Difference between revisions of "Netgear ReadyNAS 316"
m (→Links) |
m |
||
Line 15: | Line 15: | ||
Update FW |
Update FW |
||
+ | <!-- |
||
+ | System/Settings/ |
||
+ | * disable AFP,ReadyDLNA,UPnP,HTTP Admin, |
||
+ | * enable SMB,HTTPS,SSH |
||
+ | Accounts/Users |
||
+ | * phil-rns |
||
+ | * andrea-sv |
||
+ | Shares/Shares |
||
+ | * delete Music,Pictures |
||
+ | * home folders: SMB & NFS |
||
+ | * rename Videos -> Transmission,snapshot never, Network:SMB,phil/rw, File:phil/users,disable grant,folder owner rw,default access: specify folder owner rw |
||
+ | * rename Documents -> Share, snapshot never, Network:SMB,andrea ro,phil rw, File:phil/users,disable grant,everyone ro,folder owner rw, default access: specify: everyone ro,folder owner rw |
||
+ | ssh-copy-id root@readynas |
||
+ | --> |
||
Alerts: |
Alerts: |
||
* Email: recipient email |
* Email: recipient email |
||
Line 21: | Line 35: | ||
* Advanced settings/From: sender email |
* Advanced settings/From: sender email |
||
* Then don't forget to "Apply" after having sent successfully a test message |
* Then don't forget to "Apply" after having sent successfully a test message |
||
+ | (since reinstall with 6.2.2, sending test message failed but still I received the test mail...) |
||
==Certificat HTTPS== |
==Certificat HTTPS== |
||
To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html |
To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html |
||
Line 28: | Line 43: | ||
* Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt |
* Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt |
||
* Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours |
* Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours |
||
− | * Avoid frontview or fw updates to overwrite it: |
+ | * Avoid frontview or fw updates to overwrite it (not sure if it could harm fw upgrade...): |
chattr +i /etc/frontview/apache/apache.pem |
chattr +i /etc/frontview/apache/apache.pem |
||
* Create a file /etc/frontview/apache/addons/ssl.conf with |
* Create a file /etc/frontview/apache/addons/ssl.conf with |
||
Line 35: | Line 50: | ||
* Tell Apache to reload its config |
* Tell Apache to reload its config |
||
killall -HUP apache2 |
killall -HUP apache2 |
||
+ | ==hosts== |
||
− | |||
⚫ | |||
==Debian== |
==Debian== |
||
System is a Debian Wheezy |
System is a Debian Wheezy |
||
− | <br>Edit /etc/apt/sources.list and add |
+ | <br>Edit /etc/apt/sources.list and add non-free: |
− | deb http://mirrors.kernel.org/debian |
+ | deb http://mirrors.kernel.org/debian wheezy main non-free |
− | deb http://mirrors.kernel.org/debian sid main |
||
− | Create /etc/apt/apt.conf.d/00default |
||
− | APT::Default-Release "stable"; |
||
− | |||
apt-get update |
apt-get update |
||
apt-get install dialog |
apt-get install dialog |
||
⚫ | |||
− | apt-get dist-upgrade |
||
⚫ | |||
What is not available: |
What is not available: |
||
− | * |
+ | * luks? missing some support in kernel? |
− | * luks: no aes-xts support, don't know for the rest |
||
===mail=== |
===mail=== |
||
apt-get install exim4 bsd-mailx |
apt-get install exim4 bsd-mailx |
||
+ | dpkg-reconfigure exim4-config |
||
− | Config: smarthost, no local email / yobi.be / visible domain name: yobi.be / smarthost: smtp.isp.xxx |
||
+ | |||
⚫ | |||
+ | 3. mail sent by smarthost; no local mail |
||
⚫ | |||
+ | System mail name: yobi.be |
||
+ | IP-addresses to listen on for incoming SMTP connections: 127.0.0.1 |
||
+ | Other destinations for which mail is accepted: |
||
+ | Visible domain name for local users: yobi.be |
||
+ | IP address or host name of the outgoing smarthost: smtp.isp.xxx <!--smtp.belgacom.net--> |
||
+ | Keep number of DNS-queries minimal (Dial-on-Demand)? n |
||
+ | Split configuration into small files? y |
||
+ | Root and postmaster mail recipient: phil |
||
+ | Complete /etc/email-addresses |
||
+ | <!-- |
||
+ | root: ... |
||
+ | backuppc: ... |
||
+ | phil: ... |
||
+ | --> |
||
⚫ | |||
apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl |
apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl |
||
Small issue because Apache is not running as the usual www-data but admin user: |
Small issue because Apache is not running as the usual www-data but admin user: |
||
Line 104: | Line 129: | ||
apt-get install transmission-daemon |
apt-get install transmission-daemon |
||
/etc/init.d/transmission-daemon stop |
/etc/init.d/transmission-daemon stop |
||
⚫ | |||
+ | ENABLE_DAEMON=0 |
||
− | + | Create /data/Transmission/info/settings.json |
|
+ | # cf https://trac.transmissionbt.com/wiki/EditConfigFiles |
||
"download-dir":... |
"download-dir":... |
||
"incomplete-dir":... |
"incomplete-dir":... |
||
"rpc-password": "your_password", # note that it will be encrypted next time automatically |
"rpc-password": "your_password", # note that it will be encrypted next time automatically |
||
+ | |||
+ | chown -R phil.users /data/Transmission/info |
||
+ | |||
⚫ | |||
+ | #!/bin/bash |
||
+ | exec su -s /bin/bash phil -c "/usr/bin/transmission-daemon --config-dir /data/Transmission/info/ --logfile /data/Transmission/info/logfile --log-info" |
||
+ | transmission-stop.sh: |
||
+ | #!/bin/bash |
||
+ | exec su -s /bin/bash phil -c "killall transmission-daemon" |
||
If you've some transmission settings to transfer from another machine: |
If you've some transmission settings to transfer from another machine: |
||
* settings.json is in /etc/transmission-daemon/settings.json |
* settings.json is in /etc/transmission-daemon/settings.json |
||
− | * other stuffs (blocklists, resume, torrents,...) |
+ | * other stuffs (blocklists, resume, torrents,...) is in /var/lib/transmission-daemon/info/ |
To fix .resume files from another location, here from /shares/.... to /data/....: file is [https://en.wikipedia.org/wiki/Bencode bencoded] but a few bash lines are enough |
To fix .resume files from another location, here from /shares/.... to /data/....: file is [https://en.wikipedia.org/wiki/Bencode bencoded] but a few bash lines are enough |
||
Line 123: | Line 160: | ||
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST})) |
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST})) |
||
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE" |
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE" |
||
− | chown |
+ | chown phil:users "$FILE" |
</source> |
</source> |
||
Line 134: | Line 171: | ||
Transgui / Transmission options / Network / Incoming port <> router firewall? |
Transgui / Transmission options / Network / Incoming port <> router firewall? |
||
− | |||
− | After a reboot, it seems that Transmission starts with default settings, so: |
||
⚫ | |||
⚫ | |||
==Android== |
==Android== |
Revision as of 21:30, 12 January 2015
Links
- http://support.netgear.com/product/RN31600
- http://support.netgear.com/product/ReadyNAS-OS6
- http://www.netgear.com/business/products/storage/readynas/readynas-desktop.aspx
- http://www.readynas.com/
- X-RAID
- ReadyNAS Developer’s Corner
- ReadyNAS Downloads
- X-Raid calculator
General
Initial login: admin/password
If SSH activated, root has same pwd as admin.
Update FW Alerts:
- Email: recipient email
- Advanced settings/SMTP Server: can be 127.0.0.1 if you've installed Exim (see below)
- Advanced settings/From: sender email
- Then don't forget to "Apply" after having sent successfully a test message
(since reinstall with 6.2.2, sending test message failed but still I received the test mail...)
Certificat HTTPS
To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html
- Create directory /etc/frontview/apache/addons/
- Copy CACert root cert (PEM format) in /etc/frontview/apache/addons/root.crt
- Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt
- Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours
- Avoid frontview or fw updates to overwrite it (not sure if it could harm fw upgrade...):
chattr +i /etc/frontview/apache/apache.pem
- Create a file /etc/frontview/apache/addons/ssl.conf with
SSLCACertificateFile /etc/frontview/apache/addons/root.crt SSLCertificateChainFile /etc/frontview/apache/addons/class3.crt
- Tell Apache to reload its config
killall -HUP apache2
hosts
Complete /etc/hosts
Debian
System is a Debian Wheezy
Edit /etc/apt/sources.list and add non-free:
deb http://mirrors.kernel.org/debian wheezy main non-free apt-get update apt-get install dialog apt-get install mc screen binutils sshfs pv netcat encfs man python htop iotop p7zip p7zip-full unrar git
What is not available:
- luks? missing some support in kernel?
apt-get install exim4 bsd-mailx dpkg-reconfigure exim4-config
3. mail sent by smarthost; no local mail System mail name: yobi.be IP-addresses to listen on for incoming SMTP connections: 127.0.0.1 Other destinations for which mail is accepted: Visible domain name for local users: yobi.be IP address or host name of the outgoing smarthost: smtp.isp.xxx Keep number of DNS-queries minimal (Dial-on-Demand)? n Split configuration into small files? y Root and postmaster mail recipient: phil
Complete /etc/email-addresses
backuppc (old)
apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl
Small issue because Apache is not running as the usual www-data but admin user:
chgrp admin /etc/backuppc/* chgrp admin /usr/lib/backuppc/cgi-bin/index.cgi chmod u+s /usr/lib/backuppc/cgi-bin/index.cgi
Set backuppc password:
htpasswd /etc/backuppc/htpasswd backuppc
Move pool to the big partition, preserving hard links
/etc/init.d/backuppc stop cp -a /var/lib/backuppc /home rm -rf /var/lib/backuppc ln -s /home/backuppc /var/lib/backuppc /etc/init.d/backuppc start
If you want to encrypt backup pool, you can alternatively do:
/etc/init.d/backuppc stop cp -a /var/lib/backuppc /home/backuppc.orig rm -rf /var/lib/backuppc mkdir /home/.backuppc adduser backuppc fuse mkdir /var/lib/backuppc chown backuppc.backuppc /var/lib/backuppc encfs --public /home/.backuppc /var/lib/backuppc
We need hardlinks, so use "standard" settings of encfs, no external IV chaining!
And because it will be accessed also by Apache, even if through some setuid, we need --public
su -s /bin/bash backuppc $ rsync -avH /home/backuppc.orig/ /var/lib/backuppc rm -rf /home/backuppc.orig /etc/init.d/backuppc start
If you choose encryption, it cannot start automatically anymore:
for i in /etc/rc*.d/S*backuppc; do mv $i ${i/S/K};done update-rc.d backuppc defaults systemctl --system daemon-reload
And from now on, use scripts to start/stop manually:
#!/bin/bash encfs --public /home/.backuppc /var/lib/backuppc && /etc/init.d/backuppc start
#!/bin/bash /etc/init.d/backuppc stop fusermount -u /var/lib/backuppc
Visit https://readynas/backuppc
Default backup of localhost /etc will fail due to some read access issues, we can ignore them by tuning the corresponding TarClientCmd and appending to it:
--ignore-failed-read
Transmission
There is a readynas app, but better to use the Debian one if you want to tune it.
apt-get install transmission-daemon /etc/init.d/transmission-daemon stop
Edit /etc/default/transmission-daemon:
ENABLE_DAEMON=0
Create /data/Transmission/info/settings.json
# cf https://trac.transmissionbt.com/wiki/EditConfigFiles "download-dir":... "incomplete-dir":... "rpc-password": "your_password", # note that it will be encrypted next time automatically
chown -R phil.users /data/Transmission/info
transmission-start.sh:
#!/bin/bash exec su -s /bin/bash phil -c "/usr/bin/transmission-daemon --config-dir /data/Transmission/info/ --logfile /data/Transmission/info/logfile --log-info"
transmission-stop.sh:
#!/bin/bash exec su -s /bin/bash phil -c "killall transmission-daemon"
If you've some transmission settings to transfer from another machine:
- settings.json is in /etc/transmission-daemon/settings.json
- other stuffs (blocklists, resume, torrents,...) is in /var/lib/transmission-daemon/info/
To fix .resume files from another location, here from /shares/.... to /data/....: file is bencoded but a few bash lines are enough
#!/bin/bash
FILE="$1"
OLDDESTSIZE=$(cat "$FILE"|cut -f6 -d:|head -n1|sed 's/destination//')
OLDDEST="/shares"
NEWDEST="/data"
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST}))
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE"
chown phil:users "$FILE"
To run it under another user:
Edit /etc/init.d/transmission-daemon -> USER=joe, then:
chown -R joe.users /var/lib/transmission-daemon chown -R joe.users /etc/transmission-daemon systemctl --system daemon-reload /etc/init.d/transmission-daemon start
Transgui / Transmission options / Network / Incoming port <> router firewall?