RustDesk is a remote desktop software, the open source TeamViewer / AnyDesk alternative. You have full control of your data, with no concerns about security since it only sends data to a server that you setup. You can use a public rendezvous/relay server or self-host one. In this step by step guide I will show you how to install RustDesk on your Synology NAS using Docker and DSM 7.2 I've based a significant amount of this guide on https://drfrankenstein.co.uk guides. First, Follow the following 4 guides: Step 0: Docker, Memory Recommendations and Limitations Step 1: Directory Setup Guide Step 2: Setting up a restricted Docker user Step 3: Setting up a Docker Bridge Network Following these guides will give you a nice Docker folder structure, a restricted user to run your containers on (this is more secure) and a dedicated network for your containers. Lets Begin First we need to set up some folders for RustDesk to save its configuration files and also where the Project will save th
Oxidized is a "RANCID replacement" that has taken on a life of it's own. Designed to automatically store, compare, and log configuration files from network based equipment.
I've never used RANCID, or rConfig, or Sweet, but I wanted to more than a fileshare of all the latest configs of our devices, which is what we were doing.
Oxidized the seemed the easiest to setup.
Oxidized the seemed the easiest to setup.
Here is how I setup one up from scratch.
Installation
- Setup an Ubuntu server. I used 16.04.2, the LTS version available at the time.
- When asked to create a user, make it oxidized
- Set the timezone as UTC
- Run
apt-get update
and get everything current. - Install dependancies
sudo apt-get install ruby ruby-dev libsqlite3-dev libssl-dev pkg-config cmake libssh2-1-dev
- Install oxidized.
sudo gem install oxidized
- Install oxidized web front end
sudo gem install oxidized-script oxidized-web
- run oxidized with no args. This will create all the required directories, with a sample config in it.
oxidized
Configuration
- Edit the /home/oxidized/.config/oxidized/config to customize your system.
I've inserted comments with the // before them. This is not a valid operator, so don't attempt to use them. This is more to identify the places that you need to replace the defaults. I'm not pretending to know what all of these settings mean, but I'm identifying the ones to change. I don't recommend changing the other defaults unless you have a good reason. (for example, the thread counts)
- Copy the oxidized.services file from extras to /lib/systemd/system/
sudo cp /var/lib/gems/2.3.0/gems/oxidized-0.19.0/extra/oxidized.service /lib/systemd/system
- Set the service to start at boot
sudo systemctl enable oxidized.service
That should give you a fully functional Oxidized instance running. You can only access it from localhost.
Wait... What? You want authentication? HTTPS? Oxidized doesn't support that natively. The preferred suggestion seems to be:
- Run an NGINX instance on the same host, configured for HTTPS and authentication
- Configure Oxidized to only answer 127.0.0.1 queries. (This is Oxidized's default configuration)
Setup a NGINX forward proxy to enable SSL
- Add nginx-extras
apt-get install nginx-extras
- Remove the default site, and copy the example oxidized configuration to NGINX
sudo rm /etc/nginx/sites-enabled/default
sudo cp /var/lib/gems/2.3.0/gems/oxidized-0.19.0/extra/oxidized.nginx /etc/nginx/sites-enabled/default
- Edit the site config, and enable SSL
sudo vi /etc/nginx/sites-enabled/default
- Create the directory to hold the SSL certs
sudo mkdir /etc/nginx/ssl
- Create the SSL certificates
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
- sudo systemctl reload nginx
Your site show be available to both http and https connections now.
Configure NGINX to enable LDAP auth
- Install Prereq's
sudo apt-get install nodejs npm
sudo apt install nodejs-legacy - Create unprivelged user
useradd --shell /sbin/nologin -m nginx-auth - Clone the nginx-auth repository
sudo -u nginx-auth -H git clone https://github.com/justinjahn/nginx-auth.git - Installing NPM Packages
cd /home/nginx-auth/nginx-auth
sudo -u nginx-auth -H npm install
(Note, i had issues with NPM, had it install it twice) - Copy and edit the configuration file
sudo -u nginx-auth -H cp config/default.json.dist config/default.json
sudo -u nginx-auth -H vi config/default.json
- Install the LDAP Pam module
sudo apt-get install libpam-ldapd - Create the LDAP config File
sudo vi /etc/pam.d/nginx_restricted
auth required /lib/x86_64-linux-gnu/security/pam_listfile.so onerr=fail item=user \ sense=allow file=/etc/nginx/restricted_users
auth required /lib/x86_64-linux-gnu/security/pam_ldap.so
account required /lib/x86_64-linux-gnu/security/pam_ldap.so - Create the list of allowed groups
sudo vi /etc/nginx/restricted_users
With thanks to:
https://www.nginx.com/blog/nginx-plus-authenticate-users/
https://github.com/sto/ngx_http_auth_pam_module
https://www.nginx.com/blog/nginx-plus-authenticate-users/
https://github.com/sto/ngx_http_auth_pam_module
https://github.com/justinjahn/oxidized-manager
https://www.linode.com/docs/uptime/loadbalancing/use-nginx-as-a-front-end-proxy-and-software-load-balancer
http://blog.l3g3ndary.org/2015/08/11/nginx-with-microsoft-ad-authentication-and-fastcgi-load-balancing/
https://www.linode.com/docs/uptime/loadbalancing/use-nginx-as-a-front-end-proxy-and-software-load-balancer
http://blog.l3g3ndary.org/2015/08/11/nginx-with-microsoft-ad-authentication-and-fastcgi-load-balancing/
Hi Michael,
ReplyDeleteJust wanted to say big thank you for your tutorial here! On a side note. Steps 6 and 7 are missing for nginx ldap auth. Can you update it? THANKS again!