Install on a standalone WD NAS (with non-official firmware)

Hi all.
I just successfully got a full install on a WD NAS. If I get a reply here indicating any interest, I’ll put together something like a how-to or at least a log of install actions so that others could try to replicate. The NASs are great for small museums, basically they are a $200 server. The negative is that my actions may be model-specific and the hardware changes over time, but maybe my experience could help others. What are community’s thoughts? Thanks.

In all cases, you can publish your how-to here or on your blog.

I’m working on a project for some villages in a tropical country, where there is no internet access, so it may interest me.

The main point to check is the stability and the long term maintenance of the solution. Is it simpler and more maintainable than a standard computer (300 dollars nowadays) with a standard Linux distribution?

Omeka NAS Setup notes
We successfully hacked omeka onto a WD cloud device
with significant help from
Be sure to buy an appropriate WD cloud device model and revision or this may not work.
But a pretty good technician could use this to hack other models, etc.

===preliminary notes====

Note, the hacking of a WD cloud device is risky and may immediately "brick" said device. Continue
	at your own risk. You are completely hacking this device, reorganizing partitions, etc, so
	if that scares you... stop now.

performer should know basic linux, windows, and technical skills such as 
	cd, ls, ln -s, mkdir, rmdir, rm, chown, chdir.
	how to use vi, more/less, grep, apt-get
	FTP, telnet, ssh, http, TCP ports, url/uri to non port-80 etc.
	Will also need a windows or "client" machine to browse web and up/download files
		with ssh, telnet, a good web browser, and SMB/NetBIOS client capability
		I use putty.exe with a -l for LOGIN argument, but below say "ssh" instead of putty.exe
	Will also have to have control over the router or at least access to view dhcp'd IPs.
	The system will have to initially be connected to the internet, but can run standalone.
	in should be an intermediate-level IT person.

This how-to was prototyped and built in an environment where network security was not a concern.
	for example, file/directory acls are left at 777, all important passwords are "the same", etc.
	we don't leave default passwords, but still it isn't particularly hardened.
	Most Production environments likely will want to add security features.

"doing it right" was not a major concern here. 
	this was a prototype exercise, omeka piggybacks on the php listener for 
	omv, not a dedicated php listener. Additionally, we didn't surgically test
	every setting, when we had a problem, we did a shotgun approach to resolve
	so some settings/actions below may not be required.
	this was built in amber, We made no provisions for future patches or updates.
	This was built for "big" uploads of up to 256M, settings reflect that.
	As they used to say in my college textbooks.. security, logging, and 
		efficiency efforts are "left as an exercise for the reader".
	no backup provisions

list of important directories
	/etc/nginx  #config files for nginx
	/etc/php5/fpm/pool.d #config files for php pool
	/etc/openmediavault   #config files for OMV
	/var/log  #contains logs for pretty much everything
	/home/UserData/  #contains db_dir, public_html and is top-level of smb share.
	/home/UserData/public_html/Omeka #contains omeka install

list of final URLs, important users and passwords ( aka <VARIABLES> ) from the procedure below.

	Omeka admin
		user=<OM_ADMIN_USER>  pass=<OM_ADMIN_PASS>

		user=root    pass=<PHP_MYADMIN_PWD>

		user=admin    pass=<WEB_ADMIN_PWD>
		ssh -l root <NEW_STATIC_IP>

===end prelim notes===

###Unboxing nas and basic getting online
Physical items
	unbox NAAS
	Label Disk w/ labelmaker.
	Label power supply w/ labelmaker
	Label Ethernet cable w/ labelmaker
	note last 4 of mac                  <MAC>: _________
	plug into ether
	plug into power

initial config and making sane.. (this may all not be needed, many of these settings will be wiped later)
	from a windows workstation, and hopefully will find the disk on your local segment, else may need
		to try to use the mac and some sleuthing on local dhcp server (router) to access.
	set admin password: (user is admin)
		note it here, <ADMIN_PWD>: ___________
	Turn off auto-update firmware
	Turn off Product improvement Program
	Do not register.
	Click Finish, 
		note IP address <DHCP_IP>: ____.____.____.____
	click on "settings" 
	under "general tab" on left
	rename as you choose, 
		note new name:_______________    Serial Number: ________________
	(you may have to relogin after changing name and applying, if so go back to "settings->general tab"
	Set clock and timezone
	set time to 24 hr format
	Turn off Cloud access
	Disable Energy Saver
	Change Web Access Timeout to 15 Minutes
	Disable Mac Backups Time Machine
	under "Media Tab"
	Disable Media Server "streaming"
	Disable iTunes
	Under Network
		enable SSH
		note initial username is SSHD, (no change needed)
		create and note a password  <SSHD_password>: ______________
	Change IPV4Network mode to Static
		set and note new IP  <Static_IP>:   ____.____.____.____
	change client browser to new IP address,	
		login again 
	Under Device, Update Firmware, note new version and read release notes. New version ________________
		It will take about 2-3 minutes after new firmware download to reboot, don't panic
		login again 
	Under "shares" remove "smartware" and "timemachinebackup" by clicking on the folder with a minus sign.

	Test ssh (note it will be a new cert) using a ssh client of your choice from workstation
		ssh -l sshd <Static_IP>
			will use the password from above <SSHD_password>
		cd into /shares/Public
		delete (rm -r) all 3 default-created directories (shared music, shared pictures, shared Videos)
			rm -r "Shared Music"
			rm -r "Shared Pictures"
			rm -r "Shared Videos"
		cd to /shares/Public, 
			mkdir public_html
			cd public_html
			#create dummy index.htm in public_html
				echo "<html><head><title>Test</title><body><h1>test page</h1></body></html>" >> index.htm
			chmod 755 index.htm

===move to version 4.x of firmware===
Review doc at
Download the latest 4.x zip file to your workstation
	I used 04.04.04-101
with a browser, access the webpage of the nas at http://<Static_IP>/
	go to settings->firmware update->[updated from file]
	select the file that you just downloaded.
	The file will upload to the nas and will take another 3-5 mins after reboot to apply.
after firmware upgrade # Default SSH login/password has changed: root/mycloud
	ssh -l root <Static_IP> (you may get a certificate warning again)
		password (default) = mycloud

===install debian and OMV onto mycloud device===
Read this whole section in THIS document before attempting to run the instructions in _howto_en.txt (referenced below)
	There are some extra notes here.

Download to your workstation 3 files 
	uImage uRamdisk and jessie-rootfs.tar.gz

you probably want to access the mycloud via SMB by start->run on workstation and \\<Static_IP>\ 
	copy those 3 files to it prior to next step...

Follow instructions at

Note that there is a method on the above site to unbrick using a USB stick, it won't restore
deleted files, but it can help get things on track again.

Note while running the procedure that he has a couple of typos..  
	a "xz" instead of "gz" and sometimes he mis-orders the filename
	of his image file rootfs-jessie versus jessie-rootfs
The first reboot may take 3+ minutes, but seems to go quickly for me.

After the first reboot, the IP AND THE MAC are now different.
	you will have to hunt for an unknown MAC on your router to find the new IP.
		<NEW_DHCP_IP>: ____.____.____.____
the first telnet into the machine has no user or password prompt.

The second reboot will also have to search for the device on your router, but
it will have the original/documented <MAC> from way above

The first ssh will probably throw a certificate alert.

# Default SSH login/password: root/mycloud
# Default OMV login/pass is: admin / openmediavault

in ssh, when you run omv-initsystem it may error.. is okay
The last section of the anionix doc tells you to login to OMV and doesn't specify
that this login should be via the browser to the IP address...

===config omv===
During the next few steps, you will "save" and then "apply" which may cause a reboot
Please note, that since you are changing network address info and ports, you may have to
re-login after an "apply"
Now login to the site via browser by loading the ip address, <NEW_DHCP_IP>
ssh - enable it, leave rest default [save apply]
general->web administrator password set to new password, note here. <WEB_ADMIN_PWD>: __________
network->interfaces modify.. set to static, set DNS, [save apply] note here     <NEW_STATIC_IP>: ____.____.____.____
	login via new static IP
network->general rename hostname to your choice [save apply] <HOSTNAME>:___________
network->firewall Add firewall to allow all local and disallow external network
	mine is input, accept, ipv4,, -, -, -, All, allow all in local network
	[save apply]
general->web administration move port to 8080, set timeout to 15 [save, apply]
	it may "error".
	login via static IP with http://<NEW_STATIC_IP>:8080/ 
		(user=admin, pass=<WEB_ADMIN_PWD> )
on the upper right menu, reboot.

after reboot

ssh in to the device as root and change the root password:
	ssh -l root <NEW_STATIC_IP>
	passwd = mycloud
	use passwd command in unix to set to new chosen passwd  <ROOT_PWD>: _____________

while ssh'd in create a directory in /home
	cd /home
	mkdir UserData
	chmod 777 UserData

####Set up CIFS/SMB
I had a lot of trouble with the next step, the device droplist would not "autofill".
#######Autofill possible fix
To get around it, this seemed to work:
Open both a ssh session and a web session to the device at :8080
	http://<NEW_STATIC_IP>:8080/    user=admin, pass=<WEB_ADMIN_PWD>
	ssh -l root <NEW_STATIC_IP>
while ssh'd in
	umount /home
then in the web session
	FileSystems->click on the unmounted one and [mount] but do not apply
	shared folders->add
		name= UserData
		device= /dev/sda2 (the only one available)
		path= UserData/
		permissions, leave default
	[save apply]
go to 3-dot menu on upper right and reboot, 
	see if the above setting "stuck"
	in ssh, reboot system

######After Autofill seems to work
After reboot...
SMB/CIFS->settings  enable [save]
SMB/CIFS->shares  [add] 
	shared folder droplist = should auto-populate to UserData on /dev/sda2, UserData/
	public=Only Guests
	Hide dot files=false
	[save, apply]

#test smb access via UNC in windows start->run \\<NEW_STATIC_IP>\
	you should see "UserData"
	test creation of subdir and files, edit a text file, etc.
	basically you are testing the NAS portion of this.. you will need it later.

###time config
	ssh -l root <NEW_STATIC_IP>
	set tz with command:
		dpkg-reconfigure tzdata

	set approx date/time to today (change numbers below to the obvious ones)... we will get NTP in next step
		date --set 2016-11-22 
		date --set 21:08:00
===install php, nginx, mysql, other helper items===
#if not already ssh'd in as root..
ssh -l root <NEW_STATIC_IP>

	apt-get install ntp
	apt-get install mysql-server
	service mysql status (just to see if it is running)
	nginx is already installed.. no need to install it again
	apt-get install phpmyadmin
		#you'll choose a password, <PHP_MYADMIN_PWD>: ____________________
	#review document
		#create links as noted: 
		ln -s /usr/share/phpmyadmin /usr/share/nginx/html

###phpmyadmin on port 8081, create /etc/nginx/sites-available/phpmyadmin on port 8081
	cd /etc/nginx/sites-available
	cp default phpmyadmin
	vi phpmyadmin...
	#The following is my version of it:
		server {
		   	server_name phpmyadmin;
    			root /usr/share/nginx/html;
			index index.php;
			autoindex off;
			server_tokens off;
			sendfile on;
			large_client_header_buffers 4 32k;
			client_max_body_size 25M;
			error_log /var/log/nginx/phpmyadmin.log error;
			access_log /var/log/nginx/phpmyadmin.log combined;
			error_page 404 = /404.php;
			location /404.html {
			location /extjs/ {
				alias /usr/share/javascript/extjs5/;
    			#location /images/ {
			#	alias /var/www/openmediavault/images/;
    			location ~ \.php$ {
        			try_files $uri =404;
        			fastcgi_split_path_info ^(.+\.php)(/.+)$;
        			fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock;
       				fastcgi_index index.php;
        			fastcgi_read_timeout 60s;
        			include fastcgi.conf;
    			listen [::]:8081 ipv6only=off;
    			#include /etc/nginx/openmediavault-webgui.d/*.conf;


	#link sites-enabled/phpmyadmin to this file /etc/nginx/sites-available/phpmyadmin
		cd /etc/nginx/sites-enabled
		ln -s ../sites-available/phpmyadmin phpmyadmin
		service nginx restart

#in a browser...
		see if it loads, no need to login yet.

back in SSH session
	apt-get install ImageMagick
	apt-get install unzip
	apt-get install php5-imagick
	apt-get install php5-gd
	service php5-fpm restart

===install omeka===

#create a dir to upload files via SMB in an ssh session
	mkdir /home/UserData/source

#from your workstation, using SMB, upload the omeka distribution (I used 
#to this "source" dir. this is also a good place to dump plugin zips, etc.

#Create public_html and unzip omeka, rename x.x.x directory to simply "Omeka"
#in an ssh session
	mkdir /home/UserData/public_html
	cd /home/UserData
	chmod g-s public_html
	cd public_html
	unzip ../source/
	mv omeka-2.4.1 Omeka

now access phpadmin at http://<NEW_STATIC_IP>:8081/
	default user/pass is root / <PHP_MYADMIN_PWD>
	in phpmyadmin create a user 
		user: <OMEKA_USER>:_____________
		with pass          <OMEKA_PWD>: ___________________
	make sure user can only login from localhost

	in ssh session
		cd /home/UserData/public_html/Omeka
		vi db.ini and update w/ users and passwords.

===Clean up mod rewrite crap===
copy file at to /etc/nginx/sites-available/omeka
	(select text in web browser from above site, and in an ssh-session
		cd /etc/nginx/sites-available/
		vi omeka
			paste text into new file.
		cd /etc/nginx/sites-enabled
		ln -s ../sites-available/omeka omeka
		service nginx restart

enable error messages  
	in an ssh session	
	vi /home/UserData/public_html/Omeka/.htaccess
		unhash SetEnv Application_env development
	chmod 777 /home/UserData/public_html/Omeka/application/logs/errors.log
	cd /home/UserData/public_html/Omeka/application/config/
		vi config.ini
			change log.errors to true
	> /var/log/nginx/omeka.log  (clears log)
	service nginx restart

At this point you may need to "install" omeka and choose admin user and password
	(I was copying an original install, so didn't do this)
	probably will have to set an admin user and password.
	see doc at
#may need to go to admin pane in omeka and upgrade database...

chmod -R 777 /home/UserData/public_html/Omeka/files

######fix filesize issues
in SSH session...
mod .htaccess to new max filesize
	cd /home/UserData/public_html/Omeka
	vi .htaccess
	in PHP Settings section between the <IfModule..> add following 2 lines
		php_value upload_max_filesize 256M
		php_value post_max_size 256M

mod .conf file
	cd /etc/php5/fpm/pool.d
	vi openmediavault-webgui.conf 
		php_value[post_max_size] = 256M
		php_value[upload_max_filesize] = 256M
		php_value[max_execution_time] = 256
		php_value[default_socket_timeout] = 256

mod nginx config file 
	cd /etc/nginx
	vi nginx.conf set keepalive_timeout
		keepalive_timeout    512;    ##This line is incredibly important
	#add next lines to end of http{} block
        ##Omeka helpers
                client_max_body_size 256m;
                client_body_timeout  256s;
                client_body_buffer_size 1024K;
                client_body_in_file_only clean;

edit nginx omeka site file
	cd /etc/nginx/sites-available/
	vi omeka
	#my version:
	server {
		server_name omeka;
		root /home/UserData/public_html/Omeka;
		index index.php;
		autoindex off;
		server_tokens off;
		sendfile on;
		large_client_header_buffers 4 32k;
		client_max_body_size 256M;
		error_log /var/log/nginx/omeka.log error;
		access_log /var/log/nginx/omeka.log combined;
		error_page 404 = /404.php;
		fastcgi_read_timeout 256s;
		location /install {
			try_files $uri $uri/ /install/index.php?$query_string;

		location = /admin/themes/ {
			rewrite ^ /admin/index.php?$query_string;

		location /admin {
			try_files $uri $uri/ /admin/index.php?$query_string;

		location / {
			try_files $uri $uri/ /index.php?$query_string;

		location ~ \.php$ {
			try_files $uri =404;
			fastcgi_split_path_info ^(.+\.php)(/.+)$;
			fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock;
			fastcgi_index index.php;
			fastcgi_read_timeout 256s;
			include fastcgi.conf;
		listen [::]:80 ipv6only=off;

service php5-fpm restart
service nginx restart

At this point hopefully "congratulations!" you should be able to hit your omeka site, myphpadmin, and omv.