Synology NAS: Difference between revisions
Jump to navigation
Jump to search
Line 14: | Line 14: | ||
* enable DDNS (synology). Use verso_code+nas i.e. haconas for name | * enable DDNS (synology). Use verso_code+nas i.e. haconas for name | ||
* enable automatic package updates | * enable automatic package updates | ||
==Synology NAS S3 Access== | ==Synology NAS S3 Access== | ||
===User / Group / Policy Creation=== | ===User / Group / Policy Creation=== |
Revision as of 19:49, 8 December 2023
Synology Inital Configuration
Basic NAS Setup
- create shared folder 'backups', no recycle bin if used for staff backups
- create user 'backupuser'
- create 'staff' group
- give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
- set notifications
- swkls+synologynas@mycheckcentral.cc
- mail.checkcentral.cc
- 587
- install 'Cloud Sync' and 'Storage Analyzer' packages
- enable power-on after power failure & WOL
- enable basic SSH
- enable DDNS (synology). Use verso_code+nas i.e. haconas for name
- enable automatic package updates
Synology NAS S3 Access
User / Group / Policy Creation
Add User & Group
- Add user by going to My Security Credentials (close pop-up) -> Users -> Add User.
- Username is Library name
- Access type is programmatic.
- Next screen add Group (name is verso code).
- Skip 'Tags'.
- On the last screen (Success) copy the Access Key ID and Secret Access Key (these will be used later) and put in password DB (under NAS info).
Add Policy
- Go to Policies and Create Policy.
- In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: xyzlibnas):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::xyzlibnas",
"arn:aws:s3:::xyzlibnas/*"
]
}
]
}
- Under 'Review', name the policy (verso code + 'nas') and click 'Create Policy'.
- Go to Groups and open the newly created group.
- Under 'Permissions' tab, click 'Attach Policy'.
S3 Bucket Creation
- Go to S3 and 'Create Bucket'.
- Bucket name is verso code + 'libnas'.
- Region should be US East (N. Virginia).
- Copy settings from another bucket (Bucklin for staff computer backups, Hamilton Co for shared file backups).
- Enable 'Keep all versions of an object in the same bucket' on next screen
- Modify tag to verso code.
- Leave permissions on next screen as 'Block ALL Public Access'.
- Review and 'Create'.
- Once created, go into bucket and select the 'Properties' tab.
- Enable server-side encryption (AES-256).
- Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.
- IMPORTANT!!! Create a Lifecycle rule to delete incomplete multi-part uploads (MPUs) after 3 days.
Synology NAS Cloud Sync Setup
- Log into the Synology NAS.
- create shared folder 'backups', no recycle bin if used for staff backups
- create user 'backupuser'
- create 'staff' group
- give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
- set notifications
- Go to Packages and install the 'Cloud Sync' and 'Storage Analyzer' packages.
- Once installed, open the Cloud Sync app (NOT Cloud Station ShareSync).
- Select S3 Storage from the cloud providers list.
- Put in the Access Key and Secret Key and select the appropriate bucket from the drop down list.
- Click 'Next' and then 'Apply'.
- On the next screen under Local Path select the folder that you want to upload.
- Under Remote Path create a folder off of the root to store the files in (example: veeam).
- Change the sync direction to 'Upload Local Changes Only'.
- Leave everything else at defaults and select 'Schedule'.
- Modify the schedule to only sync files during off hours (unless syncing shared files).
Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket