openmediavault(6.0) acme get Let’s encrypt SSL certificate for dynu ddns

1 Introduction

Acme.sh is a free project that can get free ssl certificate from Let’s encrypt. When we use openmediavault(6.0) as our nas, we often need to apply a certificate to enable ssl web interface and ensure we can get more data security.

2 Preparation

First, remove all things related to acme, including files and subdirectories in the root path.

3. Install dependencies

#apt-get install socat

4 Install and issue a certificate

#curl https://get.acme.sh | sh
#cd ./.acme.sh

append to the file account.conf the following content:

Dynu_ClientId='xxxxxxxxxxxxxxxxxxxxxxx'
Dynu_Secret='xxxxxxxxxxxxxxxxxxxxxxxxxxx'

test staging:
#~/.acme.sh/acme.sh  --staging --issue --dns dns_dynu -d example.org \
 --accountemail "ex@ex.com" 

after success:

#~/.acme.sh/acme.sh  --force --issue --dns dns_dynu -d example.org \
 --accountemail "ex@ex.com" 

The certificates generated by default are placed in ~/.acme.sh/, you can use the --install-cert command to copy the certificate to the specified location.
Only by copying the certificate in this way can it be automatically updated later, and the manually copied certificate cannot be automatically updated.

#mkdir /ssl
#export DOMAIN=example.org

#~/.acme.sh/acme.sh --install-cert -d "${DOMAIN}" \
    --cert-file      /ssl/"${DOMAIN}".crt  \
    --key-file       /ssl/"${DOMAIN}".key  \
    --fullchain-file /ssl/"${DOMAIN}"-fullchain.pem
Automatic updates can be turned on (optional)
#~/.acme.sh/acme.sh --upgrade --auto-upgrade
When acme.sh is installed, a cron task is automatically configured, which will check the certificate status every day. Of course, you can take a look at crontab.
#crontab -e

5 Import Certificate in openmediavault

Navigate to System->certificates->SSL, + to Import SSL certificates,
above: example.org.key
Below: example.org-fullchain.pem

6 Enable SSL in the web interface

Browse to System->Workbench, select the SSL certificate former generated,

enable the switch, then you can use port mapping from local to wan and access openmediavault

by the domain name using HTTPS protocol.

Using Let’s Encrypt Certification for Synology Nas Systems With dynu as DDNS Provider and auto-renew it (updated 5-26-23)

When we use the Synology Nas system it is convenient to access it from the webpage interface.

The common solution is using a ddns provider to get a domain name and access it.

But taking for security consideration, we often do not prefer the HTTP web interface,so we need to get an SSL certification from Let’s encrypt and use the HTTPS technique.

This tutorial shows you how to get Let’s encrypt certification by using dynu ddns provider and auto renew it.

​We use the following steps: 

1. SSH client login the Synology nas.

2. Issue the certificate through DNS-01 challenge.

3. Deploy the certificate.

4. Check if the certificate is active.

5. Create the automatically renew certificate task.

1. SSH client login  the Synology nas.

Be sure that you enable the ssh service in dsm control panel.

then login to dsm with ssh client.

$ sudo -i
$ wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh
$ sh ./acme.sh --install --nocron --home /volume1/pool/admin/acme

$ #Install the client’s API for dynu:
$ mkdir /volume1/pool/admin/acme/dnsapi && \
cd /volume1/pool/admin/acme/dnsapi && \
wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/dnsapi/dns_dynu.sh && \
cd /root

2. Issue the certificate by DNS-01 challenge

vi /volume1/pool/admin/acme/account.conf
add this fragment to the bottom of the file and save :

Dynu_ClientId='***************************'
Dynu_Secret='*******************************'

$/volume1/pool/admin/acme/acme.sh  --issue --dns dns_dynu -d example.com  \
 --accountemail "*@example.com" \
 --home /volume1/pool/admin/acme

3. Deploy the certificate.

First, we must install the deploy hook:

$ mkdir /volume1/pool/admin/acme/deploy && \
cd /volume1/pool/admin/acme/deploy && \
wget https://raw.githubusercontent.com/acmesh-official/acme.sh/master/deploy/synology_dsm.sh && \
cd /root

The structure of the installation directory should like this:

$export SYNO_Username="**"
$export SYNO_Password="******"
$export SYNO_Certificate="mycert01" 
$export SYNO_Create=1 
$/volume1/pool/admin/acme/acme.sh --deploy -d example.com --home /volume1/pool/admin/acme --deploy-hook synology_dsm 

4. Check if the certificate is active.

go to the dsm control panel->security->certificate to see if the certificate works, if it is, 

set it to default.

5. Create the automatically renew certificate task.

Go to the dsm control panel->Task Scheduler->Create->User defined script:

export SYNO_Username="**"
export SYNO_Password="************"

/volume1/pool/admin/acme/acme.sh --renew -d "*.example.com" --home /volume1/pool/admin/acme

The task user should be root.

That is all done.

js splice

//刪除位置2前面的元素,加入元素

var arr = new Array(6)
arr[0] = “George”
arr[1] = “John”
arr[2] = “Thomas”
arr[3] = “James”
arr[4] = “Adrew”
arr[5] = “Martin”

document.write(arr + “
“)
//刪除位置2前面的元素,加入元素
arr.splice(2,0,”William”)

document.write(arr + “
“)


定義和用法

slice() 方法可從已有的數組中返回選定的元素。
語法

arrayObject.slice(start,end)

使用 Promise


Promise 是一個表示非同步運算的最終完成或失敗的物件。由於多數人使用預建立的 Promise,這個導覽會先講解回傳 Promise 的使用方式,之後再介紹如何建立。

基本上,一個 Promise 是一個根據附加給他的 Callback 回傳的物件,以取代傳遞 Callback 到這個函數。

舉例來說,下方的範例若用舊方式應該會有兩個 Callback,並根據成功或失敗來決定使用哪個:

function successCallback(result) {
console.log(“It succeeded with ” + result);
}

function failureCallback(error) {
console.log(“It failed with ” + error);
}

doSomething(successCallback, failureCallback);
而新作法會回傳一個 Promise,這樣你就可以附加 Callback:

let promise = doSomething();
promise.then(successCallback, failureCallback);
再簡單點:

doSomething().then(successCallback, failureCallback);
我們稱之為 非同步函數呼叫。這個做法有許多好處,我們接下來看看。

保證
不如舊做法,一個 Promise 有這些保證:

Callback 不會在當次的迴圈運行結束前呼叫。
Callback 用 .then 添加,在非同步運算結束後呼叫,像前面那樣。
複 Callback 可以透過重複呼叫 .then 達成。
但 Promise 主要的立即好處是串連。

串連
有個常見的需求是依序呼叫兩個以上的非同步函數,我們稱之為建立 Promise 鏈。

docker modify ip

First,stop the containers running:

docker stop t1node

then, remove the subnet connected with the containers,ie:

docker network disconnect mynet t1node

docker network rm macnet

Create the new subnet and new gateway:

docker network create -d macvlan –subnet=192.168.2.0/24 –gateway=192.168.2.aaa -o parent=ens18 -o macvlan_mode=bridge mynet

Then,you can use new gateway and ip with container:

docker network connect –ip 192.168.2.xxx mynet t1node

docker start t1node

Document root is not updating

There is a default virtual host created by WampServer automatically.

<VirtualHost localhost:80>
DocumentRoot "D:/Archives"
ServerName localhost
<Directory "D:/Archives">
    Order allow,deny
    Allow from all
    Options Indexes FollowSymLinks
    AllowOverride all
    #   onlineoffline tag - don't remove
    Require all granted
</Directory>
</VirtualHost>