shrabok

Members
  • Content Count

    53
  • Joined

  • Last visited

  • Days Won

    4

shrabok last won the day on November 15 2018

shrabok had the most liked content!

Community Reputation

13 Good

About shrabok

  • Rank
    Regular Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi @PABben, Thanks for the response, I went digging to see if I can avoid purchasing a NIC Card. I found there is a new extra.lzma file that supports some additional network drivers I plan to try this soon. running an `lspci -v` from your synology cli may help to see if you have a supported nic in the driver list. Hopefully you may be able to return your card if this works for you as well.
  2. Hello, I'm currently running DSM 6.1.7-15284 Update 3. I have a few sites on my Xpenology box that use Let's Encrypt SSL/TLS Certificates. I received an email from Let's Encrypt informing me that ACMEv1 Protocol is going to be depricated and to move to ACMEv2. Since I'm on the latest 6.1 update, I'm under the impression this will not get fixed? Does anyone know if 6.2 support ACMEv2 at the moment? I have not upgraded to 6.2 as my nic (GIGA-BYTE Onboard NIC) as failed to work with any new loader. I have not seen any updates regarding support for Gigabyte nic's, if anyone knows where to find the supported network interfaces for the boot loader (or if its supported), please let me know. I'm wondering what options we have to upgrade Let's Encrypt in an existing 6.1 system or if anyone knows a solutions to this. Thanks!
  3. Hi @Ashvini jain, I recommend reaching out to the bitwarden support forums or bitwarden github to get assistance with bitwarden features unrelated to the Synology part of the install. I did respond to your DM with details on mssql connection strings and resource values you'll likely use. Also see this post for additional information https://github.com/bitwarden/server/issues/473.
  4. Hi @tjohns34, I have never done a Synology Router, but I would recommend checking the manual for GeoIP blocking configuration, also you could post a screenshot of the additional options and I could provide some feedback on what values to consider.
  5. Hi @StifflersMoM, Review the details here: https://github.com/bitwarden/core/issues/253
  6. In the bitwarden documentation there is additional details on configuring the smtp as well as in the main post:
  7. Hi @StifflersMoM Sorry to hear about your issues. Could you try the following commands and post your results: docker ps this will provide all running containers and also show their port forwarding Are you also using a unique domain name for your bitwarden instance and proxying it to bitwarden?
  8. @Binkem as a side note, sounds like your model (DS216+) supports ram upgrades: https://forum.synology.com/enu/viewtopic.php?t=114782
  9. Hi @Binkem, This could very well be a possibility. There are multiple containers used by bitwarden and mssql is quite large as well. Here are my current docker stats: CONTAINER CPU % MEM USAGE / LIMIT MEM % NET I/O BLOCK I/O PIDS 370126b59277 0.00% 14MiB / 15.63GiB 0.09% 1.85MB / 1.28MB 0B / 0B 0 291a000cfd52 0.93% 746.6MiB / 15.63GiB 4.66% 701kB / 537kB 0B / 0B 0 c4f8e956a4ae 0.03% 27.76MiB / 15.63GiB 0.17% 139kB / 0B 0B / 0B 0 0911a92c79e6 0.06% 39.08MiB / 15.63GiB 0.24% 726kB / 148kB 0B / 0B 0 0ba98ce071b3 0.02% 59.76MiB / 15.63GiB 0.37% 607kB / 520kB 0B / 0B 0 e3e8ac74eea8 0.02% 42.95MiB / 15.63GiB 0.27% 1.28MB / 449kB 0B / 0B 0 49b58a990b7f 0.02% 17.88MiB / 15.63GiB 0.11% 139kB / 0B 0B / 0B 0 7ca297b1174c 0.02% 35.82MiB / 15.63GiB 0.22% 214kB / 60.8kB 0B / 0B 0 75ddff907b44 0.01% 16.79MiB / 15.63GiB 0.10% 139kB / 0B 0B / 0B 0 you can also try `docker logs bitwarden-mssql` to see the logs and what is causing the restart.
  10. Hi @Binkem It seems as though bitwarden setup has changed over time. I had a look at my config.yml and it looks like this (FYI - I've excluded all the comments): url: https://bw.domain.com generate_compose_config: true generate_nginx_config: true http_port: 8123 https_port: compose_version: ssl: false ssl_versions: ssl_ciphersuites: ssl_managed_lets_encrypt: false ssl_certificate_path: ssl_key_path: ssl_ca_path: ssl_diffie_hellman_path: push_notifications: true database_docker_volume: false Also sounds like you can reconfigure your deployment using the commands here: https://help.bitwarden.com/article/install-on-premise/#post-install-environment-configuration I've not attempted an install since my original post. Please let me know if this is helpful with regard to your setup.
  11. Here's a few screenshots of what happens after a reboot As you can see below the my SHR1 Volume is Normal and system is healthy, but there was a failure accessing "system partition" You can see all the USB drives had a system partition failure but not the SATA. Which is why I included it as part of my SHR1 Raid. Once a Repair is run everything is Normal again. Once Repair is clicked everything is normal but in the background it's repairing the volumes. If you try to reboot you'll see
  12. Hi @Balrog, - My configuration is SHR1 with all 4 drives (1 x 2TB internal and 3 x 4TB external/usb combined). I like to think of my 2TB internal drive as my rock to maintain stability within the array. Not sure if thats valid logic but it seems to work well and also I think we get a little boost in read/write speed because of the performance of the SATA drive. - When I reboot my array survives but I need to perform rescan of the drives. The data is accessible and there is no issue accessing the data in that state. I believe its the boot/os partition that requires the rescan not the data partition used by SHR. My thoughts on this are, synology puts a os partition on each disk attached to the device, in the case a drive fails it has a backup. But since the USB HDD's are not loading as quick as a SATA HDD it sees that there are missing disks and requests a rebuild/rescan/parity check. This is just my assumption. - Currently my HDD hibernation settings are set to never. I don't think my drives ever sleep. I have not experienced any issues or delay pulling files etc. Hi @mysy, I currently use a UPS with my primary xpenology device which runs as a Synology UPS Server. If power goes out it will also tell this device to go into safe mode. I wouldn't recommend using my configuration for your primary xpenology device with important data. This is my secondary device which I was trying to get some use out of old hardware. It also gave me a huge capacity at a low cost. The data I have on this device I'm willing to lose and I also find it useful for testing updates to xpenology/synology and if you need a large backup location (say for your primary xpenology device) its a good option. I've had a single power outage on this device. The raid needed rebuilding but recovered properly. I think as long as you're not writing at that time you have a low risk of corruption and if you use a UPS (which implemented after this event) you can avoid significant failures.
  13. Upgrade to version 1.24 requires creation of two new log directories in your bitwarden location bwdata/logs/notifications bwdata/logs/icons Edited Original Post for additional changes on new deployments
  14. Thanks for sharing @GKay, I have not come across IPV6 connection yet so thats a good thing to keep in mind
  15. GeoIP Region Blocking using Synology Firewall I noticed internet performance issues today and was checking my router logs, I found excessive logs showing: Jun 18 20:55:48 dropbear[5405]: Child connection from <My Synology IP>:40894 Jun 18 20:55:49 dropbear[5405]: Exit before auth: Exited normally Jun 18 20:55:49 dropbear[5411]: Child connection from <My Synology IP>:40896 Jun 18 20:55:51 dropbear[5411]: Exit before auth: Exited normally I searched and found it was related to numerous invalid login attempts to the synology login page. This lead me to login to the cli of my synology and check logs for failed attempts. When checking the logs I found the most concerning log was /var/log/httpd/apache22-error_log 2018-06-18T19:28:42-06:00 nas [Mon Jun 18 19:28:42 2018] [error] [client 193.106.30.99] File does not exist: /var/services/web/wp-rdf.php 2018-06-18T20:11:16-06:00 nas [Mon Jun 18 20:11:16 2018] [error] [client 27.29.158.10] script not found or unable to stat: /var/services/web/login.cgi 2018-06-18T21:51:26-06:00 nas [Mon Jun 18 21:51:26 2018] [error] [client 172.18.0.2] File does not exist: /var/services/web/apple-touch-icon-precomposed.png 2018-06-18T21:51:26-06:00 nas [Mon Jun 18 21:51:26 2018] [error] [client 172.18.0.2] File does not exist: /var/services/web/apple-touch-icon.png 2018-06-18T21:51:26-06:00 nas [Mon Jun 18 21:51:26 2018] [error] [client 172.18.0.2] File does not exist: /var/services/web/apple-touch-icon-precomposed.png This lead me to consider blocking all geographical regions except my own. Most brute force attempts and vulnerability attacks are outside of my home country, this will reduce the attack surface significantly. My first attempt at implementing the geoip blocking was problematic, I attempted a "deny all" entry after the "allow local network range" and "allow my region" rules, but this ended up blocking all access to the services I had running. I thought I'd share how I implemented it for others wanting to reduce the surface area for attacks. Enable firewall Open Control Panel Select Connectivity -> Security Go to Firewall tab Check Enable firewall Add "Allow" Rules for internal network Select Edit Rules for the default Firewall Profile (Disregard existing rules in screen shot, these will be created in the following steps) Create rule to allow your internal/home network Add "Allow" Rules for your country/countries Create rule to allow specific locations Set network interface to deny if rules are not matched Select the network interface that is default to your synology (mine is LAN 1, you can find your interface under Connectivity -> Network -> Network Interface) ***This was the secret to getting the deny all after the allow rules to work*** Set "if no rules were matched: Deny Access" Click OK and Apply Test reaching your synology on your internal network and from external networks in your region. You can also validate if the firewall is blocking by using a Tor browser to send traffic from a different country to see if your firewall rules are working properly.