Synology NAS: Difference between revisions
Jump to navigation
Jump to search
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Synology== | ==Synology Inital Configuration== | ||
===Basic NAS Setup=== | ===Basic NAS Setup=== | ||
* create shared folder 'backups', no recycle bin if used for staff backups | * create shared folder 'backups', no recycle bin if used for staff backups | ||
Line 6: | Line 6: | ||
* give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group | * give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group | ||
* set notifications | * set notifications | ||
* | * xxxx@mycheckcentral.cc | ||
* mail.checkcentral.cc | * mail.checkcentral.cc | ||
* 587 | * 587 | ||
Line 12: | Line 12: | ||
* enable power-on after power failure & WOL | * enable power-on after power failure & WOL | ||
* enable basic SSH | * enable basic SSH | ||
* enable automatic package updates | * enable automatic package updates | ||
==Synology NAS S3 Access== | ==Synology NAS S3 Access== | ||
Line 76: | Line 67: | ||
* Enable server-side encryption (AES-256). | * Enable server-side encryption (AES-256). | ||
* Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'. | * Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'. | ||
* IMPORTANT!!! Create a Lifecycle rule to delete incomplete multi-part uploads (MPUs) after 3 days. | |||
===Synology NAS Cloud Sync Setup=== | ===Synology NAS Cloud Sync Setup=== |
Latest revision as of 19:50, 8 December 2023
Synology Inital Configuration
Basic NAS Setup
- create shared folder 'backups', no recycle bin if used for staff backups
- create user 'backupuser'
- create 'staff' group
- give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
- set notifications
- xxxx@mycheckcentral.cc
- mail.checkcentral.cc
- 587
- install 'Cloud Sync' and 'Storage Analyzer' packages
- enable power-on after power failure & WOL
- enable basic SSH
- enable automatic package updates
Synology NAS S3 Access
User / Group / Policy Creation
Add User & Group
- Add user by going to My Security Credentials (close pop-up) -> Users -> Add User.
- Username is Library name
- Access type is programmatic.
- Next screen add Group (name is verso code).
- Skip 'Tags'.
- On the last screen (Success) copy the Access Key ID and Secret Access Key (these will be used later) and put in password DB (under NAS info).
Add Policy
- Go to Policies and Create Policy.
- In the JSON tab, paste in the following code, modifying the 'Resource' fields (library Verso code + 'libnas') (example: xyzlibnas):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets"
],
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::xyzlibnas",
"arn:aws:s3:::xyzlibnas/*"
]
}
]
}
- Under 'Review', name the policy (verso code + 'nas') and click 'Create Policy'.
- Go to Groups and open the newly created group.
- Under 'Permissions' tab, click 'Attach Policy'.
S3 Bucket Creation
- Go to S3 and 'Create Bucket'.
- Bucket name is verso code + 'libnas'.
- Region should be US East (N. Virginia).
- Copy settings from another bucket (Bucklin for staff computer backups, Hamilton Co for shared file backups).
- Enable 'Keep all versions of an object in the same bucket' on next screen
- Modify tag to verso code.
- Leave permissions on next screen as 'Block ALL Public Access'.
- Review and 'Create'.
- Once created, go into bucket and select the 'Properties' tab.
- Enable server-side encryption (AES-256).
- Under the Metrics sub-tab, edit (pencil icon) the name on the left sidebar and enable 'request metrics' and 'data transfer metrics' and click 'Save'.
- IMPORTANT!!! Create a Lifecycle rule to delete incomplete multi-part uploads (MPUs) after 3 days.
Synology NAS Cloud Sync Setup
- Log into the Synology NAS.
- create shared folder 'backups', no recycle bin if used for staff backups
- create user 'backupuser'
- create 'staff' group
- give 'staff' group rw to 'backups' folder, add 'backupuser' to 'staff' group
- set notifications
- Go to Packages and install the 'Cloud Sync' and 'Storage Analyzer' packages.
- Once installed, open the Cloud Sync app (NOT Cloud Station ShareSync).
- Select S3 Storage from the cloud providers list.
- Put in the Access Key and Secret Key and select the appropriate bucket from the drop down list.
- Click 'Next' and then 'Apply'.
- On the next screen under Local Path select the folder that you want to upload.
- Under Remote Path create a folder off of the root to store the files in (example: veeam).
- Change the sync direction to 'Upload Local Changes Only'.
- Leave everything else at defaults and select 'Schedule'.
- Modify the schedule to only sync files during off hours (unless syncing shared files).
Reference: https://objectivefs.com/howto/how-to-restrict-s3-bucket-policy-to-only-one-aws-s3-bucket