NAS as a Webdev Tool (SSH with Key auth, GIT server and Web Station)

Currently reading
NAS as a Webdev Tool (SSH with Key auth, GIT server and Web Station)

12
7
NAS
DS923+
Operating system
  1. Linux
  2. macOS
Mobile operating system
  1. iOS
Last edited:
When I first setup my NAS to host a website, it started a massive search. Every time I figured something out, it unearthed more questions. I recall having wished I could get all that info in one place. To that end, I will share it all here, and continue to, when I find something helpful. That said, some is repeat info, but handy that it’s all in one post. I work on a Mac, I’m not sure the windows equivalent to some of this post.
I won’t bore you with setting up SSH access, it’s pretty straight forward. While it’s not the most secure method, I recommend changing the default SSH port, make it something in the 50,000s. While is not solely a security measure to rely on, it is security through obscurity. Once you’ve set it up, run the first cmd to login via ssh.

Basic SSH login
LOCAL:
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>

To create authentication keys, run the following commands.
NAS:
Code:
mkdir ~/.ssh
chmod 700 ~/.ssh
This creates and applies perms to a .ssh dir on your NAS.

LOCAL:
Code:
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
ssh-keygen -t rsa -b 4096
eval `ssh-agent`
ssh-add --apple-use-keychain ~/.ssh/id_rsa
cat ~/.ssh/id_rsa.pub | ssh <nas-user>@<nas-local-ip> -p <ssh-port> 'cat >> /volume1/homes/<nas-user>/.ssh/id_rsa.pub'
This creates keys with the default name of 'id_rsa' on the .ssh dir and copies the public key to NAS user's .ssh dir in the NAS.

NAS:
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>
cd ~/.ssh
cp id_rsa.pub authorized_keys
chmod 0644 authorized_keys
sudo vi /etc/ssh/sshd_config
Uncomment line that says: #PubkeyAuthentication yes
Uncomment the line that says: #AuthorizedKeyFiles .ssh/authorized_keys
Make sure that line is uncommented that says: ChallengeResponseAuthentication no
Optionally, if you want to disable password-based logins, add/change a line: PasswordAuthentication no
'A' key to modify a line;) save the file and exit the editor (ESC, :wq, return)

KEYS MUST HAVE 600 ON NEW LOCAL MACHINE (optional)
Code:
mkdir ~/.ssh
chmod 700 ~/.ssh
cd ~/.ssh
chmod 600 id_rsa

Create a config file (optional)
This will create an SSH config file
LOCAL:
Code:
cd ~/.ssh
touch config

The config file looks like this:
Code:
Host <whatever>
HostName <nas-local-ip>
User <nas-user>
Port <ssh-port>
IdentityFile /Users/<local-user>/.ssh/id_rsa
AddKeysToAgent yes
UseKeychain yes
PermitLocalCommand yes
LocalCommand clear
Host *
LogLevel DEBUG
I like to add debugging when im first setting things up.As well I like to clear the terminal on connect. More info can be found here.

Now you can SSH in with
Code:
ssh <whatever>

GIT Setup
You can find GIT in the package center. Create a shared folder (mine’s called git), and give access to the user you created the key for. To create your first repo run the following commands
NAS:
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>
cd /volume1/git/
git --bare init <repo-name>.git
chown -R <nas-user>:users <repo-name>.git
cd <repo-name>.git
git update-server-info

Clone the newly created repo to your local dev machine
LOCAL:
Code:
cd ~/Documents/<working-dir>
git clone ssh://<nas-user>@<nas-local-ip>:<ssh-port>/volume1/git/<repo-name>.git
git config --global user.email “<email>@<address>”
git config --global user.name “Tyler Durden”
This will create a dir/folder called <repo-name>, and set your commit email and name.

Web Station setup
There are a few packages to install, depending on what you dev, at the least you’ll want the Web Station package. I can’t remember if it creates the DIR for you, but if not, create a shared folder (mine’s called web), and give access to the user you created the key for. You can access it at: http://<nas-local-ip>/index.html. I like to build a simple page to list all the sites that I have hosted.

GIT repo in Web Station && Auto Pull (Optional)
This next piece is a two parter, both are debated between devs. The first is putting your repo on your web server, as a means to deploy.
If your git server && web host are on different devices, you'll have to setup an ssh key for use between those machines.
NAS:
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>
cd /volume1/web/
git clone ssh://<nas-user>@<nas-local-ip>:<ssh-port>/volume1/git/<repo-name>.git
OR IF GIT SERVER AND WEB SERVER ARE SAME MACHINE
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>
cd /volume1/web/
git clone /volume1/git/<repo-name>.git
To deploy run the following commands.
NAS:
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>
cd /volume1/web/<repo-name>
git pull
The second is auto deploy on push. If someone pushes something funky to the repo, It will automatically push it live. This can be troublesome, but it’s a huge time saver.

Your post-receive file looks like this:
Code:
#!/usr/bin/env bash
TARGET="/volume1/web/<repo-name>"
GIT_DIR="/volume1/git/<repo-name>.git"
BRANCH="master"
while read oldrev newrev ref
do
# only checking out the master (or whatever branch you would like to deploy)
if [[ $ref = refs/heads/$BRANCH ]];
then
echo "Ref $ref received. Deploying ${BRANCH} branch to production..."
git --work-tree=$TARGET --git-dir=$GIT_DIR checkout -f
else
echo "Ref $ref received. Doing nothing: only the ${BRANCH} branch may be deployed on this server."
fi
echo "<repo-name> is now on web/<repo-name>”
done

OR IF GIT SERVER AND WEB SERVER ARE SAME MACHINE
Code:
#!/usr/bin/env bash
TARGET="/volume1/web/<repo-name>"
GIT_DIR="/volume1/git/<repo-name>.git"
BRANCH="master"
cd $TARGET && git --git-dir=$TARGET/.git pull
After you created the file move it to /volume1/git/<repo-name>.git/hooks on your NAS, and run the following commands. You are also making it executable.

NAS:
Code:
ssh <nas-user>@<nas-local-ip> -p <ssh-port>
cd /volume1/git/<repo-name>.git/hooks
chmod +x post-receive
I personally wouldn’t use either on a prod server, but it’s fine for a dev server. I personally wouldn’t run a prod server on a NAS connected to my residential network either.
I hope you found my first tut helpful. Reach out if you want some help. Feel free to comment corrections, or an ideal way of doing something.

to be continued...
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Back
Top