User:Pineadmin/OpenMediaVault
Jump to navigation
Jump to search
If you are dealing with confidential files transfer/sharing, please make sure your setup is secured with long and hard to guess random password or PKI keys. Make sure you use DUMMY folders/files for testing first to get yourself familiar and comfortable with the settings.
Basic Setup
1. After boot, if the IP Address not showing on the HDMI output, you need to find the IP Address of the device with tools (e.g. netscan) (hostname: ROCK64, PINE64, PINE64SO) 2. Use the IP Address on PC browser to login to the Web Admin Pages: admin / openmediavault (Remember to change the default password: System -> General Settings -> Web Administrator Password) 3. You may want to use Static IP for easy access in future: System -> Network -> Interfaces -> Edit or Add(Ethernet) 4. To setup secure https for Web Admin Pages: - System -> Certificates -> SSL -> Add -> Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) -> Save -> Apply - System -> General Settings -> Web Administration -> Secure connection - Enable SSL/TLS: Enable - Certificate: <<<Select Created SSL Certificate>>> - Port: 443 - Force SSL/TLS: Enable 5. Setup the Dynamic DNS if you need to access the Web Admin Pages through internet. Then, on your internet modem/router: Port Forward to the slave/destination device with port 80(http) or 443(https)
1. Plug Hard Drive 2. Go to Storage -> Physical Disks -> Scan - If you want to remove everything on your disk, you can use the "Wipe" button - Before that, make sure the disk file systems are all "Storage -> File Systems -> Unmount" first - After Wipe, use the "Storage -> File Systems -> Create" to create the new partition - Some of the operations or features on OpenMediaVault may not work well with some file systems (e.g. FAT/FAT32/NTFS) because of folders/files permission settings problem, so EXT4 can be of better choice 3. Go to Storage -> File Systems -> select the Partition to mount -> Mount -> Apply 4. Access Right Management -> User -> Add (Make sure it is under "users" Group) 5. Access Right Management -> Shared Folders -> Add - You should add the shared folder starting from the root directory of your disk before you add the subfolder as shared folder. Because if you are trying to access to the subfolder directly, you may not able to get pass the parent folder permission. So your permission/privileges/ACL should also be set starting from your parent folder - Select newly added Shared Folder -> Privileges -> tick Read/Write for your user -> Save -> Apply - Select newly added Shared Folder -> ACL (for ext3/ext4 filesystem) - Tick Read/Write for your user in User/Groups permissions - Set Owner / Group to Read/Write/Execute and Others to None - Enable Recursive - Save -> Close
FTP
1. Go through the "Basic Setup" and "Shared Folders" above 2. Services -> FTP -> Settings -> Enable -> Save -> Apply -> Shares -> Add -> Apply If you constantly hit by "Permission denied", then you may consider a less secure solution: Services -> FTP -> Settings -> Permit root login (enable) This may happen when your hard drive is using FAT/FAT32 file system where permission cannot be set and after reboot, the default read only permission is used
1. Go through the "Basic Setup" and "Shared Folders" above 2. Services -> SMB/CIFS -> Settings -> Enable -> Save -> Apply -> Shares -> Add -> Apply
NFS
1. Go through the "Basic Setup" and "Shared Folders" above 2. Services -> NFS -> Settings -> Enable -> Save -> Apply -> Shares -> Add -> Apply To access from Kodi/XBMC, use "insecure" instead of "secure" on "Extra options"
Rsync (Clone/Backup)
You required 2 devices (e.g. 2 ROCK64, PINE64, SOPINE or etc) to Clone/Backup from master to slave or bidirectional 1. Go through the "Basic Setup" and "Shared Folders" above 2. [On slave/destination device] Services -> Rsync -> Server -> Settings -> Enable -> Save -> Apply -> Modules -> Add -> General - Make sure to choose correct "User" - Enable "Authenticate users" - Fill in "Hosts allow" for more security -> User -> Add 3. Services -> Rsync -> Jobs -> Add (Type: Remote, Mode: Push, Destination server: [USER]@[HOST]::[Rsync Server Module Name]) - [HOST] can be <<<CNAME>>>.ddns.net for Dynamic DNS - For testing: select Job -> Run - For bidirectional Rsync: Add another Job to Pull from slave/destination device (Don't enable Delete because deleted file/folder may be copied over again) 4. Diagnostics -> System Logs 5. Setup the Dynamic DNS if you need to rsync clone/backup through internet. Then, on your internet modem/router: Port Forward to the slave/destination device with port 873
SSH
1. Go through the "Basic Setup" above 2. Services -> SSH -> Permit root login (enable) (Remember to always disable it back for security reason) 3. SSH to the device with Putty: root / openmediavault (Remember to change the default password)
System Monitoring
1. Go through the "Basic Setup" above 2. System -> Monitoring -> Enable -> Save -> Apply 3. Diagnostics -> System Information -> Performance statistics
Notification
1. Go through the "Basic Setup" above 2. System -> Notification -> Settings - Enable - for GMAIL - SMTP server: smtp.gmail.com - SMTP port: 587 - Use SSL/TLS secure connection: Enable - Sender email: <<<Your GMAIL Address>>> - Authentication required: Enable - Username: <<<Your GMAIL Address>>> - Password: <<<Your GMAIL Password>>> - Recipient: <<<Your Recipient Emails>>> - At your GMAIL account, you also need to enable: GMAIL -> Settings -> Accounts and Import -> Change account settings -> Other Google Account settings -> Sign-in & security -> Apps with account access -> Allow less secure apps: ON - Save -> Apply - Use "Send a test email" for testing
Wi-Fi
1. Go through the "Basic Setup" above 2. While Ethernet network cable is still plugged, plug in the USB Wi-Fi dongle and reboot the device 3. Login to the Web Admin Pages and go to System -> Network -> Interfaces -> Add(Wi-Fi) - General settings - Name: <<<Select wlan0>>> - Wi-Fi - SSID: <<<Your Wireless Router Wi-Fi SSID>>> - Password: <<<Your Wireless Router Wi-Fi Password>>> - IPv4 - Method: DHCP or Static - ... 4. Save -> Apply 5. Unplug Ethernet network cable and reboot the device
Dynamic DNS
[YOU CAN SKIP THIS IF YOU ARE USING STATIC IP ON YOUR INTERNET WAN OR YOU ALREADY KNOW HOW TO SETUP DYNAMIC DNS ON YOUR INTERNET MODEM/ROUTER] 1. Go through the "Basic Setup" above 2. SSH to the device 3. # apt-get install ddclient (no-ip.com example) Dynamic DNS service provider: other Dynamic DNS server: dynupdate.no-ip.com Dynamic DNS update protocol: dyndns2 Username for dynamic DNS service: <<<USERNAME/EMAIL>>> Password for dynamic DNS service: <<<PASSWORD>>> Re-enter password to verify: <<<PASSWORD>>> Network interface used for dynamic DNS service: web DynDNS fully qualified domain names: <<<CNAME>>>.ddns.net Run ddclient on PPP connect? No Run ddclient as daemon? Yes Interval between ddclient runs: 300 # dpkg-reconfigure ddclient (To Re-run configuration wizard above) 4. # vi /etc/ddclient.conf Change: use=if, if=web To: use=web, web=checkip.dyndns.com, web-skip='Current IP Address' ########## protocol=dyndns2 use=web, web=checkip.dyndns.com, web-skip='Current IP Address' server=dynupdate.no-ip.com login=<<<USERNAME/EMAIL>>> password='<<<PASSWORD>>>' <<<CNAME>>>.ddns.net ########## 5. # systemctl restart ddclient (Restart ddclient after changed in configuration) 6. Diagnostics: # ddclient -daemon=0 -debug -verbose -noquiet # systemctl status ddclient
NextCloud
Reference: https://forum.openmediavault.org/index.php/Thread/17738-NextCloud-Installation/ 1. Go through the "Basic Setup" and "Shared Folders" above 2. SSH to the device # apt-get update # apt-get upgrade - Configuring openmediavault -> Press [Tab] -> Press [Enter] on Ok # apt-get install php5-curl php5-gd 3. Create the shared folder for all your Nginx's web pages - Name: www - Path: www/ - Click on the ACL - User/Groups permissions: Tick Read/Write for both www-data user and group - Set Owner / Group to Read/Write/Execute and Others to None 4. Create the sub shared folder for your NextCloud web pages - Name: nextcloud - Path: www/nextcloud - Click on the ACL - User/Groups permissions: Tick Read/Write for both www-data user and group - Set Owner / Group to Read/Write/Execute and Others to None 5. Go to System -> Plugins -> Tick openmediavault-nginx -> Install 6. Services -> Nginx -> Settings -> Enable -> Save -> Apply 7. Services -> Nginx -> Pools -> Add - Name: pool_nextcloud - User: www-data - Group: www-data - Extra options: <<<Copy Texts In Between ########## Below>>> ########## clear_env = no env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp ########## - Save -> Apply 8. Services -> Nginx -> Servers -> Add - General - Directory: nextcloud - SSL - Enable SSL: Enable - Port: 91 - Certificate: <<<Select Created SSL Certificate>>> - System -> Certificates -> SSL -> Add -> Create (Set longer "Period of validity" if you do not want to renew the certificate too frequently) -> Save -> Apply - Only use SSL: Enable - PHP - Enable PHP: Enable - PHP-FPM Pool: pool_nextcloud - Extra options: <<<Copy Texts In Between ########## Below>>> ########## add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; location = /robots.txt { log_not_found off; allow all; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json # last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } # set max upload size client_max_body_size 50G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { deny all; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS off; #Avoid sending the security headers twice fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass $socket; fastcgi_intercept_errors on; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js|woff|svg|gif)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } ########## 9. Go to System -> Plugins -> Tick openmediavault-mysql -> Install 10. Services -> MySQL -> Enable -> Save -> Apply -> Reset Password 11. Go to https://nextcloud.com/ -> Download -> Get Nextcloud Server -> Download -> Web Installer (Bottom Tab) -> Download setup-nextcloud.php to your PC 12. Use FTP/SAMBA/etc to transfer setup-nextcloud.php to www/nextcloud/ 13. Go to https://<<<DEVICE_IP>>>:91/setup-nextcloud.php - Next - Dependency check: Enter a single "." -> Next - Wait until: 504 Gateway Time-out 14. Go to https://<<<DEVICE_IP>>>:91/ - Click on Storage & database -> MySQL/MariaDB - Database user: root - Database password: <<<Password Reset On Setp #10>>> - Database name: nextcloud - Database host: localhost - Finish setup 15. Services -> Nginx -> Servers -> Edit - PHP -> Default config: Disable 16. Go to https://<<<DEVICE_IP>>>:91/ [If installation failed on step #13 onwards, you can always remove all the folders/files in www/nextcloud/* including hidden files and start over again from step #12] 17. Setup the Dynamic DNS if you need to access your NextCloud through internet. Then, on your internet modem/router: Port Forward to the device with port 91