Tag: synology

Renew Self Signed Certificate Using Synology DSM with custom CA

Posted on by Bian Xi Leave a Comment on Renew Self Signed Certificate Using Synology DSM with custom CA

Renew Self Signed Certificate Using Synology DSM with custom CA

Renew server certificate

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button
  • Select Renew certificate, then Next
  • Fill up information for Create certificate signed request (CSR), then Next
  • Click on Download

Following files are created in downloaded ZIP file

  • server.csr
  • server.key

Generate certificate

Following the steps in the page below to create and import the certificates

Use Synology DSM to create Self Signed Certificate with custom CA

References

Use Synology DSM to create Self Signed Certificate with custom CA

Install *Synology* NAS managed *Let’s Encrypt Certificate* in *NGINX*

Posted on by Bian Xi Leave a Comment on Install *Synology* NAS managed *Let’s Encrypt Certificate* in *NGINX*

Install Synology NAS managed Let's Encrypt Certificate in NGINX

Certificate Management

Synology NAS can be used for certificate management, and Let's Encrypt certificate can be exported as ZIP file used for NGINX HTTPS configuration.

  1. Go to Control Panel -> Security -> Certificate
  2. Select certificate to be exported
  3. Select Export Certificate from right click menu
  4. Save exported file

For existing certificates, can use right click -> renew option to renew.

Note: All domain in the certificates, must be resolved to current Synology NAS at port 80 and port 443, otherwise, certificate generation will be failed.

In downloaded ZIP file, following files can be found.

  • certs.pem
  • chain.pem
  • privkey.pem

NGINX configuration

  1. Concatenate cert.pem and chain.pem to cert-with-chain.pem (or fullchain.pem) file

  2. Copy cert-with-chain.pem and privkey.pem into NGNIX conf.d folder

  3. Verify NGINX configuration as below

ssl_certificate     conf.d/cert-with-chain.pem;
ssl_certificate_key conf.d/privkey.pem;
  1. Restart NGINX

Verification

Browser

The date of issue for new certificate should be displayed in certificate information window.

Command line

Following command can be used for verification

openssl s_client -connect <domain_name>:<port>

If got following error, concatenate chain.pem into cert.pem, because the full chain is required.

verify error:num=20:unable to get local issuer certificate
verify error:num=21:unable to verify the first certificate

References

How to install Let's Encrypt on Nginx

Fix Synology `Allocation Status` Crashed Error

Posted on by Bian Xi Leave a Comment on Fix Synology `Allocation Status` Crashed Error

Fix Synology Allocation Status Crashed Error

I use JBOD for backup volume with checksum turned on, because I don't expect both data on source and backup date lost. The issue of one disk in JBOD volume can cause volume crash, which becomes read only. When checking the the status further, only one disk shows Allocation Status as Crashed but Health Status as Healthy.

In the pass, due to the faulty volume is in read only status, I need to create new folders with new names and copy all data into new folders, then rebuilt the disk array, and move the volume back to new created volume, which requires reconfiguration of permission and services too, such as NFS, Timemachine, Rsync, etc. It can take days to complete all these tasks.

This time, I tried to recover the volume using a few commands.

Steps

Recreate Array

  • Login into command line of Sysnology as root

  • Find the array

# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1] [raid10] [raid6] [raid5] [raid4]
md2 : active raid5 sda5[0] sdc5[2] sdb5[1]
      1943862912 blocks super 1.2 level 5, 64k chunk, algorithm 2 [3/3] [UUU]

md12 : active raid5 sdjc7[5] sdjb7[6] sdjd7[3] sdja7[7] sdje7[8]
      1953467648 blocks super 1.2 level 5, 64k chunk, algorithm 2 [5/5] [UUUUU]

md9 : active raid5 sdjc6[9] sdjb6[8] sdja6[6] sdjd6[7] sdje6[5]
      703225088 blocks super 1.2 level 5, 64k chunk, algorithm 2 [5/5] [UUUUU]

md6 : active raid5 sdjc5[6] sdjd5[5] sdjb5[9] sdja5[8] sdje5[7]
      1230960384 blocks super 1.2 level 5, 64k chunk, algorithm 2 [5/5] [UUUUU]

md4 : active linear sdg3[0] sdh3[2](E) sdf3[1]
      2915921472 blocks super 1.2 64k rounding [3/3] [UUE]

md10 : active raid5 sdja8[2] sdje8[3] sdjc8[4]
      1953485824 blocks super 1.2 level 5, 64k chunk, algorithm 2 [3/3] [UUU]

md7 : active raid5 sdib6[4] sdie6[5] sdic6[3] sdia6[2] sdid6[1]
      3906971648 blocks super 1.2 level 5, 64k chunk, algorithm 2 [5/5] [UUUUU]

md3 : active raid5 sdie5[5] sdia5[4] sdid5[3] sdib5[7] sdic5[6]
      7794733824 blocks super 1.2 level 5, 64k chunk, algorithm 2 [5/5] [UUUUU]

md8 : active raid5 sdie7[0] sdib7[3] sdic7[2] sdia7[1]
      2930228736 blocks super 1.2 level 5, 64k chunk, algorithm 2 [4/4] [UUUU]

md1 : active raid1 sdh2[5] sdg2[4] sdf2[3] sdc2[2] sdb2[1] sda2[0]
      2097088 blocks [8/6] [UUUUUU__]

md0 : active raid1 sdh1[3] sdg1[4] sdf1[2] sda1[0] sdb1[1] sdc1[6]
      2490176 blocks [8/6] [UUUUU_U_]

unused devices: <none>
  • Collect RAID info
# mdadm --examine /dev/sdh3
/dev/sdh3:
          Magic : a92b4efc
        Version : 1.2
    Feature Map : 0x0
     Array UUID : 6783225a:318612f7:3473d58a:09a977b2
           Name : ds1812:4  (local to host ds1812)
  Creation Time : Wed Dec 28 07:04:52 2022
     Raid Level : linear
   Raid Devices : 3

 Avail Dev Size : 3897584768 (1858.51 GiB 1995.56 GB)
  Used Dev Size : 0
    Data Offset : 2048 sectors
   Super Offset : 8 sectors
   Unused Space : before=1968 sectors, after=65 sectors
          State : clean
    Device UUID : 14704640:a5536257:40c4ae47:2f008c53

    Update Time : Sat Jan 21 00:36:29 2023
       Checksum : 8685d50c - correct
         Events : 5

       Rounding : 64K

   Device Role : Active device 2
   Array State : AAA ('A' == active, '.' == missing, 'R' == replacing)
root@ds1812:~#
  • Unmount the system, if not successful, use force and kill option
# umount -f -k /volume3
  • Stop array
# mdadm --stop /dev/md4
  • Recreate array, answer the question as y
# mdadm --create --force /dev/md4 --metadata==1.2 --raid-devices=3 ---level=linear /dev/sdg3 /dev/sdf3 /dev/sdh3 -u6783225a:318612f7:3473d58a:09a977b2
mdadm: ... appears to be part of a raid array:
       ...
Continue creating array? y

Now, the array has been recreated, and should be in correct state

# cat /proc/mdstat

Check the filesystem and mount it again

The filesystem type is btrfs, so use following command to verify it

# btrfsck /dev/md4
Syno caseless feature on.
Checking filesystem on /dev/md4
UUID: 7a3a3941-e0c4-4505-8981-d309fb9482a5
checking extents
checking free space tree
checking fs roots
checking csums
checking root refs
found 2037124587520 bytes used err is 0
total csum bytes: 1986978456
total tree bytes: 2458648576
total fs tree bytes: 62947328
total extent tree bytes: 50741248
btree space waste bytes: 294577149
file data blocks allocated: 6689106694144
 referenced 1995731652608
root@ds1812:/# echo $?
0

Mount the filesystem, now, the Synology error beep should be stopped

mount /volume3

References

How to handle a drive that has "Allocation Status: Crashed"
[HOWTO] repair a clean volume who stays crashed volume
mdadm(8) — Linux manual page
Manualy repair filesystem command line DS214
How to recover from BTRFS errors

Upgrade DS1812+ RAM to 6GB

Posted on by Bian Xi Leave a Comment on Upgrade DS1812+ RAM to 6GB

Upgrade DS1812+ RAM to 6GB

After I found there is an internal memory also can be replaced, I decided to try replace it with higher capacity memory.

Before

I got one 4GB memory and one 1GB default memory.

Swap

Because the default is not easy to reach and I'm not sure whether the slot is suitable for 4GB RAMs or not, so I swap two RAMs and boot.

Result: It works. Not the default memory slot has 4GB RAM in it.

Upgrade to 6GB

Then I replace the 1GB memory to 2GB as below.

root@ds1812:~# free
              total        used        free      shared  buff/cache   available
Mem:        6106616      576752      593516       16440     4936348     5115404
Swap:       2097084      166520     1930564
root@ds1812:~# cat /proc/meminfo
MemTotal:        6106616 kB
MemFree:          434420 kB
Buffers:            5968 kB
Cached:          4793912 kB
SwapCached:        18104 kB
Active:          1456104 kB
Inactive:        3398440 kB
Active(anon):      30672 kB
Inactive(anon):    40608 kB
Active(file):    1425432 kB
Inactive(file):  3357832 kB
Unevictable:        5560 kB
Mlocked:            5560 kB
SwapTotal:       2097084 kB
SwapFree:        1930572 kB
Dirty:             48688 kB
Writeback:             0 kB
AnonPages:         48644 kB
Mapped:            42632 kB
Shmem:             16448 kB
Slab:             289948 kB
SReclaimable:     113820 kB
SUnreclaim:       176128 kB
KernelStack:        9360 kB
PageTables:        44156 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     5150392 kB
Committed_AS:    1645472 kB
VmallocTotal:   34359738367 kB
VmallocUsed:      465564 kB
VmallocChunk:   34359255664 kB
DirectMap4k:       16876 kB
DirectMap2M:     6262784 kB
root@ds1812:~#

References

Use Synology DSM to create Self Signed Certificate with custom CA

Posted on by Bian Xi Leave a Comment on Use Synology DSM to create Self Signed Certificate with custom CA

Use Synology DSM to create Self Signed Certificate with custom CA

To create custom CA and use it to create server certificate, Synology NAS can be used and manage them.

Create certificate with CA

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button and select Add menu item
  • Select Add a new certificate or Replace an existing certificate, then Next
  • Select Create self-signed certificate, then Next
  • Fill up information for Create root certificate for CA certificate, then Next
  • Fill up information for Create certificate for server certificate, then Apply

Following 4 certificates are created and can be exported

  • cert.pem - Server certificate
  • privkey.pem - Server Key
  • syno-ca-cert.pem - CA certificate
  • syno-ca-privkey.pem - CA Key

Create server certificate using CA above

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on CSR button
  • Select Create Certificate Singing Request, then Next
  • Fill up information for Create certificate signed request (CSR), then Next
  • Click on Download

Following files are created in downloaded ZIP file

  • server.csr
  • server.key

Signing server certificate

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on CSR button
  • Select Sign Certificate Singing Request, then Next
  • Select root certificate just created, then Next
  • Select server.csr file using Browse button next to the Certificate Request textbox
  • Fill up Subject Alternative Name, then Next
  • Click on Download

Following files are created in downloaded ZIP file

  • server.crt

Import server certificate

  • Launch Control Panel => Security
  • Click on Certificate tab
  • Click on Add button and select Add menu item
  • Select Add a new certificate or Replace an existing certificate, then Next
  • Fill up Description, select Import certificate, then Next
  • Select private key file and certificate file, then OK

References

self-signed-certificate-with-custom-ca.md

Create certificate in Synology NAS with self signed CA

Posted on by Bian Xi Leave a Comment on Create certificate in Synology NAS with self signed CA

Create certificate in Synology NAS with self signed CA

If the CA certificate is managed by Synology NAS, following steps can be used to create a certificate under that CA.

Create certificate request

  1. Go to Control Panel -> Security -> Certificate
  2. Select CSR
  3. Select Create certificate signing request (CSR)
  4. Then fill up information required
  5. Select Download, the CSR will be downloaded into local machine

The downloaded file contains two files, server.key and server.csr.

Sign certificate

  1. Go to Control Panel -> Security -> Certificate
  2. Select CSR
  3. Select Sign certificate signing request (CSR) and select the root certificate to be used
  4. Use Browse button to select the CSR file in previous step
  5. Select Download, the CSR will be downloaded into local machine. The CSR file should be in archive folder, and named as server.csr
  6. In Subject Alternative Name, put both server full name and short name, or other names if the server is playing multiple roles.
  7. Click on Download, then a file named as server.crt is downloaded locally.

Import generated certificate

There are three files you have,

  • The certificate file, name as server.crt
  • The private file, name as server.key

  • The intermediate certificate file, such as syno-ca-cert.pem or other CA intermediate certificate

    They also can be imported into synology certificate app for certificate management

  1. Go to Control Panel -> Security -> Certificate
  2. Select Add -> Add
  3. Select Add a new certificate
  4. Select Import certificate
  5. Click on Browse button for Private Key to select server.key file
  6. Click on Browse button for Certificate to select server.crt file
  7. Click on Browse button for Intermediate Certificate to select syno-ca-cert.pem file
  8. Click OK button

Memory upgrade for Synology DS2419+

Posted on by Bian Xi Leave a Comment on Memory upgrade for Synology DS2419+

Memory upgrade for Synology DS2419+

As mentioned in memorystock.com, Synology DS2419+ can use Dual Rank Memory (16GB DDR4 PC4-19200 2400MHz SODIMM NON-ECC Unbuffered 260pin 1.2V CL15 Dual Rank MemoryStock Part# 977ms-977). But my last upgrade failed using Dual Rank memory, only Single Rank works.

Some people mentioned that Synology NAS can use 32GB RAM, but some people said it will cause data corruption if exceed max supported memory. I just upgraded my DS1812+ more than officially supported memory size, hope it will be ok.

References

Synology 64GB DDR4 Unofficial Memory Upgrade Test for DiskStation NAS
Synology NAS Unofficial Memory Upgrade Guide
Memory Upgrade for Synology DiskStation DS2419+ Computer

Renumber storage pools and volumes in Synology NAS

Posted on by Bian Xi 2 Comments on Renumber storage pools and volumes in Synology NAS

Renumber storage pools and volumes in Synology NAS

Story

For me, memorizing is a big issue, especially for logicless items. If it is anti-logic environment, I would make many mistakes which causes huge headache.

Numbering in Synology NAS is an issue for me, I got one volume2 but in storage pool 1, the volume1 is in storage pool 2. Normally, my thinking is simple, all packages are installed in volume1 and all iSCSI LUN created in volume1 as well, because I got SSD cache for volume1.

But above configuration confused me when ever received notification, I need to think about which volume got issue because the notification mentioned storage pool instead.

Today, thinking about change storage pool name again, because I know it is a setting hold by Synology, not Linux OS. Then I got answer.

Warning

Luckily I got issue with my DSM6, not DSM7, because they said that this can not be done in DSM7.

Renumber storage pool

Read storage pool number

# synospace --meta -e
[/dev/vg1/volume_1]
---------------------
Descriptions=[]
Reuse Space ID=[]
[/dev/vg1]
---------------------
Descriptions=[]
Reuse Space ID=[reuse_2]

Above result shows device /dev/vg1 is numbered as Storage Pool 2

Set number

To set storage pool number for specific device, use following command

# synospace --meta -s -i reuse_{storage_pool_number} {device_name}

Change volume number

Note: This one, I haven't tested. But if it works, then I might want to try to shink volume next time

Stop services

Stop all docker containers, etc., then stop all services using following command

syno_poweroff_task -d

list LV

lvm lvscan

rename LV

lvm lvrename {VG name} {old LV name} {new LV name}

Reboot

reboot

Shared folders and iSCSI services should be automatically modified and checking all you services are running correctly.

References

Renaming/renumbering storage pools and volumes
Synology Rename Volume and Storage Pool

Unplugged wrong disks in DS2419+

Posted on by Bian Xi Leave a Comment on Unplugged wrong disks in DS2419+

Unplugged wrong disks in DS2419+

Today, made a mistake, unplugged wrong disk in DS2419+, and caused it hang. At that time, I was moving 3 shared folders as well.

After hard reboot, everything back to orginal, I'm quite suprise, this is the second time I unplugged wrong disk in Synology NAS. Quite happy with this product, only one issue for me, they can not handle disk with bad sector well.

Upgrade Synology DS1812+ Memory

Posted on by Bian Xi Leave a Comment on Upgrade Synology DS1812+ Memory

Upgrade Synology DS1812+ Memory

As the Synology DS1812+ NAS officially only supports 3GB RAM, I used 3GB RAM NAS for many years.

Recently, I got one 1Rx8 4GB DDR3 RAM, wanted to try to see whether DS1812+ can use it.

After installed, luckily it is working. Plus 1GB on board memory, it has about 5GB memory now.

root@ds1812:~# free
              total        used        free      shared  buff/cache   available
Mem:        5072432      901144      323456       15908     3847832     3761546
Swap:       5140404      460920     4679484
root@ds1812:~# cat /proc/meminfo 
MemTotal:        5072432 kB
MemFree:          890332 kB
Buffers:            6104 kB
Cached:          3018256 kB
SwapCached:        29084 kB
Active:           662768 kB
Inactive:        2548468 kB
Active(anon):      94080 kB
Inactive(anon):   108664 kB
Active(file):     568688 kB
Inactive(file):  2439804 kB
Unevictable:        5804 kB
Mlocked:            5804 kB
SwapTotal:       5140404 kB
SwapFree:        4675032 kB
Dirty:             18444 kB
Writeback:          3860 kB
AnonPages:        188544 kB
Mapped:            76504 kB
Shmem:             15376 kB
Slab:             261456 kB
SReclaimable:      63788 kB
SUnreclaim:       197668 kB
KernelStack:       14400 kB
PageTables:        69604 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     7676620 kB
Committed_AS:    4152632 kB
VmallocTotal:   34359738367 kB
VmallocUsed:      478460 kB
VmallocChunk:   34359221580 kB
DirectMap4k:       16876 kB
DirectMap2M:     5214208 kB
root@ds1812:~#