Running Snapdrop on Synology NAS by Docker Installation
What This Guide Delivers
This post explains how to run Snapdrop (an open-source AirDrop alternative) on Synology NAS with Docker, focusing not on the easiest way, but on the most advanced, secure, and operationally reliable way.
Instead of exposing Snapdrop directly, we’ll:
- Run Snapdrop in an isolated Docker network
- Use DSM Reverse Proxy with HTTPS
- Apply no-new-privileges, read-only file systems, and healthchecks
- Prepare backups and monitoring
Assumptions & Preparation
- Synology DSM 7.x with Container Manager installed
- SSH access enabled (optional but recommended)
- A shared folder
/volume1/docker/snapdrop/created - Your NAS timezone:
Asia/Seoul
Directory Layout
/volume1/docker/snapdrop/
├─ docker-compose.yml
├─ .env
└─ snapdrop-data/Snapdrop itself is stateless, but we’ll mount a data directory for logs, certificates, or future persistence.
.env — Centralized Config
# .env
TZ=Asia/Seoul
SNAPDROP_IMAGE=linuxserver/snapdrop:latest
SNAPDROP_PORT=8080Docker Compose (Hardened)
# docker-compose.yml — Advanced Snapdrop on Synology
name: snapdrop-stack
networks:
snapdrop-net:
driver: bridge
services:
snapdrop:
image: ${SNAPDROP_IMAGE}
container_name: snapdrop
restart: unless-stopped
ports:
- "127.0.0.1:${SNAPDROP_PORT}:80" # only bind to localhost; expose via DSM reverse proxy
environment:
- TZ=${TZ}
- PUID=1026 # optional: DSM user ID
- PGID=100
volumes:
- ./snapdrop-data:/config
security_opt:
- no-new-privileges:true
read_only: true
tmpfs:
- /tmp:size=64m
healthcheck:
test: ["CMD-SHELL", "wget -q --spider http://127.0.0.1:80 || exit 1"]
interval: 20s
timeout: 5s
retries: 5
networks:
- snapdrop-net
Reverse Proxy & HTTPS on DSM
- Go to DSM → Control Panel → Login Portal → Reverse Proxy.
- Create a new rule:
- Source:
https://snapdrop.yourdomain.com→ Destination:http://127.0.0.1:8080
- Source:
- Bind a Let’s Encrypt certificate to the domain.
- Add headers for security:
Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadX-Frame-Options: DENYX-Content-Type-Options: nosniff
First Run & Hardening
- Access via
https://snapdrop.yourdomain.com - Confirm uploads/downloads work across devices
- Consider DSM firewall → only allow access from your LAN/VPN
- Monitor logs under
./snapdrop-data/
Backup & Restore
# Backup config/logs
tar -C ./snapdrop-data -czf /volume1/backups/snapdrop_$(date +%F).tar.gz .- Snapdrop is mostly stateless, but backup configs if you apply customizations.
- For disaster recovery:
- Recreate the stack with same
.env - Restore tarball into
./snapdrop-data/
- Recreate the stack with same
Monitoring & Operations
- Enable DSM → Notifications → Container Health Events.
- Optionally integrate with Prometheus Node Exporter for container uptime.
- Review logs regularly to detect abuse or unusual traffic.
Troubleshooting
Browser cannot connect → Check DSM reverse proxy and certificate binding.
Files not transferring → Ensure WebRTC STUN/TURN ports are not blocked on your network.
Container keeps restarting → Check healthcheck logs:
docker compose logs snapdropSecurity Checklist
- Exposed only via DSM reverse proxy
- HTTPS enabled with HSTS
no-new-privileges, read-only, tmpfs enabled- Regular backups of configs
- Firewall restricts public access
FAQs
Q1. Can I expose Snapdrop directly without reverse proxy?
Yes, but not recommended. Reverse proxy with HTTPS is safer.
Q2. Does Snapdrop store files?
No, it streams files peer-to-peer (WebRTC). Nothing is saved permanently on the NAS.
Q3. Do I need TURN servers?
On local LAN, no. For remote users (NAT/firewalls), you may need to configure a TURN server.
Q4. How do I update Snapdrop?
docker compose pull
docker compose up -dQ5. Is Snapdrop safe for sensitive files?
Traffic is encrypted (TLS + WebRTC DTLS). For highly sensitive files, use VPN + Snapdrop.
Conclusion
With this setup, Running Snapdrop on Synology NAS by Docker Installation (Advanced & Secure Setup) gives you a private, encrypted, AirDrop-like tool across all your devices—hardened with reverse proxy, TLS, and minimal container privileges.
Reference: Snapdrop GitHub