The Hemmelig application is to be used to share encrypted secrets across organizations, or as private users. Hemmelig truly cares about your privacy, and will do everything to stay that way. In this step by step guide I will show you how to install Hemmelig on your Synology NAS using Docker.

💡Note: This guide works perfectly with the latest Hemmelig v6.7.4 release.

• STEP 1

Please Support My work by Making a Donation.

• STEP 2

Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.

• STEP 3

Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.

• STEP 4

Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.

• STEP 5

Now click the “Create” button. Follow the instructions in the image below.

• STEP 6

After you click the Create button, the window below will open. Follow the instructions in the image below.

On the General area, set the Reverse Proxy Name description: type in hemmelig. After that, add the following instructions:

Source:
Protocol: HTTPS
Hostname: hemmelig.yourname.synology.me
Port: 443

Check Enable HSTS

Destination:
Protocol: HTTP
Hostname: localhost
Port: 3510

• STEP 7

On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.

• STEP 8

Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.

• STEP 9

Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.

• STEP 10

Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it hemmelig. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

• STEP 11

Now create two new folders inside the hemmelig folder that you created at STEP 10 and name them db and upload. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.

• STEP 12

Right click on the hemmelig folder that you have previously created at STEP 10 then click Properties. Follow the instructions in the image below.

• STEP 13

Go to the Permission tab then click Advanced options. From the drop-down menu choose “Make inherited permissions explicit“. Follow the instructions in the image below.

• STEP 14

Select Everyone then click the Edit tab. Follow the instructions in the image below.

• STEP 15

Check all Read and Write Permissions. Click Done. Follow the instructions in the image below.

• STEP 16

After you click Done on STEP 15, check “Apply to this folder, sub-folders and files“. Click Save. Follow the instructions in the image below.

• STEP 17

Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.

• STEP 18

In the Name field type in hemmelig. Follow the instructions in the image below.

Note: Copy Paste the code below in the Portainer Stacks Web editor.

version: "3.9"
services:
    hemmelig:
        image: hemmeligapp/hemmelig:latest
        container_name: Hemmelig
        hostname: hemmelig
        init: true
        volumes:
            - /volume1/docker/hemmelig/upload:/var/tmp/hemmelig/upload/files
            - /volume1/docker/hemmelig/db:/home/node/hemmelig/database/
        environment:
            - SECRET_LOCAL_HOSTNAME=0.0.0.0
            - SECRET_PORT=3000
            - SECRET_HOST=hemmelig.yourname.synology.me
            - SECRET_ROOT_USER=marius
            - SECRET_ROOT_PASSWORD=iamroot # The admin user password (Change this only after the first sign in! Do NOT change now!!!)
            - SECRET_ROOT_EMAIL=yourown@email
            - SECRET_FILE_SIZE=4 # Set the total allowed upload file size in mb
            - SECRET_FORCED_LANGUAGE=en # Set the default language for the application. de for German, it for Italian, fr for French.
            - SECRET_JWT_SECRET=MariushostingMariushostingMari13
            - SECRET_MAX_TEXT_SIZE=1024 # The max text size for the secret. Is set in kb. i.e. 1024 for 1024kb
        ports:
            - 3510:3000
        stop_grace_period: 1m
        restart: on-failure:5

Note: Before you paste the code above in the Web editor area below, change the value for SECRET_HOST and type in your own synology.me DDNS without https:// at the beginning that you have previously created at STEP 6.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_ROOT_USER and type in your own username. marius is an example for an username you should use your own username.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_ROOT_EMAIL and type in your own email address.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_FORCED_LANGUAGE and set your default language. en is for English, de is for German, fr is for French etc.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_JWT_SECRET and add your own JWT SECRET. MariushostingMariushostingMari13 is an example for a JWT SECRET. You should invent your own Value. Add 32 random characters, both letters and numbers.

• STEP 19

Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.

• STEP 20

If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.

• STEP 21

🟢Please Support My work by Making a Donation. Almost 99,9% of the people that install something using my guides forget to support my work, or just ignore STEP 1. I’ve been very honest about this aspect of my work since the beginning: I don’t run any ADS, I don’t require subscriptions, paid or otherwise, I don’t collect IPs, emails, and I don’t have any referral links from Amazon or other merchants. I also don’t have any POP-UPs or COOKIES. I have repeatedly been told over the years how much I have contributed to the community. It’s something I love doing and have been honest about my passion since the beginning. But I also Need The Community to Support me Back to be able to continue doing this work.

• STEP 22

Now open your browser and type in your HTTPS/SSL certificate like this https://hemmelig.yourname.synology.me that you have previously created at STEP 6. In my case it’s https://hemmeligh.mariushosting.synology.me If everything goes right, you will see the Hemmelig page. At the top right of the page click on the 3 horizontal lines. Follow the instructions in the image below.

• STEP 23

Click Sign in. Follow the instructions in the image below.

• STEP 24

Type in your own username that you have previously created at STEP 18 and the default password which is iamroot. Click Sign in. Follow the instructions in the image below.

• STEP 25

On the left sidebar click Account settings. Follow the instructions in the image below.

• STEP 26

Type in your current default password which is iamroot then type in your new password, then click Update details. Follow the instructions in the image below.

• STEP 27

Disable user registration. On the left sidebar click Instance settings. Check Disable user account creation then click Update settings. Follow the instructions in the image below.

• STEP 28

Add your own message, title, upload files, choose max views, add a password, restrict an IP or entire CIDR. Choose the Lifetime message. Click Create a secret link. Follow the instructions in the image below.

• STEP 29

Copy your own link then share the link with your public. Follow the instructions in the image below.

• STEP 30

Click View the secret to view the secret message if you have previously created a password at STEP 28. Follow the instructions in the image below.

• STEP 31

Your secret page at a glance!

Enjoy Hemmelig!

🆘TROUBLESHOOTING

If you encounter issues by using this container, make sure to check out the Common Docker issues article.

Note: Find out how to update the Hemmelig container with the latest image.
Note: Can I run Docker on my Synology NAS? See the supported models.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.

This post was updated on Friday / May 16th, 2025 at 7:35 AM