Hi all.
I just successfully got a full install on a WD NAS. If I get a reply here indicating any interest, I’ll put together something like a how-to or at least a log of install actions so that others could try to replicate. The NASs are great for small museums, basically they are a $200 server. The negative is that my actions may be model-specific and the hardware changes over time, but maybe my experience could help others. What are community’s thoughts? Thanks.
In all cases, you can publish your how-to here or on your blog.
I’m working on a project for some villages in a tropical country, where there is no internet access, so it may interest me.
The main point to check is the stability and the long term maintenance of the solution. Is it simpler and more maintainable than a standard computer (300 dollars nowadays) with a standard Linux distribution?
Omeka NAS Setup notes
We successfully hacked omeka onto a WD cloud device
with significant help from http://ftp.anionix.ru/WDMyCloud
Be sure to buy an appropriate WD cloud device model and revision or this may not work.
But a pretty good technician could use this to hack other models, etc.
===preliminary notes====
Note, the hacking of a WD cloud device is risky and may immediately "brick" said device. Continue
at your own risk. You are completely hacking this device, reorganizing partitions, etc, so
if that scares you... stop now.
performer should know basic linux, windows, and technical skills such as
cd, ls, ln -s, mkdir, rmdir, rm, chown, chdir.
how to use vi, more/less, grep, apt-get
FTP, telnet, ssh, http, TCP ports, url/uri to non port-80 etc.
Will also need a windows or "client" machine to browse web and up/download files
with ssh, telnet, a good web browser, and SMB/NetBIOS client capability
I use putty.exe with a -l for LOGIN argument, but below say "ssh" instead of putty.exe
Will also have to have control over the router or at least access to view dhcp'd IPs.
The system will have to initially be connected to the internet, but can run standalone.
in short...you should be an intermediate-level IT person.
This how-to was prototyped and built in an environment where network security was not a concern.
for example, file/directory acls are left at 777, all important passwords are "the same", etc.
we don't leave default passwords, but still it isn't particularly hardened.
Most Production environments likely will want to add security features.
"doing it right" was not a major concern here.
this was a prototype exercise, omeka piggybacks on the php listener for
omv, not a dedicated php listener. Additionally, we didn't surgically test
every setting, when we had a problem, we did a shotgun approach to resolve
so some settings/actions below may not be required.
this was built in amber, We made no provisions for future patches or updates.
This was built for "big" uploads of up to 256M, settings reflect that.
As they used to say in my college textbooks.. security, logging, and
efficiency efforts are "left as an exercise for the reader".
no backup provisions
list of important directories
/etc/nginx #config files for nginx
/etc/php5/fpm/pool.d #config files for php pool
/etc/openmediavault #config files for OMV
/var/log #contains logs for pretty much everything
/home/UserData/ #contains db_dir, public_html and is top-level of smb share.
/home/UserData/public_html/Omeka #contains omeka install
list of final URLs, important users and passwords ( aka <VARIABLES> ) from the procedure below.
omeka
http://<NEW_STATIC_IP>
Omeka admin
http://<NEW_STATIC_IP>/admin/
user=<OM_ADMIN_USER> pass=<OM_ADMIN_PASS>
myphp
http://<NEW_STATIC_IP>:8081/
user=root pass=<PHP_MYADMIN_PWD>
OMV
http://<NEW_STATIC_IP>:8080/
user=admin pass=<WEB_ADMIN_PWD>
SSH
ssh -l root <NEW_STATIC_IP>
pass=<ROOT_PWD>
===end prelim notes===
###Unboxing nas and basic getting online
Physical items
unbox NAAS
Label Disk w/ labelmaker.
Label power supply w/ labelmaker
Label Ethernet cable w/ labelmaker
note last 4 of mac <MAC>: _________
plug into ether
plug into power
initial config and making sane.. (this may all not be needed, many of these settings will be wiped later)
from a windows workstation, mycloud.com/setup and hopefully will find the disk on your local segment, else may need
to try to use the mac and some sleuthing on local dhcp server (router) to access.
set admin password: (user is admin)
note it here, <ADMIN_PWD>: ___________
Turn off auto-update firmware
Turn off Product improvement Program
Do not register.
Click Finish,
note IP address <DHCP_IP>: ____.____.____.____
click on "settings"
under "general tab" on left
rename as you choose,
note new name:_______________ Serial Number: ________________
(you may have to relogin after changing name and applying, if so go back to "settings->general tab"
Set clock and timezone
set time to 24 hr format
Turn off Cloud access
Disable Energy Saver
Change Web Access Timeout to 15 Minutes
Disable Mac Backups Time Machine
under "Media Tab"
Disable Media Server "streaming"
Disable iTunes
Under Network
enable SSH
note initial username is SSHD, (no change needed)
create and note a password <SSHD_password>: ______________
Change IPV4Network mode to Static
set and note new IP <Static_IP>: ____.____.____.____
change client browser to new IP address,
http://<STATIC_IP>/
login again
admin
<ADMIN_PWD>
Under Device, Update Firmware, note new version and read release notes. New version ________________
It will take about 2-3 minutes after new firmware download to reboot, don't panic
http://<STATIC_IP>/
login again
admin
<ADMIN_PWD>
Under "shares" remove "smartware" and "timemachinebackup" by clicking on the folder with a minus sign.
Test ssh (note it will be a new cert) using a ssh client of your choice from workstation
ssh -l sshd <Static_IP>
will use the password from above <SSHD_password>
cd into /shares/Public
delete (rm -r) all 3 default-created directories (shared music, shared pictures, shared Videos)
rm -r "Shared Music"
rm -r "Shared Pictures"
rm -r "Shared Videos"
cd to /shares/Public,
mkdir public_html
cd public_html
#create dummy index.htm in public_html
echo "<html><head><title>Test</title><body><h1>test page</h1></body></html>" >> index.htm
chmod 755 index.htm
===move to version 4.x of firmware===
Review doc at
https://community.wd.com/t/wd-my-cloud-v4-x-and-v2-x-firmware-versions-download-links/148533
Download the latest 4.x zip file to your workstation
I used 04.04.04-101
with a browser, access the webpage of the nas at http://<Static_IP>/
go to settings->firmware update->[updated from file]
select the file that you just downloaded.
The file will upload to the nas and will take another 3-5 mins after reboot to apply.
after firmware upgrade # Default SSH login/password has changed: root/mycloud
ssh -l root <Static_IP> (you may get a certificate warning again)
password (default) = mycloud
===install debian and OMV onto mycloud device===
Read this whole section in THIS document before attempting to run the instructions in _howto_en.txt (referenced below)
There are some extra notes here.
Download to your workstation 3 files
uImage uRamdisk and jessie-rootfs.tar.gz
from http://ftp.anionix.ru/WDMyCloud/WDMyCloud-Gen2/Debian/
you probably want to access the mycloud via SMB by start->run on workstation and \\<Static_IP>\
copy those 3 files to it prior to next step...
Follow instructions at
http://ftp.anionix.ru/WDMyCloud/WDMyCloud-Gen2/Debian/_howto_en.txt
Note that there is a method on the above site to unbrick using a USB stick, it won't restore
deleted files, but it can help get things on track again.
Note while running the procedure that he has a couple of typos..
a "xz" instead of "gz" and sometimes he mis-orders the filename
of his image file rootfs-jessie versus jessie-rootfs
The first reboot may take 3+ minutes, but seems to go quickly for me.
After the first reboot, the IP AND THE MAC are now different.
you will have to hunt for an unknown MAC on your router to find the new IP.
<NEW_DHCP_IP>: ____.____.____.____
the first telnet into the machine has no user or password prompt.
The second reboot will also have to search for the device on your router, but
it will have the original/documented <MAC> from way above
The first ssh will probably throw a certificate alert.
# Default SSH login/password: root/mycloud
# Default OMV login/pass is: admin / openmediavault
in ssh, when you run omv-initsystem it may error.. is okay
The last section of the anionix doc tells you to login to OMV and doesn't specify
that this login should be via the browser to the IP address...
===config omv===
During the next few steps, you will "save" and then "apply" which may cause a reboot
Please note, that since you are changing network address info and ports, you may have to
re-login after an "apply"
Now login to the site via browser by loading the ip address, <NEW_DHCP_IP>
ssh - enable it, leave rest default [save apply]
general->web administrator password set to new password, note here. <WEB_ADMIN_PWD>: __________
network->interfaces modify.. set to static, set DNS, [save apply] note here <NEW_STATIC_IP>: ____.____.____.____
login via new static IP
network->general rename hostname to your choice [save apply] <HOSTNAME>:___________
network->firewall Add firewall to allow all local and disallow external network
mine is input, accept, ipv4, 192.168.1.0/24, -, -, -, All, allow all in local network
[save apply]
general->web administration move port to 8080, set timeout to 15 [save, apply]
it may "error".
login via static IP with http://<NEW_STATIC_IP>:8080/
(user=admin, pass=<WEB_ADMIN_PWD> )
on the upper right menu, reboot.
after reboot
ssh in to the device as root and change the root password:
ssh -l root <NEW_STATIC_IP>
passwd = mycloud
use passwd command in unix to set to new chosen passwd <ROOT_PWD>: _____________
while ssh'd in create a directory in /home
cd /home
mkdir UserData
chmod 777 UserData
####Set up CIFS/SMB
I had a lot of trouble with the next step, the device droplist would not "autofill".
#######Autofill possible fix
To get around it, this seemed to work:
Open both a ssh session and a web session to the device at :8080
http://<NEW_STATIC_IP>:8080/ user=admin, pass=<WEB_ADMIN_PWD>
ssh -l root <NEW_STATIC_IP>
pass=<ROOT_PWD>
while ssh'd in
umount /home
then in the web session
FileSystems->click on the unmounted one and [mount] but do not apply
shared folders->add
name= UserData
device= /dev/sda2 (the only one available)
path= UserData/
permissions, leave default
[save apply]
go to 3-dot menu on upper right and reboot,
see if the above setting "stuck"
in ssh, reboot system
######After Autofill seems to work
After reboot...
SMB/CIFS->settings enable [save]
SMB/CIFS->shares [add]
shared folder droplist = should auto-populate to UserData on /dev/sda2, UserData/
public=Only Guests
Browsable=true
Hide dot files=false
[save, apply]
#test smb access via UNC in windows start->run \\<NEW_STATIC_IP>\
you should see "UserData"
test creation of subdir and files, edit a text file, etc.
basically you are testing the NAS portion of this.. you will need it later.
###time config
ssh -l root <NEW_STATIC_IP>
pass=<ROOT_PWD>
set tz with command:
dpkg-reconfigure tzdata
set approx date/time to today (change numbers below to the obvious ones)... we will get NTP in next step
date --set 2016-11-22
date --set 21:08:00
,
===install php, nginx, mysql, other helper items===
#if not already ssh'd in as root..
ssh -l root <NEW_STATIC_IP>
pass=<ROOT_PWD>
apt-get install ntp
apt-get install mysql-server
service mysql status (just to see if it is running)
nginx is already installed.. no need to install it again
apt-get install phpmyadmin
#you'll choose a password, <PHP_MYADMIN_PWD>: ____________________
#review document https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-nginx-on-an-ubuntu-14-04-server
#create links as noted:
ln -s /usr/share/phpmyadmin /usr/share/nginx/html
###phpmyadmin on port 8081, create /etc/nginx/sites-available/phpmyadmin on port 8081
cd /etc/nginx/sites-available
cp default phpmyadmin
vi phpmyadmin...
#The following is my version of it:
server {
server_name phpmyadmin;
root /usr/share/nginx/html;
index index.php;
autoindex off;
server_tokens off;
sendfile on;
large_client_header_buffers 4 32k;
client_max_body_size 25M;
error_log /var/log/nginx/phpmyadmin.log error;
access_log /var/log/nginx/phpmyadmin.log combined;
error_page 404 = /404.php;
location /404.html {
internal;
}
location /extjs/ {
alias /usr/share/javascript/extjs5/;
}
#location /images/ {
# alias /var/www/openmediavault/images/;
#}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock;
fastcgi_index index.php;
fastcgi_read_timeout 60s;
include fastcgi.conf;
}
listen [::]:8081 ipv6only=off;
#include /etc/nginx/openmediavault-webgui.d/*.conf;
}
#link sites-enabled/phpmyadmin to this file /etc/nginx/sites-available/phpmyadmin
cd /etc/nginx/sites-enabled
ln -s ../sites-available/phpmyadmin phpmyadmin
service nginx restart
#in a browser...
http://<NEW_STATIC_IP>:8081/phpmyadmin
see if it loads, no need to login yet.
back in SSH session
apt-get install ImageMagick
apt-get install unzip
apt-get install php5-imagick
apt-get install php5-gd
service php5-fpm restart
===install omeka===
#create a dir to upload files via SMB in an ssh session
mkdir /home/UserData/source
#from your workstation, using SMB, upload the omeka distribution (I used omeka2.4.1.zip)
#to this "source" dir. this is also a good place to dump plugin zips, etc.
#Create public_html and unzip omeka, rename x.x.x directory to simply "Omeka"
#in an ssh session
mkdir /home/UserData/public_html
cd /home/UserData
chmod g-s public_html
cd public_html
unzip ../source/omeka-2.4.1.zip
mv omeka-2.4.1 Omeka
now access phpadmin at http://<NEW_STATIC_IP>:8081/
default user/pass is root / <PHP_MYADMIN_PWD>
in phpmyadmin create a user
user: <OMEKA_USER>:_____________
with pass <OMEKA_PWD>: ___________________
make sure user can only login from localhost
in ssh session
cd /home/UserData/public_html/Omeka
vi db.ini and update w/ users and passwords.
username="<OMEKA_USER>"
password="<OMEKA_PWD>"
===Clean up mod rewrite crap===
copy file at http://anhnguyen.name/omeka-on-nginx to /etc/nginx/sites-available/omeka
(select text in web browser from above site, and in an ssh-session
cd /etc/nginx/sites-available/
vi omeka
paste text into new file.
)
cd /etc/nginx/sites-enabled
ln -s ../sites-available/omeka omeka
service nginx restart
enable error messages
in an ssh session
vi /home/UserData/public_html/Omeka/.htaccess
unhash SetEnv Application_env development
chmod 777 /home/UserData/public_html/Omeka/application/logs/errors.log
cd /home/UserData/public_html/Omeka/application/config/
vi config.ini
change log.errors to true
> /var/log/nginx/omeka.log (clears log)
service nginx restart
At this point you may need to "install" omeka and choose admin user and password
(I was copying an original install, so didn't do this)
probably will have to set an admin user and password.
see doc at https://omeka.org/codex/Installation
<OM_ADMIN_USER>:_______________
<OM_ADMIN_PASS>:________________
#may need to go to admin pane in omeka and upgrade database...
http://<NEW_STATIC_IP>/admin/upgrade
chmod -R 777 /home/UserData/public_html/Omeka/files
######fix filesize issues
reference https://easyengine.io/tutorials/php/increase-file-upload-size-limit/
in SSH session...
mod .htaccess to new max filesize
cd /home/UserData/public_html/Omeka
vi .htaccess
in PHP Settings section between the <IfModule..> add following 2 lines
php_value upload_max_filesize 256M
php_value post_max_size 256M
mod .conf file
cd /etc/php5/fpm/pool.d
vi openmediavault-webgui.conf
php_value[post_max_size] = 256M
php_value[upload_max_filesize] = 256M
php_value[max_execution_time] = 256
php_value[default_socket_timeout] = 256
mod nginx config file
cd /etc/nginx
vi nginx.conf set keepalive_timeout
keepalive_timeout 512; ##This line is incredibly important
#add next lines to end of http{} block
##Omeka helpers
client_max_body_size 256m;
client_body_timeout 256s;
client_body_buffer_size 1024K;
client_body_in_file_only clean;
edit nginx omeka site file
cd /etc/nginx/sites-available/
vi omeka
#my version:
server {
server_name omeka;
root /home/UserData/public_html/Omeka;
index index.php;
autoindex off;
server_tokens off;
sendfile on;
large_client_header_buffers 4 32k;
client_max_body_size 256M;
error_log /var/log/nginx/omeka.log error;
access_log /var/log/nginx/omeka.log combined;
error_page 404 = /404.php;
fastcgi_read_timeout 256s;
location /install {
try_files $uri $uri/ /install/index.php?$query_string;
}
location = /admin/themes/ {
rewrite ^ /admin/index.php?$query_string;
}
location /admin {
try_files $uri $uri/ /admin/index.php?$query_string;
}
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm-openmediavault-webgui.sock;
fastcgi_index index.php;
fastcgi_read_timeout 256s;
include fastcgi.conf;
}
listen [::]:80 ipv6only=off;
}
service php5-fpm restart
service nginx restart
===============================================================
At this point hopefully "congratulations!" you should be able to hit your omeka site, myphpadmin, and omv.