hosting a domain on a synology diskstation

There are two environments that need attention, when hosting a domain on a Synology Diskstation:

  1. Virtual Host (which organises the location of the files that your website is built out of), and
  2. DNS Server (which controls the Zone File that points web browsers at your website)

First of all, to configure your Virtual Host for your new website (which we will call example.co.uk):

Web Services -> Web Applications -> Virtual Host:

  • subfolder = example (without TLD suffix)
  • hostname = example.co.uk (with full TLD suffix)
  • OK

Now to configure your DNS Server and the Zone File:

Downloaded Packages -> DNS Server -> Zones:

  • Create Master Zone
    • Domain Type: Forward Zone
    • Domain Name: example.co.uk
    • Master DNS Server: static IP address
    • Serial format: Integer
    • OK
  • Edit Resource Record
    • Create:
    • MX Type
    • Name: mx
    • TTL: default
    • Priority: 10
    • Host/domain: example.co.uk
  • Create:
    • MX Type
    • Name: (leave blank this time)
    • TTL: default
    • Priority: 20
    • Host/domain: example.co.uk
  • Create:
    • CNAME
    • Name: (leave blank)
    • TTL: default
    • Canonical Name:
    • ns.example.co.uk
  • Create:
    • A Type
    • Name: (leave blank)
    • TTL: default
    • IP address: static IP address
  • Finish

And you’re done.

Email config is a separate thing. You need to follow these instructions for that.

ghost / node.js

so it seems that to run ghost i have to download, install and configure node.js?

oh

so much for the simple life

i’m getting the tar.gz for node.js, and downloading the ghost package

but it looks like there’s a lot of reading to be done before i get ghost up and running

this seems like a lot of effort just to look at a new product

but i’ll stick with it

slowly

as time allows

being probed/attempted hacks

The NAS has been getting a significant amount of hack attempts, since I enabled the MailServer functionality.

About 10-15 times in a 24-hour period, people (or, to be more accurate, things, because these probes are probably automated) attempts to log on to the root of MailServer as the primary user.

I guess that the bots that trawl the internet looking for open ports probed for, and found, the open port 25 (MailServer port) against the static IP address that the NAS uses.

My first line of defence was to implement a ‘three strikes and you’re out’ security policy. This will ban, for life, the IP address of anyone who unsuccessfully attempts to log on to the NAS three times.

My second line of defence was to set each NAS account and each email account with a new, digitally-encoded password, that meets GCHQ encryption standards.

I did check out the first couple of dozen IP addresses, but the only thing I learned was that invariably they were based in China.

It amused me that the Chinese Government (hacking community? – what’s the difference between the two?) would be so keen to get their hands on my priceless collection of unsigned music.

Or the many thousands of amusing Garfield strips that I keep, for some reason.

Or the entire second series of Outnumbered that I’ve never quite got around to deleting.

Or my porn.

Ahem.

So I have implemented two lines of defence: three strikes and you’re out for life, and all passwords set to a very high standard.

Is there anything else I can add?

Bear in mind we are only talking about probes to the MailServer – an application on the NAS – not probes to the NAS itself.

spam

The email account that is the object of all the email admin I’m looking at is getting hammered with spam.

It’s an old email account, the email address has been around the internet for a decade or so and it has been very public, so it’s not a big surprise that it’s getting spammed.

Over 99% of the spam comes from spoof email addresses (from hacked MailServers, I’m guessing) that begin ‘canada.medic@’.

I set a management rule in MailServer to discard any incoming traffic from all email addresses originating from ‘canada.medic’ attached to any domain name.

That did the trick.

The incoming traffic showed up on MailServer as incoming mail, but nothing was delivered to the incoming mailbox/email account.

Yay!

more mail admin: deleting email accounts

It looks like that, in order to delete/remove existing email accounts in the NAS I need to get down and dirty with some command line action.

I enabled Telnet and opened the appropriate port in the NAS firewall, and had a poke about /var/etc/packages/MailServer/ and everything looks like I’d expect it to.

But the more information I read, the more questions remain unanswered.

Do I need to remove the email account from MailServer?

Or do I need to remove the email account from the associated Dovecot package?

Or do I need to remove the email account from both?

Hmm.

I need to read even more, obv.

downing and upping

*updated*

A couple of nights ago I migrated another – very light traffic – website on to the NAS.

The only reason I did this was to document, in bullet-points, the process.

I’ll post the process on to the Synology Forums, because the step-by-step documentation for the Diskstation is pretty scant (and next to meaningless).

I’ve just updated phpMyAdmin (being a firm believer in keeping products up to date).

But I think that I’m just about done with hosting on the NAS.

I think it’s time to up my game.

My next step is to get the racked servers installed, configured, and get CentOS and some RAID products spread across the hard-disks.

Yep.

Time to up my game.

I’m going to down the NAS tonight.

Just a simple down.

But I have an eye on that phpMyAdmin upgrade I implemented earlier, and I’d like to bed it in properly with a cold start.

I’m just an oldschool Unix nerd, huh?

*update*

So, downing the NAS in an orderly fashion and bringing it back up delivered no discernible difference.

All services successfully restarted themselves, the four websites, php instances, MySQL databases and mailserver profiles all mounted correctly.

CPU is at 2%, RAM is at 30%

It’s all a bit anticlimactic really.

But also…

Very good.

practising hosting/email; aiming for a hosting metric

This evening I migrated my primary (top level domain) website and the associated blog from the established hosting servers in Arizona to my NAS.

This was slightly more complex than anything I’ve attempted before; each set of content (TLD and subdomain) runs against their own MySQL databases. I debated amalgamating both in to one database, but eventually decided to keep the products apart.

I also set up an associated email account for that self-hosted domain.

The aim of this migration is to act as a crude stress testing/load measuring exercise. I want to know what kind of volumes of internet traffic the NAS can comfortably handle.

The only snag I hit along the way was a temporary memory lapse where my brain melted, when I  couldn’t get the DNS to resolve to the content.

I took my mind offline for an hour and then it came to me, that I hadn’t configured the virtual hosts file.

Three minutes of VH config and hey presto, both the website and the subdomain were up and running.

Then I configured the associated email account for the domain in my phone and yep, that worked first time.

Maybe I should document all these things in bullet points?

But I’m turning out the light now, feeling a little bit smug.

moving house, forwarding ports and ISP garbage

So…

I moved house from down there to up here. My ISP (Plusnet) said I’d have the same FTTC broadband service up here that I had down there. Except they were sooo not right about that. And the fallout/issues that ran out of me having to step down in my broadband to ADSL from the FTTC service I used to have in my former house, were… pretty massive.

However, we live and learn (or we’ve stopped living)…

Because of the degraded broadband service (and yes, stepping down from 80Mb/s download and 20Mb/s upload FTTC, to 5.3Mb/s download and 0.3Mb/s upload is a huge degrade in service!) I had to change modems.

And that meant having to learn how to configure port forwarding on a Technicolor TG582n.

It wasn’t, frankly, without its issues. And those issues came with a steep learning curve – and, together with Plusnet’s less-than-shiny internet provision, kept this little website offline for almost three weeks.

I’ve only just figured out (because what documentation?) that the port forwarding config file needed a from and a to port range – even if you only want to open just one port (which is what I have been trying to figure out how to do). That’s a bit bonkers, in a very twisted kind of logicish sort of way.

Anyway, I worked it out and now we’re back online.

The port forwarding issues, the router swap issues, the steep learning curve issues and the two week broadband outage courtesy of my ISP (while Plusnet unknotted their knickers and eventually delivered some kind of a – degraded – service), all combined to keep me away from the next project that was on my list…

Domain-related email!

That’ll come soon.

Oh yes.

The other thing to note is that I went on eBay and bought an HP server for £19.99p.

It has 4x hard-disks fitted, none are a decent size by today’s standards, but it does have a significant amount of RAM (ten times that of my NAS). And for less than £20 I think it will do as the first real base server for my experimenting/learning, when I need to migrate the self-hosting environment off my NAS on to something more scopey.

And that means getting something like CentOS and learning how to install and configure that.

I seem to be in geek heaven right now.

post the first

This is my (test) geek blog.

I am a geek (as I said in a job interview today), but not a professional geek.

And I have a spread of tech skills, but not to any significant, developery kind of depth.

But I have ambitions to learn many things, and I am delivery-focussed, in a combination of OCD/highly self-competitive kind of way.

So I need a place to document stuff (where stuff = the successes, the failures, and the not-decided-which-of-those-this-is) from the geek side of my life, and this is going to be that place, for now.