Spideroak v2.0.1

by K8CTR

Posted Sunday, February 7, 2016 7:30 PM

Gnawing at the back of my mind has been this tiny question about the portability of my SpiderOak NAS solution. In my last post, I suggested that the simplest approach to installing SpiderOakONE on an Intel based Synology was to use the SynoCommunity Debian Chroot package, and install the official headless .deb from SpiderOak within it. So, what would happen if say... I wanted to move my NAS to new hardware, could my existing SpiderOak install migrate over with just a copy & paste?

So to try and silence that annoying tiny question:
  1. I made a copy of ~/.config/SpiderOakONE (SpiderOakONE.tar), along with the exact SpiderOakOne.deb file I'd used (spideroakone_6.0.1_i386.deb) to install it
  2. downloaded both files to my desktop and removed the chroot package from my Synology (probably not a good idea)
  3. I then rebooted the NAS and re-installed the chroot
  4. re-created my DSM users in the chroot
  5. re-created all my mount points to what they were before (media/photos, media/music, media/videos, /home/*)
  6. re-installed the SpiderOak client
  7. untarred the SpiderOakOne.tar into ~/.config/SpiderOakONE
  8. re-configured openssh with X11 forwarding
  9. and remotely launched the SpiderOak client

So far, everything has seemed to work. Again, this is an unofficial project and doing anything like this with sensitive data is probably asking for trouble, I'm just sharing what I did because I like doing this kind of stuff, and it's always nice having a reference.


vi /var/packages/debian-chroot/scripts/start-stop-status
To something like this...
start_daemon ()
    grep -q "${CHROOTTARGET}/home " `realpath /var/services/homes` || mount -o bind `realpath /var/services/homes` ${CHROOTTARGET}/home
    grep -q "${CHROOTTARGET}/photo " `realpath /var/services/photo` || mount -o bind `realpath /var/services/photo` ${CHROOTTARGET}/media/photo
    grep -q "${CHROOTTARGET}/music " `realpath /var/services/music` || mount -o bind `realpath /var/services/music` ${CHROOTTARGET}/media/music
    grep -q "${CHROOTTARGET}/video " `realpath /var/services/video` || mount -o bind `realpath /var/services/video` ${CHROOTTARGET}/media/video

stop_daemon ()
    umount ${CHROOTTARGET}/home
    umount ${CHROOTTARGET}/media/photo
    umount ${CHROOTTARGET}/media/music
    umount ${CHROOTTARGET}/media/video
Within the chroot:
nano /etc/apt/sources.list # changed fr. to us.
apt-get update
apt-get install locales
dpkg-reconfigure locales
dpkg-reconfigure tzdata
apt-get install curl openssh-server
adduser josh -uid XXXX --gid XXXX --home /home/josh #Synology: id -u username; id -g username
mkdir -p /media/photo
mkdir -p /media/music
mkdir -p /media/video
apt-get install libfreetype6 libxrender1 libfontconfig1
nano /etc/ssh/sshd_config
  Port 2222
  PermitRootLogin yes
  X11UseLocalhost yes
Then probably something like cron to run the batch backups during non-peak times... And from my Mac with X11 installed... Don't forget to change your root PW, or try admin instead?
ssh -p 2222 -X root@diskstation /usr/bin/SpiderOakONE

Spideroak v2

by K8CTR

Posted Tuesday, December 22, 2015 9:26 PM

An simpler, more straight-forward method to get the SpiderOakOne client running on an x86 based Synology, is to use the Debian Chroot package from the SynoCommunity (requires the Python package to be installed).
  • Add the SynoCommunity package source in Package Center
  • Use the examples here to do the following: 
  • Install openssh and some other packages in the chroot (also change config port to 2222)
  • Modify the chroot service script to mount local folders within the chroot to be visible to the SpiderOakOne client
  • Use ssh to tunnel the X11 SpiderOakOne client window to your desktop with X11 installed.
    ssh -p 2222 -X root@diskstation /usr/bin/SpiderOakONE


by K8CTR

Posted Friday, February 20, 2015 8:43 PM

Bottom line: I'm running a SpiderOak client on my Synology DS214Play.
Gotchas: It might only run on an Intel Chipset; ipkg needs to be installed.

  • The Amazon Glacier app doesn't provide client-side encryption
  • Arq (client-side encryption Mac app) needs a Mac to run the client 
  • The most common CrashPlan client for Synology requires a third party package repository, and the private key is stored and transferred on the CrashPlan servers. It could be encrypted with the account password on the server, but it I'd still feel better if CrashPlan took a more hands-off approach
  • S3 is too expensive
  • Honestly, SpiderOak is a bit expensive, but there's been Unlimited-Offers I hope to take advantage of
I did NOT write down what I did as I went... so the following is an afterthought (if you're going to do something like this, it's at your own risk; I take no responsibility for damages; installing ipkg voids the Synology warranty):

  • I backed up my Synology & data to an external drive
  • SSH was already enabled on the Synology
  • Installed ipkg on the Synology
  • Used this guide for SpiderOak on QNap as a reference
  • cd ~
    wget https://spideroak.com/getbuild?platform=ubuntu&arch=i386
    dpkg-deb -x spideroak_5.1.8_i386.deb spideroak
  • ipkg update
    ipkg install python26
    cp -r ~/spideroak /opt/spideroak
    mkdir /opt/spideroak/conf
    vi /opt/spideroak/usr/bin/SpiderOak
  • #!/bin/sh
    if [ ! -d "/root/.SpiderOak" ]; then
        ln -s /opt/spideroak/conf /root/.SpiderOak
    export LD_LIBRARY_PATH
    QT_PLUGIN_PATH="/opt/spideroak/opt/SpiderOak/lib/plugins" ; export QT_PLUGIN_PATH
    SpiderOak_EXEC_SCRIPT=$(cd `dirname $0` ; pwd)/SpiderOak
    export SpiderOak_EXEC_SCRIPT
    exec "/opt/spideroak/opt/SpiderOak/lib/SpiderOak" "$@"
  • In a browser, visit: https://spideroak.com/nus/console
  • The page should generate a JS file to download (you'll need to put your password into the file)
  • Apparently --bootstrap is deprecated... (shh I used it anyway)
    /opt/spideroak/usr/bin/SpiderOak --bootstrap=PATH_TO_THE_DOWNLOADED_JS_FILE
    /opt/spideroak/usr/bin/SpiderOak --help
  • Adding directories and running the SpiderOak client from command line is pretty simple:
    /opt/spideroak/usr/bin/SpiderOak --include-dir=PATH_TO_INCLUDE_DIRECTORY
    /opt/spideroak/usr/bin/SpiderOak --batchmode (use the -v option for log output in the terminal)
  • I wanted to setup the GUI because tunneling X11 over SSH sounded like fun.
    ipkg install xdpyinfo xauth xterm xrender fontconfig freetype glib ttf-bitstream-vera
  • Then I made a backup of my ssh config file, and updated it. To restart the SSH service, I disabled, then re-enabled SSH in the main Synology Settings GUI.
    nano /etc/ssh/sshd_config
    X11Forwarding yes
    XAuthLocation /opt/bin/xauth
  • I exited my SSH session, rebooted the Synology just because why not, then held my breath and ran
    ssh -X root@x.x.x.x
I removed a lot of the issues I ran into, I also skipped simple steps Google has links to (like installing ipkg, or connecting over SSH). Again, modifying your NAS will "invalidate your software support warranty, although not normally your hardware warranty." This information is not a guide, I didn't even test it after I posted it and there's a very real risk of messing things up modifying an OS as root. Always make backups!

Labels: , , , ,



by K8CTR

Posted Tuesday, February 17, 2015 5:23 PM

How fitting that the first post on my new blog is titled "Bootstrap".

[Git Repo]

log.info("made blog template");
log.info("published template code");
log.info("syntax highlighting");

Labels: , , ,


Apache Reverse Proxy

by K8CTR

Posted Thursday, April 10, 2014 3:00 PM

For hosting multiple servers (Gitlab and some dev servers) through a single router port forward, I used the following configuration on a local Apache instance. There was a bit of an SSL issue which seemed to resolve when the reverse proxy hosted the SSL certificates for the configured domain as well. GitLab has a page on setting up https here.

SSL Cert

The SSL cert and private keys were generated on the destination server, then copied to the reverse proxy.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sub.example.com.key -out sub.example.com.crt


NameVirtualHost *:443

Virtual Host (sites-available/000-default.conf)

    <VirtualHost *:80>
        ServerName sub.example.com
        ServerAdmin josh@example.com
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        LogLevel error
        SSLProxyEngine on
        ProxyPreserveHost On
        ProxyRequests off 
        ProxyPass /
        ProxyPassReverse / 

    <IfModule mod_ssl.c>
        <VirtualHost *:443>
            ServerName sub.example.com
            SSLEngine On
            SSLProxyEngine On
            ProxyRequests Off
            SSLCertificateFile /etc/apache2/ssl/sub.example.com.crt
            SSLCertificateKeyFile /etc/apache2/ssl/sub.example.com.key
            #SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
            SSLCACertificateFile /etc/apache2/ssl/sub.example.com.crt
            SetOutputFilter INFLATE;proxy-html;DEFLATE;
            ProxyHTMLInterp On
            ProxyHTMLExtended On
            ProxyHTMLURLMap (.*)*) https://sub.example.com$2 [Rin]
            ProxyPass /
            ProxyPassReverse /

Labels: , ,



by K8CTR

Posted Monday, March 3, 2014 6:04 PM

I needed a PHP implementation of LINQ to parse some seemingly arbitrary SOAP API response objects by avoiding if(method_exists()) and if(is_array()) then foreach(){if(is_object){}}. So I thought I'd share my tiny introduction to PHPLinq.

$names = array("APPLE", "BIRD", "CAT", "DOG", "EGG", "FISH", "GOAT", "HAM", "ICE", "JAM", "KOALA", "LIZARD");
// Easy:
$resultsA = from('$name')
            ->where('$name => (strpos($name, "A") !== FALSE)')

$resultsB = from('$name')

$resultsC = from('$name')
            ->orderBy('$name => $name')

$resultsD = from('$name')

$resultsE = from('$name')
// Ooo, nice:
$names[] = "LIZARD";
$resultsF = from('$name')
            ->where('$name => (strpos($name, "A") !== FALSE)')
            ->distinct('$name => $name')
            ->orderBy('$name => $name')
            ->thenByDescending('$name => count($name)')
            ->select('new { "name" => $name }');

$resultsG = from('$name')
            ->where('$name => (strpos($name->name, "A") !== FALSE)')
            ->orderBy('$name => $name->name')
$names2 = array("apple", "bird", "cat", "dog", "egg", "fish", "goat", "ham", "ice", "jam", "koala", "lizard");
$resultsH = from('$name')->in($names)
                         ->on('$name, $name2 => (strcasecmp($name, $name2) == 0)')
                         ->select('$name = null, $name2 = null => $name." equal to ".$name2');

What got in the way of actually using it, was the "installation" into my existing framework. Once I found the LinqToObjects Unit Tests things started to make more sense:

$phpLinq = Config::Get('PHPLinqIncludePath');

require_once 'PHPLinq/LinqToObjects.php';

My initial production test, didn't work because I had converted the original SOAP reply object into a multi-dimensional array for convenience. PHPLinq treated the first layer of my array as a list of objects, and any subsequent arrays seem to be discarded and only the first element in the "object" array was queried/processed. This was easy enough for me to solve by not converting the original object into an array O_o. I then tested for the existence of an array within the object, build a "where" query to only pull out the objects in that array that matched the user's criteria (new feature), and sorted the result before returning it (also new feature)... nice.

Labels: , ,