Synology NAS: Difference between revisions

From SWKLS WIKI
Jump to navigation Jump to search
Line 14: Line 14:
* enable DDNS (synology). Use verso_code+nas i.e. haconas for name
* enable DDNS (synology). Use verso_code+nas i.e. haconas for name
* enable automatic package updates
* enable automatic package updates
===Email Alerts===
<blockquote class="inform">
swkls+synologynas@mycheckcentral.cc
mail.checkcentral.cc
587
</blockquote>
==Synology NAS S3 Access==
==Synology NAS S3 Access==
===User / Group / Policy Creation===
===User / Group / Policy Creation===

Revision as of 19:49, 8 December 2023

Synology Inital Configuration

Basic NAS Setup

  • create shared folder 'backups', no recycle bin if used for staff backups
  • create user 'backupuser'
  • create 'staff' group
  • give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
  • set notifications
  • swkls+synologynas@mycheckcentral.cc
  • mail.checkcentral.cc
  • 587
  • install 'Cloud Sync' and 'Storage Analyzer' packages
  • enable power-on after power failure & WOL
  • enable basic SSH
  • enable DDNS (synology). Use verso_code+nas i.e. haconas for name
  • enable automatic package updates

Synology NAS S3 Access

User / Group / Policy Creation

Add User & Group

  • Add user by going to My Security Credentials (close pop-up) -> Users -> Add User.
  • Username is Library name
  • Access type is programmatic.
  • Next screen add Group (name is verso code).
  • Skip 'Tags'.
  • On the last screen (Success) copy the Access Key ID and Secret Access Key (these will be used later) and put in password DB (under NAS info).

Add Policy

  • Go to Policies and Create Policy.
  • In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: xyzlibnas):
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:ListAllMyBuckets"
            ],
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:*",
            "Resource": [
                "arn:aws:s3:::xyzlibnas",
                "arn:aws:s3:::xyzlibnas/*"
            ]
        }
    ]
}
  • Under 'Review', name the policy (verso code + 'nas') and click 'Create Policy'.
  • Go to Groups and open the newly created group.
  • Under 'Permissions' tab, click 'Attach Policy'.

S3 Bucket Creation

  • Go to S3 and 'Create Bucket'.
  • Bucket name is verso code + 'libnas'.
  • Region should be US East (N. Virginia).
  • Copy settings from another bucket (Bucklin for staff computer backups, Hamilton Co for shared file backups).
  • Enable 'Keep all versions of an object in the same bucket' on next screen
  • Modify tag to verso code.
  • Leave permissions on next screen as 'Block ALL Public Access'.
  • Review and 'Create'.
  • Once created, go into bucket and select the 'Properties' tab.
  • Enable server-side encryption (AES-256).
  • Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.
  • IMPORTANT!!! Create a Lifecycle rule to delete incomplete multi-part uploads (MPUs) after 3 days.

Synology NAS Cloud Sync Setup

  • Log into the Synology NAS.
  • create shared folder 'backups', no recycle bin if used for staff backups
  • create user 'backupuser'
  • create 'staff' group
  • give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
  • set notifications
  • Go to Packages and install the 'Cloud Sync' and 'Storage Analyzer' packages.
  • Once installed, open the Cloud Sync app (NOT Cloud Station ShareSync).
  • Select S3 Storage from the cloud providers list.
  • Put in the Access Key and Secret Key and select the appropriate bucket from the drop down list.
  • Click 'Next' and then 'Apply'.
  • On the next screen under Local Path select the folder that you want to upload.
  • Under Remote Path create a folder off of the root to store the files in (example: veeam).
  • Change the sync direction to 'Upload Local Changes Only'.
  • Leave everything else at defaults and select 'Schedule'.
  • Modify the schedule to only sync files during off hours (unless syncing shared files).

Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket