Jump to content
XPEnology Community

Search the Community

Showing results for tags 'https'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Information
    • Readers News & Rumours
    • Information and Feedback
    • The Noob Lounge
  • XPEnology Project
    • F.A.Q - START HERE
    • Loader Releases & Extras
    • DSM Updates Reporting
    • Developer Discussion Room
    • Tutorials and Guides
    • DSM Installation
    • DSM Post-Installation
    • Packages & DSM Features
    • General Questions
    • Hardware Modding
    • Software Modding
    • Miscellaneous
  • International
    • РУССКИЙ
    • FRANÇAIS
    • GERMAN
    • SPANISH
    • ITALIAN
    • KOREAN

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 3 results

  1. Installation de Jellyfin en Docker ( HTTPS / Transcodage HW actifs ) Note : Afin de ne pas avoir a maintenir plusieurs tuto a différents endroit, retrouvez ce tuto mis a jour en cliquant ici ! Bonjour, Topic en cours de rédaction 😘 Je suis encore en phase de test, toute aide, commentaires, ... et la bienvenue afin de rendre ce topic le plus complet possible. Jellyfin, c'est quoi ? Jellyfin est un programme gratuit qui vous permet de collecter, contrôler et diffuser tous vos médias préférés. C'est un programme simillaire a Plex, et c'est un fork a Emby. Ceelui-ci a l'avantage d'être 100% libre ( comme le fût Emby au départ ). D'ailleurs Jellyfin est basé sur la derniere version libre de Emby ( c'est pour cela que c'est un "fork" d'Emby ). Contrairement a Plex ou Emby, aucune fonction n'est payante, comme le transcodage hardware ou l'acces au application mobile. Sommaire : 1/ Connaître le PUID et PGID d'un utilisateur 2/ Créer les dossiers nécessaires 3/ 4/ Création du fichier "docker-compose.yml" 5/ Création des conteneurs avec docker-compose 6/ Configuration du Reverse Proxy dans DSM 7/ Accès a Jellyfin, 1ere configuration Pré-requis : Avoir installé le paquet Docker Utiliser le Loader 918+ Avoir un accès SSH au Syno/Xpenology Dans docker : télécharger l'image jellyfin/jellyfin:latest et nginxinc/nginx-unprivileged:alpine Posséder un nom de domaine Nous allons ici utiliser docker-compose, cette solution ne pourra donc ce faire, uniquement sur un NAS ou est possible d'installer Docker. Le but de ce tuto sera de rendre cette installation facile et accessible a tous, bien que loin d’être un expert de docker/docker-compose, n’hésiter pas à répondre à ce sujet avec vos interrogations, .. Pour ceux qui sont plus alèze avec ce genre d'installation, n'hésiter pas a proposer des améliorations, ou des conseils, ... 1/ Connaitre le PUID et PGID d'un utilisateur 2/ Créer les dossiers/fichiers nécessaires Les chemins sont basé sur mon installation, à adapter selon votre installation. Voici les dossiers a créer : - /volume1/docker/jellyfin/config - /volume1/docker/jellyfin/cache Et la configuration du ngnix, à enregistrer dans un fichier "jellyfin_nginx.conf", à placer par ma config dans "/volume1/docker/jellyfin" : 4/ Création des conteneurs avec docker-compose Nous allons maintenant créer un fichier "docker-compose.yml" avec les paramètres des conteneurs. Voici mon fichier "docker-compose.yml" : On peut y voir 2 services "jellyfin" et "jellyfin_proxy". Dans le service "jellyfin" vous allez devoir porter votre attention sur : - PUID=XXXX, à modifier avec le PUID de votre utilisateur - PGID=XXXX, à modifier avec le PUID de votre utilisateur - /volume1/docker/jellyfin/config - /volume1/docker/jellyfin/cache la 1ere partie "/volume1/docker/vpn/config" et "/volume1/docker/vpn/config" correspondent aux chemins vers les dossiers précédemment créer, qui contiendrons votre installation Jellyfin. Dans le service "jellyfin_proxy", vous allez devoir porter votre attention sur : - /volume1/docker/jellyfin/jellyfin_nginx.conf:/etc/nginx/conf.d/default.conf:ro, la 1ere partie "/volume1/docker/jellyfin/jellyfin_nginx.conf" correspond au chemin vers le fichier de configuration du proxy Une fois les modifications effectuées, enregistrer votre fichier sous le nom : docker-compose.yml Puis charger le fichier sur votre NAS ( chez moi, il se trouve dans /volume1/docker/jellyfin ) 5/ Création des conteneurs avec docker-compose En SSH, 1ere chose, je passe en mode administrateur avec la commande : Le mot de passe admin vous est demandé. Dans mon dossier /volume1/docker/jellyfin , j'ai chargé mon fichier docker-compose.yml. Je vais donc accéder à ce dossier, pour cela je fait : Ensuite, afin "d’exécuter" mon fichier docker-compose.yml, je tape en ssh : La création des conteneurs se fait, ils deviennent visible dans l'appli "Docker" de DSM. Si tout se passe bien, ils doivent apparaître démarrer dans Docker. 6/ Configuration du Reverse Proxy dans DSM X 7/ Accès a Jellyfin, 1ere configuration X
  2. Здравствуйте. С недавнего времени возникли небольшие проблемы с ssl, а именно - "Ошибка при установлении защищенного соединения". Данная ошибка возникает при обращении к nas из локалки, а так-же извне. IP белый Xpenology DS3615xs DSM 6.2-23739 Основная задача - доступ к Synology Drive извне по доменному имени. Для этих целей приобрел ssl на firstssl.ru, прописал его в хрени, так-же приобрел домен на рег.ру До недавнего времени все работало отлично, теперь все возможные браузеры ругаются на "небезопасное соединение" (антивир потушен) Срок действия сертификата актуальный. Подскажите плз, куда копать?
  3. This is my first attempt at a tutorial here, so please go easy on me. I've spent some time yesterday understanding the process and various issues and common errors we can easily make. This guide is based on 6.2.2-24922 U6. It may work with other versions of DSM, but I've tested it and managed to get it working on this one. First, a few pre-requisites: You need a domain name for which you have administrative access and control. I already had one I could use. I think getting it to work on free dynamic DNS domain names is very difficult due to Let's Encrypt (LE) limiting the number of SSL certs for a given domain name. So any "popular" domain will have already exceeded the number. I initially tried, but couldn't get it working and as I had my own domain name I could use, I concentrated on getting it working with that. Note that if you have full control of a primary domain name, say, my-example.com, you can easily create a subdomain (i.e. myxpenology.my-example.com) with a totally different IP address (your public home IP address) even if the main domain is used for another server / service already on the internet. This is the case for me where I used a domain which is active and points to a server in a datacenter and then created a subdomain and had the DNS point to my home IP where I have my Xpenology server. Your ISP must allow incoming traffic on ports 80 and 443. If they block this, then you will not be able to create a LE certificate. You must be able to port forward traffic from your internet router to your server. I haven't used the wizard in DSM as my router is not supported, so I just set up port forwarding manually via my router's web interface. It helps if you have a static / non-changing public Internet IP address. I think most ISPs now don't change your IP that often. If it does change, you'll have to keep track and update your DNS entry. As mentioned previously, due to LE's policy on the number of certificates issues to a primary domain, your chances of using a free dynamic DNS system are pretty small. You need to install the Web Station package. No other packages are required (Apache, PHP, etc). You don't need to create a personal web page. Domain Name configuration Here, let's assume your public IP is 81.10.11.12, and you want to use domain my-example.com I use Linode for my public hosting and have all my domains managed by Linode so I log into my control panel and do it from there. The appearance of this will change depending on your DNS admin console. If you haven't already done so, create your domain entry, here, my-example.com. Now, you need to create a new A/AAAA record with your domain name directing to your home IP address. If you want to use myxpenology.my-example.com, go to your ex-ample.com entry. Add an A/AAAA record with the name "myxpenology" and your IP address. This will effectively create a DNS entry for myxpenology.example.com and point that to your IP. If you have an option for TTL, make it small, like 5 minutes. So if your IP does change, you can edit it and updates should be reflected within 5 minutes as opposed to the default value which could be hours or even days. I clicked on Save to then see the entry appear as a subdomain: You will then have to wait some time before this comes live. DNS update frequency varies I guess. Linode update every 15 minutes, but it can take longer for that to propogate to your ISP's DNS servers or Google's if you use theirs. You can check if this works by pinging your new domain name. It will either say unknown host: C:\>ping myxpenology.my-example.com Ping request could not find host myxpenology.my-example.com. Please check the name and try again. (so it's not rippled through) or come back with your public IP. Don't worry if your public IP times out. Your home router / firewall might configured not to reply to ICMP ping requests. This is what you want to see: C:\>ping myxpenology.my-example.com Pinging myxpenology.my-example.com [80.10.11.12] with 32 bytes of data: Request timed out. Now that your domain is set up and pointing to your home IP address, you can set up port forwarding Port Forwarding Again, this will depend on your router's admin page. You need to forward port 80 to port 80 on your internal IP address where your server is. You need to repeat this for port 443. This is what it looks like on my router, my server uses the private IP of 192.168.0.38: Note that we're forwarding to ports 80 and 443, not to ports 5000 and 5001 where the DSM web interface runs. This is normal and necessary for LE to generate the certificate. Save the changes. We will soon be able to test whether it works or if your ISP blocks incoming traffic on ports 80 and/or 443. Install Web Station In DSM, if not already installed, install the Web Station package. This is the only package you need to install, you don't need to add an Apache webserver or PHP. Once installed, open it and check the settings are OK. You just need to ensure the Default server status is normal and nginx is up and running. You do not need to set up a personal website. Check this is working properly by opening up a web browser and going to your internal IP address (here, 192.168.0.38) and ensure you get the Web Station page: And also check that the secure version is up and running by going to https://<your server ip> (here 192.168.0.38). If you get a warning certificate, you should be good. The warning is because the current certificate (the one provided by Synology) doesn't match your IP address: Now we can see if your ISP has these ports open from the public Internet. Check your ISP allows incoming traffic on ports 80 and 443 There are a couple of ways you can do this. If you have another Internet connection you can use (for example mobile 3G / 4G from your mobile phone), then you can use that and try opening your browser and going to your public IP address (80.10.11.12). If you get the same pages as before with both http and https, you're good. If you don't have another Internet connection available, you can use any online port checker. I just tried https://www.yougetsignal.com/tools/open-ports/ which works. Ensure you have your public IP in the remote address box and test port 80 and then re-test with port 443. Both must come back as open. If this is all good, then you're now ready to create the certificate using the wizard in DSM. If the tests above come back with no reply or closed, then the chances are your ISP is blocking incoming traffic on those 80 and 443 ports and there's nothing more you can do. You can try calling their support line, but I doubt they'd be able to help. Create the certificate in DSM Finally! In DSM, go to Control Panel -> Security -> Certificate tab Click on Add a new certificate and click Next. Add a description if you wish (I just use the domain name) and tick the "Get a certificate from Let's Encrypt" radio button. Also tick the Set as default certificate option. Click Next. Now enter the domain name you're using (myxpenology.my-example.com), enter a valid email address. Leave the SAN field empty. Finally, click Apply. Hopefully, all goes well and you'll get a new certificate created and installed and used as the default certificate. I can't show a screenshot of that as I don't own and so cannot create the myxpenology.my-example.com certificate (and my photoshop skills aren't that good :p). But you'll end up with two entries: one for the certificate you've just created and made default and the already-existing synology one that was used beforehand. Accessing DSM over HTTPS on your home network Now that you've set up the certificate, you can access DSM securely with no error messages, but there's an extra step for that to work. If you were to go to https://192.168.0.38:5001 for example, you'd still get the warning about an invalid certificate because despite it no longer being self-signed, it's not valid as it doesn't have your private IP address in it. Unfortunately, you cannot specify that IP address in the SAN field earlier either as you cannot obtain an LE certificate containing an IP address. The workaround is to modify your local hosts file to include your public domain name and have it direct to your internal IP address. In Windows, you need to open notepad as an administrator (search for notepad in start menu, right click, run as administrator). The hosts file is located in C:\Windows\System32\drivers\etc Edit it to add the following line at the bottom, editing for your domain name and internal IP address: 192.168.0.38 myxpenology.my-example.com Save the file. You should now be able to access the DSM webpage over HTTPS from your computer without a certificate warning message: https://myxpenology.my-example.com:5001 Accessing DSM over HTTPS over the Internet Currently, we've set up port forwarding for the web pages to allow Let's Encrypt to create the certificate. If you want to access the DSM Web GUI, we need to add port forwarding for 5001. I would suggest only forwarding 5001 (the HTTPS version) and NOT forwarding port 5000 as that's insecure and you don't want to be doing that! So again, back in your router, add a third port forwarding entry for 5001 to 5001. Here, I've named it HTTPS-DSM-GUI to clarify You should now be able to access the DSM webpage over the internet. Again, this can only truly be tested from an independent Internet connection (3G/4G from mobile phone). You can ask a friend if they can access your DSM login by going to https://myxpenology.my-example.com:5001 I hope that helps. If you have any questions, maybe this can become the Let's Encrypt questions thread. I'll try to help if I can
×
×
  • Create New...