Synology: Difference between revisions

Enabled SSH Server Created Trailpeople Group used TrailPeople gmail account to enable email

I am getting the impression that the management engine (DSM) is running in nginx on port 5000 and that I want to use Apache to support owncloud.

Database engine of choice

I wanted to use PostgreSQL but can't get it to work with owncloud. I tried and tried and gave up. Owncloud does not appear to be sending the username to postgres. I dropped back to Mariadb

Configuration files for postgresql are in /etc/postgresql/ Use a HUP to reconfigure it. killall -1 /usr/bin/postgres

NGINX

When I first got the Syno, I touched the nginx configuration and ended up breaking the DSM app. I backed out my changes.

The file I created for owncloud is in /usr/local/etc/nginx/sites-enabled/owncloud.conf and it looks like this:

server {
  listen 443 default_server ssl;
  listen [::]:443 default_server ssl;

  server_name _;
#  ssl_certificate /etc/ssl/nginx/owncloud.crt;
#  ssl_certificate_key /etc/ssl/private/owncloud.key;

  root /volume1/web/owncloud;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  index index.php;
  location ~ \.php {
    fastcgi_index index.php;
    fastcgi_pass unix:/run/php-fpm/php56-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_script_name;
    include fastcgi_params;
  }

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
    deny all;
  }

  location / {
    # The following 2 rules are only needed with webfinger
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }

  # ownCloud security tip
  add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; ";
}

Packages

Do not install WebStation! It pulls in Apache. I don't want it hanging around. Likewise skip phpMyadmin because it pulls in WebStation.

• Synology Directory Service
• Synology VPN

Enable Synocommunity, https://synocommunity.com/

for owncloud, install

• redis -- http://www.iholken.com/index.php/2016/03/16/install-redis-server-and-phpredis-extension-into-synology-nas-running-dsm-6-without-bootstrapping/
• MariaDB
• debian chroot

I download from owncloud.org because the version in packages is outdated.

wget https://download.owncloud.org/community/owncloud-9.1.2.tar.bz2

Debian packages

sudo -s
sudo /var/packages/chroot/scripts/start_stop_status chroot
apt-get update
apt-get install locales
dpkg-reconfigure locales
dpkg-reconfigure tzdata
apt-get install php5-dev
apt-get install php5-redis

Owncloud 9

http://www.iholken.com/index.php/2016/03/15/guide-for-installing-owncloud-9-to-synology-nas-running-dsm-6/

I did get it going with nginx in spite of his comments on using Apache instead.

Optimizations: fixed because owncloud told me to--

Add /dev/urandom to open_basedir in /usr/local/etc/php56/conf.d/user-settings.ini and then send a HUP to php-fpm

cat fpm.d/env.conf 
; bwilson added this for owncloud

;env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

PWAuth

The idea for pwauth with Apache came to me from this: http://www.iholken.com/index.php/2016/04/12/enable-pwauth-and-synology-nas-user-account-login-into-owncloud-installed-into-synology-dsm6/ but that's for Apache and I am using nginx... http://www.doublecloud.org/2014/01/nginx-with-pam-authentication/

Give nginx permission to read the shadow file. Add a group (42) to /etc/group, add the http user to the group

echo "shadow:x:42:http" >> /etc/group
chgrp shadow /etc/shadow
chmod 640 /etc/shadow

Set up pam.d

cd /etc/pam.d
echo "auth     sufficient     pam_unix.so" > nginx

Alter nginx configuration (see below)

config.php

<?php
$CONFIG = array (
  'instanceid' => 'ocarb6oq5tsb',
  'passwordsalt' => 'WOO1qwVT6iOCp6ycWp4lZ8GlNVv9y4',
  'secret' => 'FtvmpxpedQGTqwrxy7u+b8Ye5HMgXUmXzBlSlxROfogExbs8',
  'trusted_domains' => 
  array (
    0 => 'diskstation',
  ),
  'datadirectory' => '/volume1/web/owncloud/data',
  'overwrite.cli.url' => 'https://diskstation',
  'dbtype' => 'mysql',
  'version' => '9.1.2.5',
  'dbname' => 'owncloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'owncloud',
  'dbpassword' => 'BrightLight',
  'logtimezone' => 'UTC',
  'installed' => true,

  'memcache.local' => '\OC\Memcache\Redis',
  'redis' => array(
       'host' => 'localhost',
        'port' => 6379,
	),
);