ERPNext breaks behind Reverse Proxy

Hello, I managed to do a fresh install of ERPNext v13 in a Linux VirtualBox VM using these instructions. But my access to the webpage from the internet constantly breaks.

I have correctly setup my DNS for the subdomain to point to my router.

My router has port forwarding enabled for incoming port 443, to a Synology NAS running inside my lan with a Reverse Proxy listening on port 443.

I have the Synology NAS with a Reverse Proxy setup to redirect internet traffic from to

I installed the SSL Certificate for * on the Synology NAS, and configured it for the subdomain.

I am using this setup since I am running several other webserver apps using this same setup. However with this one, it keeps breaking all the time. When I go to I can login and use the site for a while, until it breaks and I get a Synology page saying “Sorry, the page you are looking for is not found.” with a Synology logo. See attached screenshot.

If I refresh the browser, I get the same page for a while. But if I point my browser (inside my lan) to the machine’s ip address, I am able to see and navigate the site without any problem.

After maybe 10-15 minutes or so, the page starts working again.

This makes me think the problem is with the Synology NAS Reverse Proxy which for some reason stops communicating with the erpnext box. See attached screenshot.

Maybe there’s a custom header that I have to configure on the reverse proxy to avoid breaking the connection?

Or maybe I have to change something in the erpnext nginx configuration?

Any help trying to figure this out is greatly appreciated. Thanks.

Here is my frappe-bench.conf file on /etc/nginx/conf.d/frappe-bench.conf:

upstream frappe-bench-frappe {
	server fail_timeout=0;

upstream frappe-bench-socketio-server {
	server fail_timeout=0;

# setup maps

# server blocks

server {
	listen 80;


	root /home/erpnext/frappe-bench/sites;

	proxy_buffer_size 128k;
	proxy_buffers 4 256k;
	proxy_busy_buffers_size 256k;


	add_header X-Frame-Options "SAMEORIGIN";
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";

	location /assets {
		try_files $uri =404;

	location ~ ^/protected/(.*) {
		try_files /site1.local/$1 =404;

	location / {
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Frappe-Site-Name site1.local;
		proxy_set_header Origin $scheme://$http_host;
		proxy_set_header Host $host;

		proxy_pass http://frappe-bench-socketio-server;

	location / {

 		rewrite ^(.+)/$ $1 permanent;
  		rewrite ^(.+)/index\.html$ $1 permanent;
  		rewrite ^(.+)\.html$ $1 permanent;

		location ~ ^/files/.*.(htm|html|svg|xml) {
			add_header Content-disposition "attachment";
			try_files /site1.local/public/$uri @webserver;

		try_files /site1.local/public/$uri @webserver;

	location @webserver {
		proxy_set_header X-Forwarded-For $remote_addr;
		proxy_set_header X-Forwarded-Proto $scheme;
		proxy_set_header X-Frappe-Site-Name site1.local;
		proxy_set_header Host $host;
		proxy_set_header X-Use-X-Accel-Redirect True;
		proxy_read_timeout 120;
		proxy_redirect off;

		proxy_pass  http://frappe-bench-frappe;

	# error pages
	error_page 502 /502.html;
	location /502.html {
		root /home/erpnext/.bench/bench/config/templates;

	# optimizations
	sendfile on;
	keepalive_timeout 15;
	client_max_body_size 50m;
	client_body_buffer_size 16K;
	client_header_buffer_size 1k;

	# enable gzip compresion
	# based on
	gzip on;
	gzip_http_version 1.1;
	gzip_comp_level 5;
	gzip_min_length 256;
	gzip_proxied any;
	gzip_vary on;
		# text/html is always compressed by HttpGzipModule

@DonDowner this issue is caused by fail2ban you will need to configure fail2ban for it understand you are behind a proxy.

Disable fail2ban is also an option, but it will make your instance vulnerable to force-brute attacks!