QNAP NAS RCLONE Tutorial (Work in Progress)


#1

I was hoping to have a place for QNAP users to document their process of installing RCLONE on their NAS machine.

I have a lower end TS 212P NAS and I’m looking to back up family photos/videos that are encrypted to cloud storage. I want to use Rclone and then use a script/cronjob to copy selected folders to my backblaze B2 bucket encrypted. The hybrid app only allows for sync and there is no official back blaze B2 app available. I’ve stumbled across a few ideas, but can’t seem to find a complete solution. Hopefully as a community, we can document a solution together.

I will take some ideas found here and document my progress as I go.

https://www.stefanwienert.de/blog/2016/09/05/rclone-on-qnap-backup-cloud-storages-to-your-ancient-nas/

https://forum.qnap.com/viewtopic.php?t=123914

Log in to QNAP server

Check what architecture your NAS uses.

My output

I have a armv5tel, so I will be using the Linux ARM 32 bit version of RCLONE for my QNAP.

Next we will make a folder home for RCLONE files.

I had some trouble here as my mkdir -p would not make the folder. I’m not sure if it’s an issue with my particular setup or some other issue. Permissions looked good, but I ended up using:

Enter /share/Web/backup/sync to download and extract the required files.

Download latest version of RCLONE for your particular NAS. I had to use the mirror page to download RCLONE as I was getting an SSL error. Use wget and copy/paste the link to the newest file.

wget https://github.com/ncw/rclone/releases/download/v1.37/rclone-v1.37-linux-arm.zip unzip rclone-v1.37-linux-arm.zip mv rclone-v1.37-linux-arm/rclone .

I have RCLONE installed on my system and next I need to tackle SSL. Stefan Wienert recommends this:

cd /share/backup/sync wget --no-check-certificate https://curl.haxx.se/ca/cacert.pem mkdir certs cd certs for filename in cert*pem;do mv $filename `openssl x509 -hash -noout -in $filename`.0; done; cp *.pem /etc/ssl/certs/

Running this gives me an error.

cd /share/Web/backup/sync wget --no-check-certificate https://curl.haxx.se/ca/cacert.pemwget

Error given in SSH.

OpenSSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version Unable to establish SSL connection.

Anyone care to chime in to get past this error?


#2

I think that is saying something like wget tried to use SSLv3 but the host only supports TLSv1 (TLSv1 is the successor the SSLv3 and SSLv3 is widely thought to be broken).

Can you try curl? Or maybe an http link rather than an https link? Or you might be able to add some more flags to wget.


#3

Thanks for the feedback! I installed perl and used a curl command to bypass the wget error.

Successfully downloaded the cert file!

Running this gave me another error.

Error opening Certificate cert*pem 3069576368:error:02001002:system library:fopen:No such file or directory:bss_file.c:402:fopen('cert*pem','r') 3069576368:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:404: unable to load certificate mv: unable to rename `cert*pem': No such file or directory

File and directory were verified to exist. Anyone care to provide feedback.


#4

Hopefully on the right path with my SSL adventures.

Using info from Nick Burch via:

http://gagravarr.org/writing/openssl-certs/others.shtml

Issue appers to be that CA Cert was saved as cacert.pem. Just make sure you know what name the file was saved under.

I’m trying to work out the hash part of my file. I ran

cd /share/Web/backup/sync/certs openssl x509 -noout -hash -in cacert.pem

Hash was generated. Now I’m trying to understand the next part.

[quote]In order for OpenSSL to find the certificate, it needs to be looked up as its hash. Normally, you would create a symbolic link for a meaningful name of the CA to the hash value, rather than renaming the CA certificate. Ideally, create a symbolic link (or hard link if you must, but symbolic ones usually make spotting which hash is which certificate name that bit easier). The symbolic link must be for the hashed value above plus “.0” - if you forget the .0 then OpenSSL won’t detect it, and you’ll get lots of errors.
Thus, I have for the current Oxford University CA:[/quote]

dbed1725.0 pointing to oxford-ca.pem (dbed1725 is the hash of the CA certificate)

Don’t need anything complicated, just need OpenSSL to read the most current cacert.pem.


#5

Made already a tutorial for snap a while ago: https://forum.qnap.com/viewtopic.php?t=123914#p573114

Works great for me!


#6

Are you using a script/cronjob to automate backup to backblaze b2?


#7

No, I have a cronjob running daily to GDrive encrypted.


#8

Would you mind providing a few details. Would like to experiment as is with a daily backblaze b2 encrypted. Not sure if I need to spend any more time with ssl issue.


#9

No problem, but I’m on holiday now with very limited access to my qnap. Send me the stuff you would like me to test. I’m back from holidays after 12/08


#10

Hi guys

Wondering if there was anyone who could guide me to install screen on the qnap? The info I can locate is rather old out there.

I want to be able to run rclone as a service on startup - mount Googledrive to a local folder of my choice.

Any ideas? :slight_smile:

Thanks

Morphy