2015/05/03

Synology Diskstation NAS

I mentioned in my last post that hardware running my Mythbuntu system was failing and rather than repair or replace it I decided to reengineer my home server system. The challenge when you've spent years expanding a custom system is in unraveling the complexity, giving up some of the personalized solutions, and mapping out a migration path to a new system.

My old server had many functions: a web server, network music server, file server, MythTV server, backup server, VPN server, and network camera recorder. That's a lot of stuff to find replacements for. The MythTV server was the most CPU intensive function and until recently the hardest to find an inexpensive replacement for. After I had completed the switch from MythTV to the TabloTV DVR the remaining functionality was better aligned with what a good NAS system could do.

As usual I wanted a low cost system. For me that meant low wattage, minimal administrative work, and long product life expectancy. I found that the Synology DiskStation DS115 was the best match for my needs. The company has a wide range of products, produces a single operating system for all of them, has an active community and large number of third party app packages.

I've been quite happy with the DiskStation. There are lots of features available but the documentation and web interface do a good job of explaining them and making the setup easy. In case I ever need to setup the system from scratch again I'm making a list here of things I might want to remember.

Music Server

I'm quite happy with my original SliMP3 player so the Logitech Media Server is required.
  • Package Center → Logitech Media Server
  • another option is the Audio Station package

Namecheap DDNS

DSM 5.1 doesn't officially support Namecheap DDNS but there are a few options.
  • Control Panel → External Access → DDNS
  • install the third party ddupdate package
  • use DDNS on a dd-wrt router 
  • add Namecheap support to the built-in DDNS system which is what I did and it may break with the next DSM update
The forum post here describes how to modify the DSM system and this Namecheap documentation describes the URL to post updates to.

I made this modification to the script to support a domain without a subdomain.
$array = explode('.', $hostname);
if (count($array) == 2) {
    $host = '@';
    $domain = $hostname;
} else {
    $domain = implode('.', array_slice($array, 1));
    $host = implode('.', array_slice($array, 0, 1));
}
$url = 'https://dynamicdns.park-your-domain.com/update?host='.$host.'&domain='.$domain.'&password='.$pwd.'&ip='.$ip;

SSH login

Here's a very good blog post by Josh Dick on SSH & SFTP setup
  1. enable sshd
    • Control Panel → Terminal & SNMP → Terminal → Enable SSH service
      • give the user a shell in /etc/passwd
  2. create user home directories
    • Control Panel → User → Advanced → User Home → Enable user home service
    • fix user home directory permissions for ssh public key authentication
      • chmod 755 for ~
      • chmod 700 ~/.ssh
      • chmod 644 ~/.ssh/authorized_keys
  3. Control Panel → File Services → FTP → Enable SFTP service
  4. enable ssh tunneling
    • as root (ssh root@diskstation)
    • vi /etc/ssh/sshd_config
    • change AllowTcpForwarding to yes
    • change GatewayPorts to client specified
    • reload sshd: synoservicectl --reload sshd

SSL cert

  • Control Panel → Security → Certificate

Web server

  • Control Panel → Web Services → Enable Web Station
  • DSM 5.1 uses Apache 2.2
  • Access control using Photo Station album passwords
    • I'd rather find a way to use the Photo Station's own PHP session auth system to protect my website
    • I built a custom login system
      • .htaccess files with RewriteRule to route a protected folder to the login system
      • uses X-Sendfile headers to deliver authorized files
      • uses synoautoblock to prevent brute force attacks
      • checks password against the Photo Station album
        • SELECT password FROM photo_share WHERE sharename = 'Password protected album name'
  • VirtualHost setup
    • using www.domain.tld instead of domain.tld makes integration with other DiskStation apps easier

 Photo Station

This is really the feature that sold me on the Synology system. It replaced my homegrown photo website running my BPG application.
  • Package Center → Photo Station
Somehow I had an issue where I couldn't remove the password from albums and I had to fix it in the database.
psql photo postgres
photo=# SELECT * FROM photo_share WHERE password NOT LIKE '';

 Surveillance Station

This records and notifies me when there is motion on a network camera.
  • Package Center → Surveillance Station
  • I'm still using the old Zonet Netcam and it needs a daily reboot to keep streaming
    • Control Panel → Task Scheduler
    • curl -s "http://ADMIN:PASSWORD@CAMERA/admin/reboot.cgi?reboot=reboot&type=0" > /dev/null

 Dropbox Cloud Sync

This lets me sync my Dropbox account with the DiskStation.
  • Package Center → Cloud Sync

Mail Station

I want to have some devices on my home network send email from my Google account.
  • my Brother printer can send email but won't use TLS like Google requires
  • on my old system I used stunnel and it may work on the DiskStation
  • the Synology Mail Server can also work for a private LAN
  • Mail Server → SMTP
    • Enable SMTP Authentication
    • Ignore authorization for LAN connections
    • Domain name: diskstation.DOMAIN (don't use a real email domain unless you want mail delivered to local ~/.Maildirs/)
    • SMTP Relay
      • Enable SMTP Relay
      • Server: smtp.gmail.com
      • Port: 587
      • Always use secure connection (TLS)
      • Account: gmail address
      • Password: create an app specific password for the Google account

CardDAV

This is a cool feature I use for a shared address book across multiple devices.
  • Package Center → CardDAV Server
  • Official documentation
  • For a shared adderssbook create a dedicated user account
    • Control Panel → User
  • The full URL is https://DOMAIN:8443/addressbooks/users/USERNAME/addressbook/ but some clients don't need the whole thing 
  • some forum discussion
And if you are curious about where the address books are stored:
psql -U postgres -l
psql -U postgres -d caldav
SELECT * FROM addressbook_object;

Backups

I want to use the DiskStation as an local backup destination for my computers, and since it also stores files I want to back those up to both a local onsite destination and an remote offsite location.
  • local onsite backup for Macs using TimeMachine (Mac → backup to DiskStation)
    • The official Synology documentation for this feature
    • Setup users for each TimeMachine laptop
    • Assign the user a data quota so they don't use the entire DiskStation
    • Create a "Time Machine" shared folder
    • Setup time machine on each laptop with the dedicated user/password
  • local onsite backup for DiskStation to eSATA disk (DiskStation → backup to eSATA disk)
    • Backup & Replication → Backup Destination
      • create destination on "satashare" shared folder
    • Backup & Replication → Backup
      • setup the daily backup schedule
  • remote offsite backup (DiskStation's CrashPlan → backup to remote site)
      1. add http://packages.pcloadletter.co.uk to package sources
      2. install synology "java manager" package
      3. install crashplan package (may need to click "allow trusted third party packages")
      4. setup headless crashplan
      5. in "task manager" setup service tasks to start/stop crashplan in the night to save RAM
      6. backup to a local drive then copy that seed to a external drive for the remote backup server
    • check backup progress with tail /volume1/@appstore/CrashPlan/log/history.log.0
There are lots of other back options:

2015/04/25

TabloTV + Roku

I recently switched from my Mythbuntu MythTV system to a TabloTV with a Roku3. While I've enjoyed tinkering with the MythTV system and it's many features over the years, limited free time and failing hardware lead me to take a close look at moving to a dedicated appliance style system. As part of this project I also decided to improve my OTA antenna installation since I was not getting all the national broadcast networks reliably. I am very glad I did as it's all working well now.

To start with I focused on the antennas as this is the biggest factor in reliable signal reception. I used the FCC TV signal direction site to figure out which types of antennas I needed. The major factors in choosing the antenna are which RF channels it is designed for, the dBi gain for how weak a signal it can receive, and the beam width for how wide the reception angle is.

Living in Seattle I need channels VHF 9-13 plus UHF 16 and up. Since the is a large hill between my house and the transmitters I wanted the highest gain available in a reasonable size and a beam width wide enough to receive the signal from each of the transmitters. I already had a Antennas Direct DB4 and it was pretty good for the UHF channels, but my RadioShack VU-75XR wasn't good enough for the VHF channels so I found the AntennaCraft VHF Y5-7-13 and it works great. There are a few channels that are still on the reception edge so I may replace the DB4 later with an 8 bay model. I use a VHF-UHF combiner to connect them to a single coax cable that connects to my TabloTV tuner. While working on finding the best location and aiming for each antenna I connected them to my old HDHomeRun ATSC tuner and used the Hdhomerun Signal Meter app on my phone to find the best signal available for each channel. This is the hardest part as the antenna placement is really just trial and error.  I did find a great book that had some good practical information on antenna placement.

After the antenna installation was finished I connected the TabloTV tuner and attached a USB hard drive. The first hard drive I got didn't work reliably so I used an old 500GB drive that I had avaiable. While the initial setup was a bit quirky, it worked great after that. Since the old hard drive was a bit noisy I stuck some foam weather stripping to the bottom of the case which eliminated most of the noise. TabloTV is working on the hard drive compatibility issues and provides a list of known good drives. Until they resolve this be prepared for some trial and error getting the right drive.

The Roku was similar to setup, just connect to the network, setup an account and it was ready to go. The best thing about the Roku is the large number of apps (channels) that are available for it. It has a channel for the Tablo as well as Netflix, Amazon Instant video, and Google Play video.

This blog post wouldn't be complete without some tinkering with the stock system. First the Roku has a notable flaw where it shows advertisements on the main screen and you have no control over what they are and they may not be appropriate for young children. To fix this you can block all access to the "channels.roku.com" URL on your home router. It also prevents channel and system updates so you need to periodically unblock it and check for updates manually in the system settings. The other bit of tinkering was being able to download recordings from the TabloTV. The TabloTV community has some dedicated fans who have built tools to download recordings from the Tablo so you can save them forever.

I definitely recommend this project for anyone wanting to setup an OTA DVR system.