I. Tutorial DS: 6 helpful Tips to get your DS into the Internet
-
Steffi -
April 10, 2017 at 6:20 PM -
5,654 Views -
0 Comments -
10 Minutes
This is the first of four tutorials about the DS716 II (Synology) in which I will show you :
- Make your DS able to work with WebDav and get it into the Internet
- Advanced Security (Part II)
- Let Fritzbox do the job
- Synchronisation between DevonThinkProOffice, DevonThinkToGo and DS716 II.
The background of these tutorials are that I currently help one of my readers to setup WebDav and fulfil his dream of the own cloud. All of these tutorial are not specific to the DS716 II and can be used for any DS from Synology.
My tutorials will be published every other week.
Starting point of Synology
- just installed or without big adjustments made
- Currently only via "Network" environment usable
- "Big blank" paper an da pen or ZoomNotes (for writing notes) :-).
Log into your DS
Type in your browser find.synology.com or http://IP:5000 and press enter - the login screen should appear.
Log into your DS with your credentials
Updates
First all all you would need to update your DS to the latest version which is currently DSM 6. To do so please go the System-Updates.
In the case there are any red "numbers" onto your package centre, you would need to update the packages first.
Package Centre - Software
These software should be installed:
- WebStation
- WebDav Server
- EZ-Internet (only if your DS is not connected to the Internet)
- Antivirus Essential
- Apache HTTP Server 2.2 (in the case WebDav server and WebStation are not installed yet, this will be installed as an additional package. )
Additionally, the following software can be installed now or if you prefer later. All of those can be used with your Smartphone after this tutorial:
- Photo Station
- Video Station
- Download Station (Get)
- Audio Station
- Note Station
- Chat (Yes, it is possible to have you own chat ).
Set-up
User
I always recommend to have a specific user for the external connections such as WebDav, VPN and many more. This specific user gets only the specific access rights.
You really should consider a 2-Way-Verification which I strongly suggest:
In addition to the normal login credentials a time-base code is asked for. The setup is pretty easy as you can scan a barcode from your Synology directly to your Smartphone.
Important to note is, that you can later tell the application that your mobile phone is a save device and therefore, it should not be asked for the code any-more. The special code will then saved to your phone. Hence, you do not need to enter over and over the code just to see your file etcetera.
Useful apps for your mobile phone are: OPT Auth, Google Authenticator or Windows Authenticator.
Next important note is the standard user "Admin" this should be deactivated. This will improve your security a lot. If you have not done that yet, you can see in the next step how to add a user. Just add a new administrator which does not call like "Admin", "Administrator". Be creative also with the names!
All of this will have a big impact on your security.
System Properties - Add new user
In here, you will be able to setup a new user. I really do stress out that the name should not be too easy. In this case, I use W3BdaF8Enutz3R.
Please write down the user name and it strong password!
After this, you will go to System-User and chose the created user to do some changes about it's access rithgts:
[Blocked Image: https://www.steffiscloud.com/steffisInhaltz/uploads/2017/04/DS-300x196.png]
Important to now is that the access rights will be also adjusted in:
User Groups
Your new user should be have included in the groups of:
- http
- users
Adjust the access rights under "Access" and give the user access to the Shared Folders of your Synology.
Under Applications you will find all software available. Please make sure, that the most important are activiated:
- WebDav Server
- Desktop
- File Station
Furthermore, if you already installed the "other stations", like Photo, Video, Download etcetera, you should give access to the group as well.
Save everything.
Shared Folders
These are the actual structur of your data and how you can administer them.
System - Shared Folders
[Blocked Image: https://www.steffiscloud.com/steffisInhaltz/uploads/2017/04/DraggedImage-14-1.png]
Depending on you current setup there are more or less folders available. For DevonThinkProOffice (DTPO) and DevonThinkToGo as well as ZoomNotes, I suggest to give each their own folder. For instance Devon, Notes.
Why would you like to do this?: Shared folders can be easily managed and access rights can be modified very easily. Further to this, only some folders should be "visible" to the Internet or "waiting" for connection from outside.
Now, you could go even more secure then changing the name "Devon" into something like "D3VoN" But for now, I will stay with „Devon“.
System - Shared Folders - Create/ADD
After this, all access rights will be shown:
Thus, you new user „W3BdaF8Enutz3R“ and brand new administrator need to have the rights for "write/read".
WebStation
This software had been installed in the first step already. Please make sure to activate it too.
Top - left hand - there is the menu - after clicking on this you will need to choose the WebStation:
All status bar should be flagged green and in the General Options there should be an Apache (or Ngnix) server and PHP integrated.
Please check that everything is available. You will do not do any adjustments here.
WebDav
This had been installed and activated in the firs step too.
Go to Menu - WebDav Server and open it:
Added Security is crucial for you as a own cloud owner. Therefore, I think it makes sense to change the standard ports in something else.
You can seen them as kind of doors which either have a "door bell" or they do not. For all those with a "door bell" installed, doors can be opened with a key. An attacker would scan your server for "door bell-enabled" doors and if he finds some, he will try to get in using the common ports assigned.
For HTTP it is Port 80 and for HTTPS /2 is Port 443 available. To make as hard as possible for bad guy just change it. Because an attacker would not know what is behind and makes his work much harder as he would need to run several scripts to gain the information.
Please turn on HTTP Port at first and assign a number from 0 to 9999 and activate it.
If everything will run nicely, you can change to the more secure HTTPS later.
Please make a note for the WebDav port assigned to HTTP like 5566.
For this tutorial we will skip the calendar for now. If you like to know how to install it, please have a look on my article about CardDav.
EZ-Internet - only needed if your Synology is not connected to the Internet
Test it - if you receive Updates (System-Updates" everything is correct installed.
In the case that does not work, please open EZ-Internet by using the left hand menu on the top:
The assistant will guide you through the setup - Please use via router - not PPPoE.
The necessary information comes directly from your router and will display like that:
Access from the Internet to your own cloud
This will be your "weak" point cos all communication will be lead through this.
If you are customer of UnityMedia and got a Unitymedia-Connect router unfortunately, you can use it but no worries! The issue here is that is will get connected to the Internet via cable and it uses IPV6 standard but you will need an IP to get connected to your Synology.
Interested if your router can do it? Just leave a reply in the comment box.
Therefore, I will use Quick-Connect from Synology because it does not cost anything and is reliable.
System - QuickConnect:
In the case you have not got a Synology account you will be able to set up within your own cloud.
QuickConnect ID
This is route in order to find your own cloud in the Internet universe. This route should be long and not easy to guess and should contain:
- Capital letters
- Numbers
- not easy to guess
if possible, please use a long name for the Quick ID such as M3iN-M31nNA5-ErR31Ch3N or similar.
Save and write down this route ID!
Advanced Settings
Please activate all points including port redirection and for the access rights of services:
- WebDav Server
- Web Station
- Your Photo, Video, Audio Server etcetera
How does it work?
Your own cloud will send the latest IP to your Synology account and with your Quick-ID you can access it using your browser.
Test it!:
Try it! Enter into your browser : http://quickconnect.to/YourID also like:
http://quickconnect.to/M3iN-M31nNA5-ErR31Ch3N
Now you will see your login screen like this:
Mostly, there will be a warning from your browser if you like to go further. The reason is that your Synology under HTTPS has not an certificate yet.
Just in case it does not work, please try with your new port like this:
http://quickconnect.to:5566/M3iN-M31nNA5-ErR31Ch3N
The number 5566 is the same which you have previously entered into your WebDav server.
Try to sign in to see if it works.
Local Network
I trust, you have access now to your own cloud using the network environment and there is no "proper" folder on your desktop.
Now, I will show how to implement your Synology to your Desktop environment:
System - File Services
Important is the first tab „SMB/AFP/NFS“
- SMB
Is used by Windows and Linux - AFP
Mac - NFS
Windows and other services
AFP-Service for MAC to be activated and scroll a bit down:
This is the address for the Finder under MAC.
If you go an advanced, you will be able to activate Bonjour if needed:
Save. BTW: It works similar for Windows.
First test in Finder or Explorer
Go to : Connect to server (CMD+K) :
Just enter the path given and click on connect. Additonally, please add your folder like "/Devon" to the string. Yes, there will be a warning if you really like to connect - click on Yes.
Now you should see your Synology on the Desktop as folder.
You can adjust the Finder settings if you cannot see anything:
Please enable "connected servers" to be shown on the Desktop.
In the case that you cannot connect, please try to use your WebDav Port 5566 again:
also http://YourDS:5566/Devon
Second Test in Finder or Explorer
The first test was for the local network only, now we will test it from outside using your Synology-Quick-Id.
It is the same procedure than before, but his time you will enter your Quick-Id in the server settings:
http://quickconnect.to/M3iN-M31nNA5-ErR31Ch3N/Devon
Additionally, there should be a login request for user W3BdaF8Enutz3R and again this warning of "dangerous" content
Again if it does not work, please use your WebDav port 5566 like:
http://quickconnect.to:5566/M3iN-M31nNA5-ErR31Ch3N/Devon
Your big piece of pager
Should contain by now the following:
- WebDav user with its password
W3BdaF8Enutz3R - Shared Folder for Synchronisation
Devon - WebDav Port of WebDav Server
HTTP: 5566
HTTPS/2: 9997 (not yet active) - User and password for your Synology account
- Quick ID
M3iN-M31nNA5-ErR31Ch3N - Quick-ID Access
http://quickconnect.to/M3iN-M31nNA5-ErR31Ch3N or
http://quickconnect.to:5566/M3iN-M31nNA5-ErR31Ch3N
What works now?
The conclusion is that you will be able to work online with:
- Access with browser from the Internet to your Own Cloud from other networks
- Access from Finder (Desktop) on your local network
- Using all your Apps from Synology like DS- Finder, Photo, Video, Audio, Notes, Get, File) with your Quick ID and specific user.
Please note, that these additional apps need to be installed and activated on your DS before using it. .
That's it:-)
In my next tutorial I will show how to improve your security with your DS716 II. It works also with all other Synology's nicely.
Do you own a Synology? Just leave a comment!
Best regards,
Steffi
Comments
Newly created comments need to be manually approved before publication, other users cannot see this comment until it has been approved.
Newly created comments need to be manually approved before publication, other users cannot see this comment until it has been approved.