Synology NAS bakup on Tardigrade

Hogion · February 22, 2020, 11:15am

Hi,

Does anybody has used, or has experience with, Tardigrade to backup a Sinology NAS (Hyper Backup, S3…) ?

I would like to test the backup of my NAS on Tardigrade.

Thanks in advance.

Hogion

BrightSilence · February 22, 2020, 11:40am

Unfortunately the implementation of S3 backups on Synology’s native apps is fairly limited and focused on Amazon S3. While it allows you to add a custom server, it does not allow you to change many of the settings for it. And 2 specific settings are a problem.

Synology only supports https connections and the Tardigrade S3 gateway runs over http.
Synology assumes vhost style paths that Amazon has been using for a while now, but the S3 gateway uses direct paths to point to buckets.

Because of these two reasons it is currently not possible to use the S3 gateway with Synology. Though you may be able to fix the first issue by changing settings. (I’m not sure, haven’t looked into it because the second issue would still be a problem.)

If you do find a work around, please report back, because I wanted to use the same thing, but gave up on it for now.

heunland · February 22, 2020, 2:45pm

Please stay tuned, we plan to publish NAS specific Tardigrade Backup instructions soon.

Hogion · February 23, 2020, 4:31pm

Ok !

Thanks for the information and your replies.

I’ll stay tuned.

Hogion

elan · April 8, 2020, 4:59am

Why does the Tardigrade S3 gateway run over HTTP?

Is it because clients are responsible for their own encryption?

BrightSilence · April 8, 2020, 7:08am

Because it’s not meant to be publicly exposed. It’s meant to run inside the same network or even the same system.

elan · April 8, 2020, 11:57am

Thanks.

That is understandable however a naive assumption that your own network is safe.

See: http://wapo.st/1bCL7HK

SSL is now recommended to be used everywhere.

Even service meshes within the same kubernetes cluster encrypt local traffic with mTLS by default.

It’s also trivial to implement https, especially in a library rich environment that go provides.

Just my two cents.

BrightSilence · April 8, 2020, 12:01pm

I don’t disagree. Though having to deal with certificates would add a bit of hassle. And since it’s mostly internal IP’s or hostnames let’s encrypt won’t help here either.

elan · April 8, 2020, 12:17pm

Right, you’d need a CA to sign them.

Perhaps the guidance here should be to put HA proxy or nginx for hostname/SSL termination to enable more existing integrations.

elan · April 8, 2020, 2:04pm

To add for others who find this post and need a solution:

You can use let’s encrypt to get the cert and then use the cert in non-public networks.

This will give you real certificates that have been signed by trusted roots CAs.

You can then put HA proxy for nginx in front of the s3 gateway and setup cnames and SSL termination there.

kaloyan · April 10, 2020, 7:15am

The S3 Gateway is based on MinIO and it can be configured to run with HTTPS/TLS.

The MinIO guide is here: https://docs.min.io/docs/how-to-secure-access-to-minio-server-with-tls.html#using-open-ssl

A few hints from my own experience if you are running the S3 Gateway on localhost:

Generate the certificate with the command recommended here: https://letsencrypt.org/docs/certificates-for-localhost/
Rename the generated files to public.crt and private.key.
Copy these two files to the gateway’s certificate directory. It should be ~/.local/share/storj/gateway/minio/certs/
3.1. You can change minio configuration directory using the --minio.dir flag with the gateway run command.
Run again the gateway and now it will be accessible via HTTPS instead of HTTP. No additional flags required.

Hogion · December 11, 2020, 6:28pm

Hi,

I would like to know if there are some updates since my first question few months ago (backup of my Synology NAS on Tardigrade).

I’m planning to stay home for the Chritmas holiday (don’t ask me why ) and will have time to do some tests.

Thanks in advance.

Hogion

Alexey · December 12, 2020, 2:09pm

At the moment you can do it with duplicati: https://documentation.tardigrade.io/how-tos/backup-with-duplicati
The needed functions of S3 protocol for the native Synology backup tool is not publicly available yet. The public hosted S3 gateway is an active development, so stay tuned!

Hogion · December 12, 2020, 4:20pm

Thank you for the advice.

I’ll test and stay tuned.

Hogion

23.6346.12 · June 21, 2021, 8:31pm

Hello to all,
have there been any updates on this topic? If I understand it correctly, the S3 Gateway has received some major updates recently. Can Synology Users make an “offsite Backup” to Storj’s DCS?
Thanks!

BrightSilence · June 21, 2021, 8:48pm

Yes, I can confirm that both hyper backup and cloud sync work perfectly now with Synology through the gateway mt.

23.6346.12 · June 21, 2021, 9:02pm

Trank you!
Could you please describe in 2-3 sentences how to set it up? Many thanks!

BrightSilence · June 21, 2021, 9:06pm

I’m not near a system with access to my Synology ATM. But it’s basically just creating bucket and an access grant in the satellite web UI and at the end of the process clicking the option to get gateway credentials. That should give you the url key and secret. On Synology you pick S3 storage and select the custom S3 setup. Fill in the info that was supplied in the satellite UI. If it asks about part size pick 64MB if possible. That should do it. If you get stuck somewhere please share a screenshot of what’s not working.

23.6346.12 · June 21, 2021, 9:21pm

Many thanks! I really appreciate you took the time to write a short description. And I am glad the compatibility is now there. I understood your steps!

Hogion · June 26, 2021, 8:26am

Thanks for the updated information. I will test it on my side.

Hogion