[ \t]listen[ \t])(80)([^0-9])/\1$HTTP_PORT\3/"
-e "s/(^[ \t]listen[ \t])(443)([^0-9])/\1$HTTPS_PORT\3/"
"$file"
done

Restart nginx

echo "Attempting to restart nginx..."

if command -v synoservicecfg >/dev/null; then
synoservicecfg --restart nginx
elif command -v synosystemctl >/dev/null; then
synosystemctl restart nginx
elif systemctl status nginx >/dev/null 2>&1; then
systemctl restart nginx
else
echo "Could not find a valid command to restart nginx."
fi

Show diff output

echo "Showing configuration changes:"
diff -ur "$CURRENT_BACKUP_DIR" "$NGINX_DIR" | tee "$CURRENT_BACKUP_DIR/changes.log"

echo "Script completed successfully."
`

Hi,
My synology nas is running DSM 7.2.2-72806 (update 4)

Script breaks at this point. Doesn't like the "sed" string

sed -i
-e "s/(^[ \t]listen[ \t])[::]:80([^0-9])/\1[::]:$HTTP_PORT\2/"
-e "s/(^[ \t]listen[ \t])[::]:443([^0-9])/\1[::]:$HTTPS_PORT\2/"
-e "s/(^[ \t]listen[ \t])(80)([^0-9])/\1$HTTP_PORT\3/"
-e "s/(^[ \t]listen[ \t])(443)([^0-9])/\1$HTTPS_PORT\3/"
"$file"
done

My output;

Can you comment or suggest on how to fix this part of the script.

Good work!
Script from @Damotron500 works fine with DSM 7.3, 7.3.1 and 7.3.1 Update 1.

Hi, My synology nas is running DSM 7.2.2-72806 (update 4)

Script breaks at this point. Doesn't like the "sed" string

sed -i -e "s/(^[ \t]listen[ \t])[::]:80([^0-9])/\1[::]:$HTTP_PORT\2/" -e "s/(^[ \t]listen[ \t])[::]:443([^0-9])/\1[::]:$HTTPS_PORT\2/" -e "s/(^[ \t]listen[ \t])(80)([^0-9])/\1$HTTP_PORT\3/" -e "s/(^[ \t]listen[ \t])(443)([^0-9])/\1$HTTPS_PORT\3/" "$file" done

My output;

Can you comment or suggest on how to fix this part of the script.

I vibe coded the changes.. and i have almost no clue how to write this myself.. so here is the response from Chatgpt again.
https://chatgpt.com/share/696106d4-4080-8003-b30d-424fe63ce112
Be very wary when using scripts provided in this fashion, the AI has a real habit of coding things not requested. Recommend using another AI to validate the update script that you use, just in case.