Category Archives: Howto Tutorials (EN)

Knowledge Network for Tutorials, Howto’s, Workaround, DevOps Code for Professionals.

Howto Tutorials (EN)

How to Install Nano Editor on Synology NAS

Home  »  Howto Tutorials (EN)
2 Comments

Apply Nano Editor on Synology DSM Terminal Shell

This article shows how to deploy Nano editor on a Synology NAS for editing in the Synology Shell via SSH. For users who are not empowered by the VIM Editor, there is a remedy by installing the often preferred editor Nano, since Nano is easier to use than VIM. Fortunately, you can easily add additional software repositories to the Synology NAS to install Nano and many other tools.

Nano is not provided or managed by Synology itself, but can be get from the SynoCommunity repository. The SynoCommunity offers free packages for Synology NAS devices.

How to add the SynoCommunity repository

Synology Main Menu

From DSM you open the main menu with the icon at the top left, there you will find the Package Center.

By clicking on the icon Package Center to open this, then click the Settings button.

Synology Package Center
Nano Editor in Synology, Synology DSM Package Center

In the now open General under Trust Level, enable the Synology Inc. and trusted publishers option.

Nano Editor in Synology, Synology Settings Trust Level

Then go to the Package Sources section.

Synology DSM Package Sources

Click the Add button and add the package source. Enter SynoCommunity as the name, and insert the URL https://packages.synocommunity.com/ at location and click OK.

Synology Add Package Sources

Install Nano Editor on Synology

Packages can now be installed. The SynoCli File Tools package provides the following command-line utilities: less, tree, ncdu, jdupes, rhash, mc (midnight-commander), nano, file, detox, rmlint, rnm, pcre2, zstd. Nano used to be a separate package, but is now only available through the SynoCli File Tools package.

Install Synocli File Tools and Nano Edtor on Synology

Now you can connect to diskstation with use a terminal like PuTTY and editing in the shell using nano, for example the SSH server configuration file.

diskstation:/$ sudo nano /etc/ssh/sshd_config
 
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
 
    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.
 
Password:

With the admin password what sudo requires, the file sshd_config is loaded into the editor here.

Use nano in Synology DSM shell console

After editing, press the keys Ctrl + X, nano asks if the change should be saved, which can be confirmed with Y if necessary, otherwise N can be selected.

  Remember, changes to system files require knowledge of the function and its effects.

Enable Synology DSM SSH service

In order for the terminal to be accessible via SSH, the SSH service must be activated in the DSM Control Panel, under Terminal & SNMP. To make shure the Icon Terminal & SNMP is visible, Advanced Mode is selected at the top right.

Synology Control Panel

In the Terminal window, enable the SSH service option.

Synology Enable SSH service

Next post on the same topic might be helpful, see in How to Install Midnight Commander on Synology NAS

Howto Tutorials (EN)

How to Install Lets Encrypt on Windows Server

Home  »  Howto Tutorials (EN)
Leave a comment

Installing the Lets Encrypt certificate using Win-ACME v2 on Windows Server.

Let’s Encrypt is an issuer of free SSL certificates, went into operation at the end of 2015. The CA certification authority for free certificates enjoys great popularity, initially for Linux, it is now also available for Windows. Win-ACME 2 can also largely automate the management of SSL/TLS certificates.

How to Install Win-ACMEv2

win-acme-pluggable

ACMEv2 does not include a setup for installation. The win-acme package is downloaded from here to the server and unpacked into any directory. The directory should not be modified after that because the path is needed for recertification.

As with the previous version, the current version is a command-line tool with menus, so that it can also be run under Server Core. win-acme is started by calling wacs.exe.

Request Lets Encrypt Certificate

When you interactively request a certificate with win-acme via Simple Mode, the process is largely the same as with the previous version 1. This example runs Win-ACME 2 on a Windows Server 2019 with the IIS role.

To verify the domain, this is where the binding is configured from the Internet Information Services (IIS) Manager – InetMgr.exe.

Internet Information Services (IIS) Manager
Figure: Internet Information Services (IIS) Manager

Run win-acme on Windows Server to create certificate

After running wacs.exe select the option No to create a new certificate with the default settings. win-acme searches for the bindings in the IIS. If no bindings are configured, win-acme cancels the operation.

Win-ACME Lets encrypt acme Console on Windows - letsencrypt.exe

In the next step, you select the IIS website for which you want to request and issue the certificate.

The next step is to decide whether to use all bindings or only specific IIS Web sites. In the second case, you select them via a filter.

win-acme http-01 method

After further confirmation, the certificate request starts. To verify the authority of the domain, win-acme uses the http-01 method. The client receives a token from Let’s Encrypt, which it writes to a file on the local server, which is then read out by Let’s Encrypt.

  Let’s Encrypt expects to read the token from the file via HTTP. Therefore, win-acme on the firewall requires the release for port 80 to the server.

win-acme certificate is located in certificate store

The certificate is located in the server’s certificate store after the operation completes successfully. In addition, win-acme stores the certificate in PEM and PFX format under the following path.

C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org

The authority of the domain for which you request a certificate must be proven not only at the initial issuance, but also every 3 months for the renewal of the certificate.

In most common situations, it is not desirable for a server to be permanently accessible from the Internet only to request a certificate without protection on port 80. Here the use of a proxy or a temporary port release should be considered.

win-acme DNS-01 method

To bypass the passing of port 80 on the firewall, there is the option to change the challenge instead of http-01. DNS-01. Particularly it is useful where the token is entered as a TXT record in the DNS.

_acme-challenge.<MEINE_DOMAIN>

This method also has the advantage that wildcard certificates can be issued. The prerequisite for DNS-01 is of course that the domain in question is hosted externally. And is therefore accessible for Let’s Encrypt.