Difference between revisions of "Netgear ReadyNAS 316"

From YobiWiki
Jump to navigation Jump to search
m
Line 15: Line 15:
   
 
Update FW
 
Update FW
  +
<!--
  +
System/Settings/
  +
* disable AFP,ReadyDLNA,UPnP,HTTP Admin,
  +
* enable SMB,HTTPS,SSH
  +
Accounts/Users
  +
* phil-rns
  +
* andrea-sv
  +
Shares/Shares
  +
* delete Music,Pictures
  +
* home folders: SMB & NFS
  +
* rename Videos -> Transmission,snapshot never, Network:SMB,phil/rw, File:phil/users,disable grant,folder owner rw,default access: specify folder owner rw
  +
* rename Documents -> Share, snapshot never, Network:SMB,andrea ro,phil rw, File:phil/users,disable grant,everyone ro,folder owner rw, default access: specify: everyone ro,folder owner rw
   
  +
ssh-copy-id root@readynas
  +
-->
 
Alerts:
 
Alerts:
 
* Email: recipient email
 
* Email: recipient email
Line 21: Line 35:
 
* Advanced settings/From: sender email
 
* Advanced settings/From: sender email
 
* Then don't forget to "Apply" after having sent successfully a test message
 
* Then don't forget to "Apply" after having sent successfully a test message
  +
(since reinstall with 6.2.2, sending test message failed but still I received the test mail...)
 
==Certificat HTTPS==
 
==Certificat HTTPS==
 
To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html
 
To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html
Line 28: Line 43:
 
* Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt
 
* Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt
 
* Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours
 
* Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours
* Avoid frontview or fw updates to overwrite it:
+
* Avoid frontview or fw updates to overwrite it (not sure if it could harm fw upgrade...):
 
chattr +i /etc/frontview/apache/apache.pem
 
chattr +i /etc/frontview/apache/apache.pem
 
* Create a file /etc/frontview/apache/addons/ssl.conf with
 
* Create a file /etc/frontview/apache/addons/ssl.conf with
Line 35: Line 50:
 
* Tell Apache to reload its config
 
* Tell Apache to reload its config
 
killall -HUP apache2
 
killall -HUP apache2
  +
==hosts==
 
 
Complete /etc/hosts
 
==Debian==
 
==Debian==
 
System is a Debian Wheezy
 
System is a Debian Wheezy
<br>Edit /etc/apt/sources.list and add
+
<br>Edit /etc/apt/sources.list and add non-free:
deb http://mirrors.kernel.org/debian jessie main
+
deb http://mirrors.kernel.org/debian wheezy main non-free
deb http://mirrors.kernel.org/debian sid main
 
Create /etc/apt/apt.conf.d/00default
 
APT::Default-Release "stable";
 
 
 
apt-get update
 
apt-get update
 
apt-get install dialog
 
apt-get install dialog
 
apt-get install mc screen binutils sshfs pv netcat encfs man python htop iotop p7zip p7zip-full unrar git
apt-get dist-upgrade
 
apt-get install mc screen binutils sshfs pv netcat encfs sudo python man git
 
 
What is not available:
 
What is not available:
* iotop: no I/O accounting support in kernel
+
* luks? missing some support in kernel?
* luks: no aes-xts support, don't know for the rest
 
 
===mail===
 
===mail===
 
apt-get install exim4 bsd-mailx
 
apt-get install exim4 bsd-mailx
  +
dpkg-reconfigure exim4-config
Config: smarthost, no local email / yobi.be / visible domain name: yobi.be / smarthost: smtp.isp.xxx
 
  +
<br>Complete /etc/email-addresses
 
  +
3. mail sent by smarthost; no local mail
===backuppc===
 
  +
System mail name: yobi.be
  +
IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
  +
Other destinations for which mail is accepted:
  +
Visible domain name for local users: yobi.be
  +
IP address or host name of the outgoing smarthost: smtp.isp.xxx <!--smtp.belgacom.net-->
  +
Keep number of DNS-queries minimal (Dial-on-Demand)? n
  +
Split configuration into small files? y
  +
Root and postmaster mail recipient: phil
  +
Complete /etc/email-addresses
  +
<!--
  +
root: ...
  +
backuppc: ...
  +
phil: ...
  +
-->
 
===backuppc (old)===
 
apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl
 
apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl
 
Small issue because Apache is not running as the usual www-data but admin user:
 
Small issue because Apache is not running as the usual www-data but admin user:
Line 104: Line 129:
 
apt-get install transmission-daemon
 
apt-get install transmission-daemon
 
/etc/init.d/transmission-daemon stop
 
/etc/init.d/transmission-daemon stop
 
Edit /etc/default/transmission-daemon:
  +
ENABLE_DAEMON=0
   
Edit /etc/transmission-daemon/settings.json
+
Create /data/Transmission/info/settings.json
  +
# cf https://trac.transmissionbt.com/wiki/EditConfigFiles
 
"download-dir":...
 
"download-dir":...
 
"incomplete-dir":...
 
"incomplete-dir":...
 
"rpc-password": "your_password", # note that it will be encrypted next time automatically
 
"rpc-password": "your_password", # note that it will be encrypted next time automatically
  +
  +
chown -R phil.users /data/Transmission/info
  +
 
transmission-start.sh:
  +
#!/bin/bash
  +
exec su -s /bin/bash phil -c "/usr/bin/transmission-daemon --config-dir /data/Transmission/info/ --logfile /data/Transmission/info/logfile --log-info"
  +
transmission-stop.sh:
  +
#!/bin/bash
  +
exec su -s /bin/bash phil -c "killall transmission-daemon"
   
 
If you've some transmission settings to transfer from another machine:
 
If you've some transmission settings to transfer from another machine:
 
* settings.json is in /etc/transmission-daemon/settings.json
 
* settings.json is in /etc/transmission-daemon/settings.json
* other stuffs (blocklists, resume, torrents,...) go to /var/lib/transmission-daemon/info/
+
* other stuffs (blocklists, resume, torrents,...) is in /var/lib/transmission-daemon/info/
   
 
To fix .resume files from another location, here from /shares/.... to /data/....: file is [https://en.wikipedia.org/wiki/Bencode bencoded] but a few bash lines are enough
 
To fix .resume files from another location, here from /shares/.... to /data/....: file is [https://en.wikipedia.org/wiki/Bencode bencoded] but a few bash lines are enough
Line 123: Line 160:
 
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST}))
 
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST}))
 
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE"
 
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE"
chown guest:guest "$FILE"
+
chown phil:users "$FILE"
 
</source>
 
</source>
   
Line 134: Line 171:
   
 
Transgui / Transmission options / Network / Incoming port <> router firewall?
 
Transgui / Transmission options / Network / Incoming port <> router firewall?
 
After a reboot, it seems that Transmission starts with default settings, so:
 
/etc/init.d/transmission-daemon stop
 
/etc/init.d/transmission-daemon start
 
   
 
==Android==
 
==Android==

Revision as of 21:30, 12 January 2015

Links

General

Initial login: admin/password

If SSH activated, root has same pwd as admin.

Update FW Alerts:

  • Email: recipient email
  • Advanced settings/SMTP Server: can be 127.0.0.1 if you've installed Exim (see below)
  • Advanced settings/From: sender email
  • Then don't forget to "Apply" after having sent successfully a test message

(since reinstall with 6.2.2, sending test message failed but still I received the test mail...)

Certificat HTTPS

To change it, cf http://readynas.sphardy.com/2010/10/installing-ssl-certificate-on-your_7476.html

  • Create directory /etc/frontview/apache/addons/
  • Copy CACert root cert (PEM format) in /etc/frontview/apache/addons/root.crt
  • Copy CACert intermediate cert (PEM format) in /etc/frontview/apache/addons/class3.crt
  • Merge your RSA cert & key in a single PEM file and replace /etc/frontview/apache/apache.pem by yours
  • Avoid frontview or fw updates to overwrite it (not sure if it could harm fw upgrade...):
chattr +i /etc/frontview/apache/apache.pem
  • Create a file /etc/frontview/apache/addons/ssl.conf with
SSLCACertificateFile /etc/frontview/apache/addons/root.crt
SSLCertificateChainFile /etc/frontview/apache/addons/class3.crt
  • Tell Apache to reload its config
killall -HUP apache2

hosts

Complete /etc/hosts

Debian

System is a Debian Wheezy
Edit /etc/apt/sources.list and add non-free:

deb http://mirrors.kernel.org/debian wheezy main non-free                       
apt-get update
apt-get install dialog
apt-get install mc screen binutils sshfs pv netcat encfs man python htop iotop p7zip p7zip-full unrar git

What is not available:

  • luks? missing some support in kernel?

mail

apt-get install exim4 bsd-mailx
dpkg-reconfigure exim4-config
3. mail sent by smarthost; no local mail
System mail name: yobi.be
IP-addresses to listen on for incoming SMTP connections: 127.0.0.1
Other destinations for which mail is accepted: 
Visible domain name for local users: yobi.be
IP address or host name of the outgoing smarthost: smtp.isp.xxx 
Keep number of DNS-queries minimal (Dial-on-Demand)? n
Split configuration into small files? y
Root and postmaster mail recipient: phil

Complete /etc/email-addresses

backuppc (old)

apt-get install backuppc libfile-rsyncp-perl libio-dirent-perl

Small issue because Apache is not running as the usual www-data but admin user:

chgrp admin /etc/backuppc/*
chgrp admin /usr/lib/backuppc/cgi-bin/index.cgi 
chmod u+s /usr/lib/backuppc/cgi-bin/index.cgi

Set backuppc password:

htpasswd /etc/backuppc/htpasswd backuppc

Move pool to the big partition, preserving hard links

/etc/init.d/backuppc stop
cp -a /var/lib/backuppc /home
rm -rf /var/lib/backuppc
ln -s /home/backuppc /var/lib/backuppc
/etc/init.d/backuppc start

If you want to encrypt backup pool, you can alternatively do:

/etc/init.d/backuppc stop
cp -a /var/lib/backuppc /home/backuppc.orig
rm -rf /var/lib/backuppc
mkdir /home/.backuppc
adduser backuppc fuse
mkdir /var/lib/backuppc
chown backuppc.backuppc /var/lib/backuppc
encfs --public /home/.backuppc /var/lib/backuppc

We need hardlinks, so use "standard" settings of encfs, no external IV chaining!
And because it will be accessed also by Apache, even if through some setuid, we need --public

su -s /bin/bash backuppc
$ rsync -avH /home/backuppc.orig/ /var/lib/backuppc
rm -rf /home/backuppc.orig
/etc/init.d/backuppc start

If you choose encryption, it cannot start automatically anymore:

for i in /etc/rc*.d/S*backuppc; do mv $i ${i/S/K};done
update-rc.d backuppc defaults
systemctl --system daemon-reload

And from now on, use scripts to start/stop manually:

#!/bin/bash
encfs --public /home/.backuppc /var/lib/backuppc && /etc/init.d/backuppc start
#!/bin/bash
/etc/init.d/backuppc stop
fusermount -u /var/lib/backuppc

Visit https://readynas/backuppc
Default backup of localhost /etc will fail due to some read access issues, we can ignore them by tuning the corresponding TarClientCmd and appending to it:

--ignore-failed-read

Transmission

There is a readynas app, but better to use the Debian one if you want to tune it.

apt-get install transmission-daemon
/etc/init.d/transmission-daemon stop

Edit /etc/default/transmission-daemon:

ENABLE_DAEMON=0

Create /data/Transmission/info/settings.json

# cf https://trac.transmissionbt.com/wiki/EditConfigFiles
"download-dir":...
"incomplete-dir":...
"rpc-password": "your_password", # note that it will be encrypted next time automatically
chown -R  phil.users /data/Transmission/info

transmission-start.sh:

#!/bin/bash
exec su -s /bin/bash phil -c "/usr/bin/transmission-daemon --config-dir /data/Transmission/info/ --logfile /data/Transmission/info/logfile --log-info"

transmission-stop.sh:

#!/bin/bash
exec su -s /bin/bash phil -c "killall transmission-daemon"

If you've some transmission settings to transfer from another machine:

  • settings.json is in /etc/transmission-daemon/settings.json
  • other stuffs (blocklists, resume, torrents,...) is in /var/lib/transmission-daemon/info/

To fix .resume files from another location, here from /shares/.... to /data/....: file is bencoded but a few bash lines are enough

#!/bin/bash
FILE="$1"
OLDDESTSIZE=$(cat "$FILE"|cut -f6 -d:|head -n1|sed 's/destination//')
OLDDEST="/shares"
NEWDEST="/data"
NEWDESTSIZE=$(($OLDDESTSIZE-${#OLDDEST}+${#NEWDEST}))
sed -i "s#:destination[0-9]\+:${OLDDEST}#:destination${NEWDESTSIZE}:${NEWDEST}#" "$FILE"
chown phil:users "$FILE"

To run it under another user:
Edit /etc/init.d/transmission-daemon -> USER=joe, then:

chown -R joe.users /var/lib/transmission-daemon 
chown -R joe.users /etc/transmission-daemon
systemctl --system daemon-reload
/etc/init.d/transmission-daemon start

Transgui / Transmission options / Network / Incoming port <> router firewall?

Android