lobisierra.blogg.se

14 Januari 2023 - 00:14
Synology syncthing
Allmänt
Synology syncthing








synology syncthing
  1. #SYNOLOGY SYNCTHING UPDATE#
  2. #SYNOLOGY SYNCTHING FULL#
  3. #SYNOLOGY SYNCTHING FREE#
synology syncthing

However, “Flexible” only secures the first part of the chain (from the browser to Cloudflare) – the traffic sent from Cloudflare to our server not being encrypted. Now we could choose to just select “Flexible” or “Full” from the options available. This is evidenced in the below diagram which shows padlocked (encrypted) traffic from the browser to the Cloudflare Servers (the edge part of the connection), and similarly for the proxied traffic to our origin server. In laymans terms, this means the traffic sent from a browser to our server (via Cloudflare) is encrypted and authenticated using trusted SSL certificates at each stage of the journey.

#SYNOLOGY SYNCTHING FULL#

The aim of our setup is to implement “SSL Full Strict” security. By default, Cloudflare sets up a universal wildfire edge certificate for your domain (wildfire meaning the certificate will be valid for any sub-domain you create), as well as providing an interface to generate an origin certificate (should you need it). The Cloudflare SSL interface has settings for two types of certificate – the Edge (proxy-server) certificate, and the origin (your server’s) certificate.

#SYNOLOGY SYNCTHING FREE#

Once you’re set up and Cloudflare has registered the nameserver switch, you are free to start configuring the SSL settings.

synology syncthing

This great tutorial explains one way to achieve this.

#SYNOLOGY SYNCTHING UPDATE#

If you have a dynamic rather than static IP address, you will also need to add a custom dynamic DNS entry within the Synology DSM interface to update Cloudflare when your IP Changes. Note, the nameserver transfer process usually takes a few hours, but to propagate fully across the globe, you’re probably talking at least 24 hours and maybe 48. As such, you will need to consider the security implications of disclosing your server’s IP address (something Cloudflare will notify you about if your DNS records expose your IP). However, in some instances this simply isn’t possible, given that Cloudflare will only proxy traffic sent over the http protocol. It is also wise to replicate your DNS records before making the switch to make the transition as smooth as possible (just make sure you proxy any record that points to your server’s IP).įor records that you can’t proxy (for example MX records), if these point to your server, you may wish to consider using a relay service to be able to keep masking your IP (as discussed in this article). Cloudflare will tell you the names of the servers to use as part of the setup process. The set up process will require you to migrate your domain’s nameservers over to theirs. To get started you need to set up an account with Cloudflare, opting for their free service (unless you want the web application firewall and other features).

  • autonomous management of my SSL certificates – I had found Synology DSM to be temperamental with it’s automatic renewal of Let’s Encrypt certificates and I wanted something that was largely set and forget.
    • Synology does allow SAN lists within their Let’s Encrypt interface, but restricts the length to a few hundred characters, significantly limiting the usefulness when managing several sub-domains.
  • the use of wildcard certificates (not currently supported by Synology DSM 6 for Let’s Encrypt).
  • a free caching service – helping reduce the load on my server.
    • Arguably QuickConnect also offers some of this, but you cannot use your own custom domain
  • an added element of security, by masking my server’s IP address and providing basic DDoS protection.
    • So why would you want any of this when Synology offers QuickConnect and can manage Let’s Encrypt certificate generation and renewal? Well for me, Cloudflare provided: Their free service includes DNS management, a reverse proxy and basic DDoS attack prevention, as well as free modern SSL services to help secure your server’s traffic. They are also registered on the US Privacy Shield Framework, which at the point of writing, helps with GDPR compliance. This article will take you through the steps I followed to set up my Synology NAS, using Cloudflare to proxy my web traffic and secure in-transit connections to my server.įor those who don’t know about Cloudflare, they are an American web-infrastructure and website-security company offering a variety of services at differing cost brackets.










    Synology syncthing
    0 kommentar(er)
    Om Mig: