Synology: Difference between revisions
Brian Wilson (talk | contribs) |
Brian Wilson (talk | contribs) |
||
| Line 148: | Line 148: | ||
;env[TMPDIR] = /tmp | ;env[TMPDIR] = /tmp | ||
;env[TEMP] = /tmp | ;env[TEMP] = /tmp | ||
=== Crontab === | |||
In the Synology "Task Scheduler" I set this to run every 15 minutes. | |||
Add to /etc/crontab: | |||
0,15,30,45 * * * * http /bin/php -f /volume1/web/owncloud/cron.php | |||
=== User authentication === | === User authentication === | ||
Revision as of 04:23, 20 November 2016
Enabled SSH Server Created Trailpeople Group used TrailPeople gmail account to enable email
I am getting the impression that the management engine (DSM) is running in nginx on port 5000 and that I want to use Apache to support owncloud.
Database engine of choice
I wanted to use PostgreSQL but can't get it to work with owncloud. I tried and tried and gave up. Owncloud does not appear to be sending the username to postgres. I dropped back to Mariadb
Configuration files for postgresql are in /etc/postgresql/ Use a HUP to reconfigure it. killall -1 /usr/bin/postgres
NGINX
When I first got the Syno, I touched the nginx configuration and ended up breaking the DSM app. I backed out my changes.
The file I created for owncloud is in /usr/local/etc/nginx/sites-enabled/owncloud.conf and it looks like this:
server {
listen 443 default_server ssl;
listen [::]:443 default_server ssl;
server_name _;
# ssl_certificate /etc/ssl/nginx/owncloud.crt;
# ssl_certificate_key /etc/ssl/private/owncloud.key;
root /volume1/web/owncloud;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
location ~ \.php {
fastcgi_index index.php;
fastcgi_pass unix:/run/php-fpm/php56-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
include fastcgi_params;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}
# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}
# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
# ownCloud security tip
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; ";
}
Packages
Do not install WebStation! It pulls in Apache. I don't want it hanging around. Likewise skip phpMyadmin because it pulls in WebStation.
- Synology Directory Service
- Synology VPN
Enable Synocommunity, https://synocommunity.com/
for owncloud, install
- redis -- http://www.iholken.com/index.php/2016/03/16/install-redis-server-and-phpredis-extension-into-synology-nas-running-dsm-6-without-bootstrapping/
- MariaDB
- debian chroot
I download from owncloud.org because the version in packages is outdated.
wget https://download.owncloud.org/community/owncloud-9.1.2.tar.bz2
Debian packages
sudo -s sudo /var/packages/chroot/scripts/start_stop_status chroot apt-get update apt-get install locales dpkg-reconfigure locales dpkg-reconfigure tzdata apt-get install php5-dev apt-get install php5-redis
Owncloud 9
I did get it going with nginx in spite of his comments on using Apache instead.
Optimizations: fixed because owncloud told me to--
Add /dev/urandom to open_basedir in /usr/local/etc/php56/conf.d/user-settings.ini and then send a HUP to php-fpm
cat fpm.d/env.conf ; bwilson added this for owncloud ;env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp
Crontab
In the Synology "Task Scheduler" I set this to run every 15 minutes. Add to /etc/crontab:
0,15,30,45 * * * * http /bin/php -f /volume1/web/owncloud/cron.php
User authentication
Synology has a pretty good UI in DSM for LDAP, so I enabled their Direcgtory Service package, then set up owncloud to use it.
I should be able to make Linux login (PAM) and Samba use it too. So setting up a password in LDAP should work everywhere.
config.php
<?php
$CONFIG = array (
'instanceid' => 'ocarb6oq5tsb',
'passwordsalt' => 'WOO1qwVT6iOCp6ycWp4lZ8GlNVv9y4',
'secret' => 'FtvmpxpedQGTqwrxy7u+b8Ye5HMgXUmXzBlSlxROfogExbs8',
'trusted_domains' =>
array (
0 => 'diskstation',
),
'datadirectory' => '/volume1/web/owncloud/data',
'overwrite.cli.url' => 'https://diskstation',
'dbtype' => 'mysql',
'version' => '9.1.2.5',
'dbname' => 'owncloud',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => 'owncloud',
'dbpassword' => 'BrightLight',
'logtimezone' => 'UTC',
'installed' => true,
'memcache.local' => '\OC\Memcache\Redis',
'redis' => array(
'host' => 'localhost',
'port' => 6379,
),
);
