Synology Diskstation NAS

I mentioned in my last post that hardware running my Mythbuntu system was failing and rather than repair or replace it I decided to reengineer my home server system. The challenge when you've spent years expanding a custom system is in unraveling the complexity, giving up some of the personalized solutions, and mapping out a migration path to a new system.

My old server had many functions: a web server, network music server, file server, MythTV server, backup server, VPN server, and network camera recorder. That's a lot of stuff to find replacements for. The MythTV server was the most CPU intensive function and until recently the hardest to find an inexpensive replacement for. After I had completed the switch from MythTV to the TabloTV DVR the remaining functionality was better aligned with what a good NAS system could do.

As usual I wanted a low cost system. For me that meant low wattage, minimal administrative work, and long product life expectancy. I found that the Synology DiskStation DS115 was the best match for my needs. The company has a wide range of products, produces a single operating system for all of them, has an active community and large number of third party app packages.

I've been quite happy with the DiskStation. There are lots of features available but the documentation and web interface do a good job of explaining them and making the setup easy. In case I ever need to setup the system from scratch again I'm making a list here of things I might want to remember.

Music Server

I'm quite happy with my original SliMP3 player so the Logitech Media Server is required.

• Package Center → Logitech Media Server
• another option is the Audio Station package

Namecheap DDNS

DSM 5.1 doesn't officially support Namecheap DDNS but there are a few options.

• Control Panel → External Access → DDNS
• install the third party ddupdate package
• use DDNS on a dd-wrt router 
• add Namecheap support to the built-in DDNS system which is what I did and it may break with the next DSM update

The forum post here describes how to modify the DSM system and this Namecheap documentation describes the URL to post updates to.

I made this modification to the script to support a domain without a subdomain.
$array = explode('.', $hostname);
if (count($array) == 2) {
    $host = '@';
    $domain = $hostname;
} else {
    $domain = implode('.', array_slice($array, 1));
    $host = implode('.', array_slice($array, 0, 1));
}
$url = 'https://dynamicdns.park-your-domain.com/update?host='.$host.'&domain='.$domain.'&password='.$pwd.'&ip='.$ip;

SSH login

Here's a very good blog post by Josh Dick on SSH & SFTP setup

1. enable sshd
• Control Panel → Terminal & SNMP → Terminal → Enable SSH service
• give the user a shell in /etc/passwd
2. create user home directories
• Control Panel → User → Advanced → User Home → Enable user home service
• fix user home directory permissions for ssh public key authentication
• chmod 755 for ~
• chmod 700 ~/.ssh
• chmod 644 ~/.ssh/authorized_keys
3. Control Panel → File Services → FTP → Enable SFTP service
4. enable ssh tunneling
• as root (ssh root@diskstation)
• vi /etc/ssh/sshd_config
• change AllowTcpForwarding to yes
• change GatewayPorts to client specified
• reload sshd: synoservicectl --reload sshd

SSL cert

• Control Panel → Security → Certificate

Web server

• Control Panel → Web Services → Enable Web Station
• DSM 5.1 uses Apache 2.2
• Access control using Photo Station album passwords
• I'd rather find a way to use the Photo Station's own PHP session auth system to protect my website
• I built a custom login system
• .htaccess files with RewriteRule to route a protected folder to the login system
• uses X-Sendfile headers to deliver authorized files
• uses synoautoblock to prevent brute force attacks
• checks password against the Photo Station album
• SELECT password FROM photo_share WHERE sharename = 'Password protected album name'
• VirtualHost setup
• using www.domain.tld instead of domain.tld makes integration with other DiskStation apps easier

 Photo Station

This is really the feature that sold me on the Synology system. It replaced my homegrown photo website running my BPG application.

• Package Center → Photo Station

Somehow I had an issue where I couldn't remove the password from albums and I had to fix it in the database.

psql photo postgres

photo=# SELECT * FROM photo_share WHERE password NOT LIKE '';

 Surveillance Station

This records and notifies me when there is motion on a network camera.

• Package Center → Surveillance Station
• I'm still using the old Zonet Netcam and it needs a daily reboot to keep streaming
• Control Panel → Task Scheduler
• curl -s "http://ADMIN:PASSWORD@CAMERA/admin/reboot.cgi?reboot=reboot&type=0" > /dev/null

 Dropbox Cloud Sync

This lets me sync my Dropbox account with the DiskStation.

• Package Center → Cloud Sync

Mail Station

I want to have some devices on my home network send email from my Google account.

• my Brother printer can send email but won't use TLS like Google requires
• on my old system I used stunnel and it may work on the DiskStation
• the Synology Mail Server can also work for a private LAN
• Mail Server → SMTP
• Enable SMTP Authentication
• Ignore authorization for LAN connections
• Domain name: diskstation.DOMAIN (don't use a real email domain unless you want mail delivered to local ~/.Maildirs/)
• SMTP Relay
• Enable SMTP Relay
• Server: smtp.gmail.com
• Port: 587
• Always use secure connection (TLS)
• Account: gmail address
• Password: create an app specific password for the Google account

CardDAV

This is a cool feature I use for a shared address book across multiple devices.

• Package Center → CardDAV Server
• Official documentation
• For a shared adderssbook create a dedicated user account
• Control Panel → User
• The full URL is https://DOMAIN:8443/addressbooks/users/USERNAME/addressbook/ but some clients don't need the whole thing 
• some forum discussion

And if you are curious about where the address books are stored:

psql -U postgres -l

psql -U postgres -d caldav

SELECT * FROM addressbook_object;

Backups

I want to use the DiskStation as an local backup destination for my computers, and since it also stores files I want to back those up to both a local onsite destination and an remote offsite location.

• local onsite backup for Macs using TimeMachine (Mac → backup to DiskStation)
• The official Synology documentation for this feature
• Setup users for each TimeMachine laptop
• Assign the user a data quota so they don't use the entire DiskStation
• Create a "Time Machine" shared folder
• Setup time machine on each laptop with the dedicated user/password
• local onsite backup for DiskStation to eSATA disk (DiskStation → backup to eSATA disk)
• Backup & Replication → Backup Destination
• create destination on "satashare" shared folder
• Backup & Replication → Backup
• setup the daily backup schedule
• remote offsite backup (DiskStation's CrashPlan → backup to remote site)
• Install CrashPlan following these instructions summarized below
1. add http://packages.pcloadletter.co.uk to package sources
2. install synology "java manager" package
3. install crashplan package (may need to click "allow trusted third party packages")
4. setup headless crashplan
5. in "task manager" setup service tasks to start/stop crashplan in the night to save RAM
6. backup to a local drive then copy that seed to a external drive for the remote backup server
• check backup progress with tail /volume1/@appstore/CrashPlan/log/history.log.0

There are lots of other back options:

• The official DSM 5.1 backup documentation
• rsync backup and discussion in forums 
• setting up a linux server to receive rsync backup from a DiskStation
• manually using the Synology built-in ecryptfs
• another guide to CrashPlan setup