Divers/mkdocs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Màj 06-04-2024

Browse Source
This commit is contained in:
Bruno21
2024-04-06 09:54:09 +02:00
parent cd8cebe7cb
commit 259b9c6a24
76 changed files with 5126 additions and 229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

151
docs/Synology/Docker/Wireguard.md Normal file
View File

@@ -0,0 +1,151 @@
# Wireguard
### Installer wireguard sur le NAS:
| Model | CPU Model | Cores (each) | Threads (each) | FPU | Package Arch | RAM |
| :----- | :------------------ | :----------- | :------------- | :--- | :----------- | :------------------ |
| DS923+ | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
| DS916+ | Intel Pentium N3710 | 4 | 4 | ✓ | Braswell | DDR3 2GB/8GB |
```bash
sudo docker run --rm --privileged --env PACKAGE_ARCH=r1000 --env DSM_VER=7.2 -v $(pwd):/result_spk synobuild
```
**ne compile pas**
```bash
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
docker run --rm --privileged --env PACKAGE_ARCH=x64 --env DSM_VER=7.2 -v /volume1/docker/toolkit_tarballs:/toolkit_tarballs -v /volume1/docker/synowirespk71:/result_spk blackvoidclub/synobuild71
```
### wg-easy
https://github.com/wg-easy/wg-easy
| Création | Portainer (/portainer/compose/29) |
| ----------- | ------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 51820:51821 |
| Volume | /volume1/docker/wgeasy:/etc/wireguard |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```
Variable d'enrironnement (dans stack.env)
```yaml
PASSWORD=xxxxxxxxxx
```
##### wg0.conf
```
# Note: Do not edit this file directly.
# Your changes will be overwritten!
# Server
[Interface]
PrivateKey = I5wPTHTxgF[5YyJ@4'Mgwipl+.m=aUB6i[bGAF;p:I|l
Address = 10.8.0.1/24
ListenPort = 51820
PreUp =
PostUp = iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j ACCEPT;
PreDown =
PostDown =
# Client: ungoutdepomme (557cb02f-6418-465c-8063-866333011ea0)
[Peer]
PublicKey = )RGRG/Aha{XD{sC)YDg(6[kPOF.yaUO1[)QaFlJZg+-P
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 10.8.0.2/32
# Client: airbook (f75ed225-6a8b-4179-a11a-368aec6d2545)
[Peer]
PublicKey = 4!oI:!t9-V:;TxZ{gfJFXuPkS\v2A6+Ka[36.tP=;ao[
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 10.8.0.3/32
```
##### airbook.conf
```
[Interface]
PrivateKey = -dPlB6Glr9IKBo-q(.5X)7Ad+}YuAe9S3):dBPbFLrWX
Address = 10.8.0.3/24
DNS = 192.168.2.216
[Peer]
PublicKey = wXbLtH/'#-;*6"j1ZQgl?.)VMRqMG@g!U38jvw}3(=Yw
PresharedKey = Q.7pJZ32geS|DwZGdQ=O=\D}0XlHUzsk!WE(GD7yGhbB
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
##### ungoutdepomme.conf
```
[Interface]
PrivateKey = #Udj:SC,kA0h}MTa7\|as69PV.sS@lpL!'4y34uj?.Z{
Address = 10.8.0.2/24
DNS = 192.168.2.216
[Peer]
PublicKey = ukj!q\:v-70L/Rlr,TJ9];,19,=Uu-1a+O/V|B@OCULq
PresharedKey = H0I/[YLYCU-'r*BiU8HR2KsuiZa{@v*6q#G;yEt6TFJ8
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 0
Endpoint = photos-nas.ovh:51820
```
# `#Token modifié`

41
docs/Synology/Docker/docker-compose/Pi.Alert.md Normal file
View File

@@ -0,0 +1,41 @@
# Pi.Alert
| Création | Portainer |
| ----------- | ---------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 17811 |
| Lien | [Github](https://github.com/pucherot/Pi.Alert) |
```yaml
version: "3.9"
services:
pi.alert:
container_name: Pi.Alert
healthcheck:
test: curl -f http://localhost:17811/ || exit 1
mem_limit: 2g
cpu_shares: 768
security_opt:
- no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/pialert/config:/home/pi/pialert/config:rw
- /volume1/docker/pialert/db:/home/pi/pialert/db:rw
- /volume1/docker/pialert/logs:/home/pi/pialert/front/log:rw
environment:
TZ: Europe/Paris
PORT: 17811
HOST_USER_ID: 1026
HOST_USER_GID: 100
network_mode: host
restart: on-failure:5
image: jokobsk/pi.alert:latest
```

26
docs/Synology/Docker/docker-compose/_network.md Normal file
View File

@@ -0,0 +1,26 @@
# network
| | |
| -------------- | ------------------- |
| 172.16.57.0/24 | changeDetection |
| 172.16.58.0/24 | docspell |
| 172.16.59.0/24 | diun / paperlessngx |
| 172.16.60.0/24 | send |
| 172.16.61.0/24 | chibisafe |
| 172.16.62.0/24 | psitransfer |
| 172.16.63.0/24 | pingvin |
| 172.16.64.0/24 | gokapi |
| 172.16.65.0/24 | snippetbox |
| 172.16.66.0/24 | materialious |
| 172.16.67.0/24 | snapdrop |
| 172.16.69.0/24 | seafile |
| 172.16.70.0/24 | kavita |
| | |
| 172.16.72.0/24 | invidious |
| 172.16.73.0/24 | nextcloud |
| 172.16.77.0/24 | maptiler |
| 172.16.78.0/24 | mapserver |
| | |

38
docs/Synology/Docker/docker-compose/changeDetection.md Normal file
View File

@@ -0,0 +1,38 @@
# changeDetection
| Création | dockge |
| ----------- | -------------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 5075 |
| Liens | [Github](https://github.com/dgtlmoon/changedetection.io) |
```yaml
version: '3.2'
services:
changedetection:
image: ghcr.io/dgtlmoon/changedetection.io
container_name: changedetection
hostname: changedetection
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- changedetection-data:/datastore
ports:
- 5075:5000
volumes:
changedetection-data:
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
```

38
docs/Synology/Docker/docker-compose/chibisafe.md Normal file
View File

@@ -0,0 +1,38 @@
# chibisafe
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 24424 |
| Liens | [Github](https://github.com/chibisafe/chibisafe) |
```yaml
version: "3.7"
services:
chibisafe:
image: chibisafe/chibisafe:latest
container_name: chibisafe
volumes:
- /volume1/docker/dockge/stacks/chibisafe/database:/home/node/chibisafe/database:rw
- /volume1/docker/dockge/stacks/chibisafe/uploads:/home/node/chibisafe/uploads:rw
- /volume1/docker/dockge/stacks/chibisafe/logs:/home/node/chibisafe/logs:rw
ports:
- 24424:8000
labels:
- "com.centurylinklabs.watchtower.enable=true"
restart: always
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.61.0/24
```

37
docs/Synology/Docker/docker-compose/dockge.md Normal file
View File

@@ -0,0 +1,37 @@
# dockge
| Création | Container Manager (projet) |
| ----------- | -------------------------------------------- |
| Mise-à-jour | - |
| Ports | 5011 |
| Liens | [Github](https://github.com/louislam/dockge) |
```yaml
version: "3.8"
services:
dockge:
image: louislam/dockge:1
restart: unless-stopped
ports:
# Host Port : Container Port
- 5011:5001
volumes:
- /var/run/docker.sock:/var/run/docker.sock
… environment:
# Tell Dockge where is your stacks directory
- DOCKGE_STACKS_DIR=/volume1/docker/dockge/stacks
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.58.0/24
```

125
docs/Synology/Docker/docker-compose/docspell.md Normal file
View File

@@ -0,0 +1,125 @@
# docspell
| Création | Portainer |
| ----------- | --------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8486 |
| Liens | [Docspell](https://docspell.org/) |
```yaml
version: '3.9'
services:
docspell-db:
image: postgres
container_name: Docspell-DB
hostname: docspell-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "docspell", "-U", "docspelluser"]
timeout: 45s
interval: 10s
retries: 10
user: 1026:100
volumes:
- /volume1/docker/docspell/db:/var/lib/postgresql/data
environment:
- POSTGRES_DB=docspell
- POSTGRES_USER=docspelluser
- POSTGRES_PASSWORD=docspellpass
restart: always
docspell-solr:
image: solr
command:
- solr-precreate
- docspell
container_name: Docspell-SOLR
hostname: docspell-solr
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8983/solr/docspell/admin/ping"]
interval: 45s
timeout: 10s
retries: 2
start_period: 30s
user: 1026:100
volumes:
- /volume1/docker/docspell/solr:/var/solr
restart: always
restserver:
image: docspell/restserver:latest
container_name: Docspell-RESTSERVER
hostname: docspell-restserver
security_opt:
- no-new-privileges:true
user: 1026:100
ports:
- 8486:7880
environment:
- TZ=Europe/Paris
- DOCSPELL_SERVER_INTERNAL__URL=http://docspell-restserver:7880
- DOCSPELL_SERVER_ADMIN__ENDPOINT_SECRET=superdupersecretyeah
- DOCSPELL_SERVER_AUTH_SERVER__SECRET=evenmoresuperdupersecret
- DOCSPELL_SERVER_BACKEND_JDBC_PASSWORD=docspellpass
- DOCSPELL_SERVER_BACKEND_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell
- DOCSPELL_SERVER_BACKEND_JDBC_USER=docspelluser
- DOCSPELL_SERVER_BIND_ADDRESS=0.0.0.0
- DOCSPELL_SERVER_FULL__TEXT__SEARCH_ENABLED=true
- DOCSPELL_SERVER_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_ENABLED=true
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_ENABLED=true
- DOCSPELL_SERVER_INTEGRATION__ENDPOINT_HTTP__HEADER_HEADER__VALUE=superduperpassword123
- DOCSPELL_SERVER_BACKEND_SIGNUP_MODE=open
- DOCSPELL_SERVER_BACKEND_SIGNUP_NEW__INVITE__PASSWORD=
- DOCSPELL_SERVER_BACKEND_ADDONS_ENABLED=false
restart: always
depends_on:
docspell-db:
condition: service_started
docspell-solr:
condition: service_healthy
joex:
image: docspell/joex:latest
container_name: Docspell-JOEX
hostname: docspell-joex
security_opt:
- no-new-privileges:true
user: 1026:100
environment:
- TZ=Europe/Paris
- DOCSPELL_JOEX_APP__ID=joex1
- DOCSPELL_JOEX_PERIODIC__SCHEDULER_NAME=joex1
- DOCSPELL_JOEX_SCHEDULER_NAME=joex1
- DOCSPELL_JOEX_BASE__URL=http://docspell-joex:7878
- DOCSPELL_JOEX_BIND_ADDRESS=0.0.0.0
- DOCSPELL_JOEX_FULL__TEXT__SEARCH_ENABLED=true
- DOCSPELL_JOEX_FULL__TEXT__SEARCH_SOLR_URL=http://docspell-solr:8983/solr/docspell
- DOCSPELL_JOEX_JDBC_PASSWORD=docspellpass
- DOCSPELL_JOEX_JDBC_URL=jdbc:postgresql://docspell-db:5432/docspell
- DOCSPELL_JOEX_JDBC_USER=docspelluser
- DOCSPELL_JOEX_ADDONS_EXECUTOR__CONFIG_RUNNER=docker,trivial
- DOCSPELL_JOEX_CONVERT_HTML__CONVERTER=weasyprint
restart: always
depends_on:
docspell-db:
condition: service_started
docspell-solr:
condition: service_healthy
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.58.0/24
```

36
docs/Synology/Docker/docker-compose/dozzle.md Normal file
View File

@@ -0,0 +1,36 @@
# dozzle
| Création | Portainer |
| ----------- | ------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 9999 |
| Liens | [Github](https://github.com/amir20/dozzle) |
```yaml
name: dozzle
services:
dozzle:
container_name: dozzle
ports:
- 9999:8080
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Paris
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
restart: always
image: amir20/dozzle:latest
```

30
docs/Synology/Docker/docker-compose/freegeoip.md Normal file
View File

@@ -0,0 +1,30 @@
# freegeoip
| Création | dockge |
| ----------- | -------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8080 / 8888 |
| Liens | [Github](https://github.com/t0mer/freegeoip) |
```yaml
version: "2.1"
services:
freegeoip:
image: techblog/freegeoip
container_name: freegeoip
ports:
- 8080:8080
- 8888:8888
labels:
- com.centurylinklabs.watchtower.enable=true
restart: always
networks: {}
```

65
docs/Synology/Docker/docker-compose/glances.md Normal file
View File

@@ -0,0 +1,65 @@
# glances
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 61208 |
| Liens | [Github](https://github.com/nicolargo/glances)<br />[Docker](https://github.com/nicolargo/glances/blob/develop/docs/docker.rst) |
```yaml
version: "3.9"
services:
glances:
container_name: Glances
image: nicolargo/glances:latest-full
healthcheck:
test: curl -f http://localhost:61208/ || exit 1
mem_limit: 4g
cpu_shares: 768
security_opt:
- no-new-privileges:true
pid: host
privileged: true
network_mode: host
restart: on-failure:5
ports:
- 61208:61208
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
GLANCES_OPT: -w
```
By default, the /etc/glances/glances.conf file is used (based on docker-compose/glances.conf).
Additionally, if you want to use your own glances.conf file, you can create your own Dockerfile:
```
FROM nicolargo/glances:latest
COPY glances.conf /root/.config/glances/glances.conf
CMD python -m glances -C /root/.config/glances/glances.conf $GLANCES_OPT
```
Alternatively, you can specify something along the same lines with docker run options (notice the GLANCES_OPT environment variable setting parameters for the glances startup command):
```
docker run -e TZ="${TZ}" -v `pwd`/glances.conf:/root/.config/glances/glances.conf -v /var/run/docker.sock:/var/run/docker.sock:ro -v /run/user/1000/podman/podman.sock:/run/user/1000/podman/podman.sock:ro --pid host -e GLANCES_OPT="-C /root/.config/glances/glances.conf" -it nicolargo/glances:latest-full
```
Where `pwd`/glances.conf is a local directory containing your glances.conf file.
glances.conf
https://github.com/nicolargo/glances/blob/develop/conf/glances.conf

37
docs/Synology/Docker/docker-compose/gokapi.md Normal file
View File

@@ -0,0 +1,37 @@
# gokapi
| Création | dockge |
| ----------- | ------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 53842 |
| Liens | [Github](https://github.com/Forceu/Gokapi) |
```yaml
version: "3.7"
services:
gokapi:
container_name: gokapi
volumes:
- /volume1/docker/dockge/stacks/gokapi/data:/app/data
- /volume1/docker/dockge/stacks/gokapi/config:/app/config
ports:
- 53842:53842
labels:
- "com.centurylinklabs.watchtower.enable=true"
image: f0rc3/gokapi:latest
restart: always
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.64.0/24
```

36
docs/Synology/Docker/docker-compose/heimdall.md Normal file
View File

@@ -0,0 +1,36 @@
# Heimdall
| Création | dockge |
| ----------- | ---------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 8056 |
| Liens | [Heimdall](https://heimdall.site/) |
```yaml
name: heimdall
services:
heimdall:
container_name: heimdall
ports:
- 8056:80
- 7543:443
environment:
- PUID=1026
- PGID=100
- TZ=Europe/Paris
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/heimdall:/config
restart: always
image: ghcr.io/linuxserver/heimdall
networks: {}
```

68
docs/Synology/Docker/docker-compose/igotify.md Normal file
View File

@@ -0,0 +1,68 @@
# igotify
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Ports | 8680 |
| Liens | [Github](https://github.com/androidseb25/iGotify-Notification-Assistent)<br />[Gotify](https://gotify.net) |
```yaml
version: '3.8'
services:
gotify:
container_name: gotify
hostname: gotify
image: ghcr.io/gotify/server:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- net
ports:
- "8680:80"
volumes:
- igotify-data:/app/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
TZ: Europe/Paris
GOTIFY_DEFAULTUSER_NAME: bruno
GOTIFY_DEFAULTUSER_PASS: 3l.+-OGj8feS*C7b
igotify:
container_name: igotify
hostname: igotify
image: ghcr.io/androidseb25/igotify-notification-assist:latest
restart: unless-stopped
security_opt:
- no-new-privileges:true
pull_policy: always
networks:
- net
ports:
- "8681:8080"
volumes:
- igotify-api-data:/app/data
labels:
- "com.centurylinklabs.watchtower.enable=true"
environment:
IGOTIFY_CLIENT_TOKEN: 'Zm1BPb.iqe,!r=\' # create a client in gotify an add here the client token
GOTIFY_SERVER_URL: 'http://gotify' # default container name from gotify server
networks:
net:
volumes:
igotify-data:
igotify-api-data:
# tokens modifiés
```

86
docs/Synology/Docker/docker-compose/invidious.md Normal file
View File

@@ -0,0 +1,86 @@
# invidious
| Création | Portainer |
| ----------- | --------------------------------------------- |
| Mise-à-jour | Watchtower |
| Ports | 7601 |
| Liens | [Github](https://github.com/iv-org/invidious) |
```yaml
version: "3.9"
services:
invidious-db:
image: postgres
container_name: Invidious-DB
hostname: invidious-db
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "invidious", "-U", "kemal"]
timeout: 45s
interval: 10s
retries: 10
user: 1026:100
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/invidiousdb:/var/lib/postgresql/data
environment:
POSTGRES_DB: invidious
POSTGRES_USER: kemal
POSTGRES_PASSWORD: kemalpw
restart: always
invidious:
image: quay.io/invidious/invidious:latest
container_name: Invidious
hostname: invidious
user: 1026:100
security_opt:
- no-new-privileges:true
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
ports:
- 7601:3000
labels:
- com.centurylinklabs.watchtower.enable=true
environment:
INVIDIOUS_CONFIG: |
db:
dbname: invidious
user: kemal
password: kemalpw
host: invidious-db
port: 5432
check_tables: true
captcha_enabled: false
default_user_preferences:
locale: fr
region: FR
external_port: 443
domain: invidious.photos-nas.ovh
hmac_key: Kh9d0h2tV1wIVbqUHTCR5EOxcrc6iB9zLu4UGqIpfXKHjGlksKUWsMyOUw0YVJdC
https_only: true
restart: always
depends_on:
invidious-db:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.72.0/24
# token modifié
```

70
docs/Synology/Docker/docker-compose/maptiler.md Normal file
View File

@@ -0,0 +1,70 @@
# maptiler
```yaml
version: "2"
services:
tileserver:
restart: always
image: maptiler/tileserver-gl
container_name: maptiler
privileged: false
ports:
- 8580:8080
volumes:
- /volume1/docker/dockge/stacks/maptiler/data/map:/data
command:
- --verbose
- --mbtiles
- maptiler-osm-2020-02-10-v3.11-europe.mbtiles
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.77.0/24
```
https://tileserver.readthedocs.io/en/latest/index.html
https://blog.tmlmt.com/create-style-and-render-self-hosted-vector-maps/
https://download.geofabrik.de
```
command: ["-p", "80", "-c", "/data/config.json"]
docker run --rm -it -v $(pwd):/data -p 8188:8080 maptiler/tileserver-gl:v3.1.1 -c config.json --verbose
```
```
version: '3.4'
services:
openmaptiles:
image: klokantech/tileserver-gl
ports:
- 8080:80
volumes:
- "./data:/data"
command: "--verbose -c config.json"
```
## Reloading the configuration
It is possible to reload the configuration file without restarting the whole process by sending a SIGHUP signal to the node process.
- The docker kill -s HUP tileserver-gl command can be used when running the tileserver-gl docker container.
- The docker-compose kill -s HUP tileserver-gl-service-name can be used when tileserver-gl is run as a docker-compose service.

82
docs/Synology/Docker/docker-compose/navidrome.md Normal file
View File

@@ -0,0 +1,82 @@
# navidrome -maloja
| Création | Portainer |
| -------------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port navidrome | 4533 |
| Port maloja | 42010 |
| Liens | [Navidrome](https://www.navidrome.org/)<br />[Github](https://github.com/krateng/maloja) |
```yaml
version: "3"
services:
navidrome:
image: deluan/navidrome
container_name: navidrome
user: 1028:65536 # à modifier par votre propre PGID et PUID
ports:
- "4533:4533" # modifier votre IP donnant vers l'exterieur
environment:
# Optional: put your config options customization here. Examples:
ND_SCANSCHEDULE: 1h
ND_SESSIONTIMEOUT: "24h"
ND_LOGLEVEL: debug
ND_BASEURL: ""
ND_DEFAULTLANGUAGE: fr
ND_ENABLEEXTERNALSERVICES: true
ND_ENABLELOGREDACTING: true
ND_ENABLECOVERANIMATION: false
ND_AUTHREQUESTLIMIT: 10
ND_LISTENBRAINZ_ENABLED: true
ND_LISTENBRAINZ_BASEURL: "http://maloja:42010/apis/listenbrainz/1/"
#ND_LISTENBRAINZ_BASEURL: "https://maloja.photos-nas.ovh/apis/mlj_1/newscrobble"
ND_LASTFM_ENABLED: true
ND_LASTFM_LANGUAGE: fr
ND_ENABLEFAVOURITES: true
ND_ENABLESTARRATING: true
ND_ENABLEUSEREDITING: true
#ND_ENABLEDOWNSAMPLING: "true"
#ND_MAXBITRATE: 128 # can be anything less then your Ogg files bitrate
#ND_DOWNSAMPLECOMMAND: "ffmpeg -i %s -map 0:0 -b:a %bk -v 0 -c:a libopus -f opus -"
ND_PORT: 4533
env_file:
- stack.env
volumes:
- "/volume1/docker/navidrome:/data"
- "/volume1/music:/music:ro"
labels:
- "com.centurylinklabs.watchtower.enable=true"
#- com.centurylinklabs.watchtower.depends-on=
#- "diun.enable=true"
restart: unless-stopped
maloja:
# from dockerhub
image: "krateng/maloja:latest"
container_name: maloja
ports:
- "42010:42010"
restart: unless-stopped
# different directories for configuration, state and logs
volumes:
- "/volume1/docker/maloja/data:/data"
environment:
- "MALOJA_DATA_DIRECTORY=/data"
- "PUID=1028"
- "PGID=65536"
- "MALOJA_LOGGING=true"
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
#- com.centurylinklabs.watchtower.depends-on=
#- "diun.enable=true"
```

39
docs/Synology/Docker/docker-compose/openstreetmap.md Normal file
View File

@@ -0,0 +1,39 @@
# openstreetmap-tile-server
https://github.com/Overv/openstreetmap-tile-server
Créez un volume Docker pour contenir la base de données PostgreSQL qui contiendra les données OpenStreetMap :
```bash
docker volume create osm-data
```
Téléchargez un `.osm.pbf`extrait de geofabrik.de pour la région qui vous intéresse:
```bash
cd /volume1/docker/dockge/stacks/
mkdir mapserver
cd mapserver
mkdir data
```
```bash
wget http://download.geofabrik.de/france-latest.osm.pbf
wget http://download.geofabrik.de/france.poly
```
L'importer dans PostgreSQL en exécutant un conteneur et en montant le fichier en tant que `/data/region.osm.pbf`.
```bash
docker run \
-v /volume1/docker/dockge/stacks/mapserver/data/france-latest.osm.pbf:/data/region.osm.pbf \
-v osm-data:/data/database/ \
overv/openstreetmap-tile-server \
import
```

145
docs/Synology/Docker/docker-compose/paperlessngx.md Normal file
View File

@@ -0,0 +1,145 @@
# paperlessngx
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8777 |
| Liens | [Paperless-ngx](https://docs.paperless-ngx.com/)<br />[Github](https://github.com/paperless-ngx/paperless-ngx) |
```yaml
version: "3.9"
services:
redis:
image: redis:7
command:
- /bin/sh
- -c
- redis-server --requirepass redispass
container_name: PaperlessNGX-REDIS
hostname: paper-redis
mem_limit: 512m
mem_reservation: 256m
cpu_shares: 768
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
healthcheck:
test: ["CMD-SHELL", "redis-cli ping || exit 1"]
volumes:
- /volume1/docker/paperlessngx/redis:/data:rw
environment:
TZ: Europe/Paris
restart: on-failure:5
db:
image: postgres:16
container_name: PaperlessNGX-DB
hostname: paper-db
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "pg_isready", "-q", "-d", "paperless", "-U", "paperlessuser"]
timeout: 45s
interval: 10s
retries: 10
volumes:
- /volume1/docker/paperlessngx/db:/var/lib/postgresql/data:rw
environment:
POSTGRES_DB: paperless
POSTGRES_USER: paperlessuser
POSTGRES_PASSWORD: paperlesspass
restart: on-failure:5
gotenberg:
image: gotenberg/gotenberg:latest
container_name: PaperlessNGX-GOTENBERG
hostname: gotenberg
security_opt:
- no-new-privileges:true
user: 1026:100
command:
- "gotenberg"
- "--chromium-disable-javascript=true"
- "--chromium-allow-list=file:///tmp/.*"
restart: on-failure:5
tika:
image: ghcr.io/paperless-ngx/tika:latest
container_name: PaperlessNGX-TIKA
hostname: tika
security_opt:
- no-new-privileges:true
user: 1026:100
restart: on-failure:5
paperless:
image: ghcr.io/paperless-ngx/paperless-ngx:latest
container_name: PaperlessNGX
hostname: paperless-ngx
mem_limit: 6g
cpu_shares: 1024
security_opt:
- no-new-privileges:true
healthcheck:
test: ["CMD", "curl", "-fs", "-S", "--max-time", "2", "http://localhost:8000"]
interval: 30s
timeout: 10s
retries: 5
ports:
- 8777:8000
volumes:
- /volume1/docker/paperlessngx/data:/usr/src/paperless/data:rw
- /volume1/docker/paperlessngx/media:/usr/src/paperless/media:rw
- /volume1/docker/paperlessngx/export:/usr/src/paperless/export:rw
- /volume1/docker/paperlessngx/consume:/usr/src/paperless/consume:rw
- /volume1/docker/paperlessngx/trash:/usr/src/paperless/trash:rw
environment:
PAPERLESS_REDIS: redis://:redispass@paper-redis:6379
PAPERLESS_DBENGINE: postgresql
PAPERLESS_DBHOST: paper-db
PAPERLESS_DBNAME: paperless
PAPERLESS_DBUSER: paperlessuser
PAPERLESS_DBPASS: paperlesspass
PAPERLESS_TRASH_DIR: ../trash
PAPERLESS_FILENAME_FORMAT: '{created_year}/{correspondent}/{document_type}/{title}'
PAPERLESS_OCR_ROTATE_PAGES_THRESHOLD: 6
PAPERLESS_TASK_WORKERS: 1
USERMAP_UID: 1026
USERMAP_GID: 100
PAPERLESS_TIME_ZONE: Europe/Paris
PAPERLESS_URL: https://paperlessngx.photos-nas.ovh
PAPERLESS_CSRF_TRUSTED_ORIGINS: https://paperlessngx.photos-nas.ovh
PAPERLESS_OCR_LANGUAGE: deu+eng
PAPERLESS_TIKA_ENABLED: 1
PAPERLESS_TIKA_GOTENBERG_ENDPOINT: http://gotenberg:3000
PAPERLESS_TIKA_ENDPOINT: http://tika:9998
env_file:
- stack.env
restart: on-failure:5
depends_on:
db:
condition: service_healthy
redis:
condition: service_healthy
tika:
condition: service_started
gotenberg:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.59.0/24
```

37
docs/Synology/Docker/docker-compose/pingvin.md Normal file
View File

@@ -0,0 +1,37 @@
# pingvin
| Création | dockge |
| ----------- | ----------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 6090 |
| Liens | [Github](https://github.com/stonith404/pingvin-share) |
```yaml
version: "3.7"
services:
pingvin-share:
container_name: Pingvin-Share
ports:
- 6090:3000
volumes:
- /volume1/docker/dockge/stacks/pingvin:/opt/app/backend/data
- /volume1/docker/dockge/stacks/pingvin/public:/opt/app/frontend/public/img
restart: always
image: stonith404/pingvin-share
labels:
- "com.centurylinklabs.watchtower.enable=true"
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.63.0/24
```

41
docs/Synology/Docker/docker-compose/privatebin.md Normal file
View File

@@ -0,0 +1,41 @@
# PrivateBin
| Création | dockge |
| ----------- | -------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 8380 |
| Liens | [PrivateBin](https://privatebin.info/) |
```yaml
name: privatebin
services:
nginx-fpm-alpine:
restart: always
read_only: true
environment:
TZ: Europe/Paris
ports:
- 8380:8080
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/privatebin/conf.php:/srv/cfg/conf.php:ro
- /volume1/docker/dockge/stacks/privatebin/data:/srv/data
- /volume1/docker/dockge/stacks/privatebin:/tmp
- /volume1/docker/dockge/stacks/privatebin:/run
image: privatebin/nginx-fpm-alpine
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.66.0/24
```

35
docs/Synology/Docker/docker-compose/psitransfer.md Normal file
View File

@@ -0,0 +1,35 @@
# psitransfer
| Création | dockge |
| ----------- | -------------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 3005 |
| Liens | [Github](https://github.com/psi-4ward/psitransfer) |
```yaml
version: "3.7"
services:
psitransfer:
container_name: psitransfer
volumes:
- /volume1/docker/dockge/stacks/psitransfer/data:/data
ports:
- 3005:3000
labels:
- com.centurylinklabs.watchtower.enable=true
image: psitrax/psitransfer
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.62.0/24
```

49
docs/Synology/Docker/docker-compose/scrutiny.md Normal file
View File

@@ -0,0 +1,49 @@
# Scrutiny
| Création | Container Manager (projet) |
| ----------- | --------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 6070 |
| Liens | [Github](https://github.com/AnalogJ/scrutiny) |
```yaml
services:
scrutiny:
container_name: scrutiny
image: ghcr.io/analogj/scrutiny:master-omnibus
cap_add:
- SYS_RAWIO
- SYS_ADMIN
ports:
- "6070:8080" # webapp
- "8086:8086" # influxDB administration
volumes:
- /run/udev:/run/udev:ro
- /volume1/docker/scrutiny:/opt/scrutiny/config
- /volume1/docker/scrutiny/influxdb:/opt/scrutiny/influxdb
devices:
# - /dev/nvme0n1:/dev/nvme0n1
# - /dev/nvme1n1:/dev/nvme1n1
- /dev/sata1:/dev/sata1
- /dev/sata2:/dev/sata2
- /dev/sata3:/dev/sata3
- /dev/sata4:/dev/sata4
# - /dev/sata5:/dev/sata5
# - /dev/sata6:/dev/sata6
# - /dev/sata7:/dev/sata7
# - /dev/sata8:/dev/sata8
environment:
- SCRUTINY_WEB_INFLUXDB_TOKEN='eo5Kc?t9T/Yrl054Edh6bJYNbhOH3blnWHqDcLHc4ml2ur/IF6?pR1v4BHd!bfB01Qu4pQyPs!?AiBa-8WGoSrkpjdQ'
- SCRUTINY_WEB_INFLUXDB_INIT_USERNAME='bruno'
- SCRUTINY_WEB_INFLUXDB_INIT_PASSWORD='j8s!hJVWCuu*z*LU'
- TIMEZONE=Europe/Paris
restart: unless-stopped
```

82
docs/Synology/Docker/docker-compose/seafile.md Normal file
View File

@@ -0,0 +1,82 @@
# seafile
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8611 |
| Liens | [Manuel](https://manual.seafile.com/)<br />[Seafile](https://www.seafile.com/en/home/)<br />https://mariushosting.com/how-to-install-seafile-on-your-synology-nas/ |
```yaml
version: "3.9"
services:
db:
image: mariadb:11.3-jammy
container_name: Seafile-DB
hostname: seafile-db
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
user: 1026:100
volumes:
- /volume1/docker/dockge/stacks/seafile/db:/var/lib/mysql:rw
environment:
MYSQL_ROOT_PASSWORD: rootpass
TZ: Europe/Paris
restart: on-failure:5
cache:
image: memcached:1.6.22
entrypoint: memcached -m 256
container_name: Seafile-CACHE
hostname: memcached
mem_limit: 512m
cpu_shares: 768
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
restart: on-failure:5
seafile:
image: seafileltd/seafile-mc:latest
container_name: Seafile
hostname: seafile
mem_limit: 2g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost
volumes:
- /volume1/docker/dockge/stacks/seafile/data:/shared:rw
ports:
- 8611:80
environment:
DB_HOST: seafile-db
DB_ROOT_PASSWD: rootpass
TIME_ZONE: Europe/Paris
SEAFILE_ADMIN_EMAIL: liste@clicclac.info
SEAFILE_ADMIN_PASSWORD: mariushosting
SEAFILE_SERVER_LETSENCRYPT: false
SEAFILE_SERVER_HOSTNAME: seafile.photos-nas.ovh
FORCE_HTTPS_IN_CONF: true
restart: on-failure:5
depends_on:
db:
condition: service_started
cache:
condition: service_started
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.69.0/24
```

33
docs/Synology/Docker/docker-compose/searXNG.md Normal file
View File

@@ -0,0 +1,33 @@
# searXNG
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 5147 |
| Liens | [Docs](https://docs.searxng.org)<br />[Github](https://github.com/searxng/searxng) |
```yaml
version: '3.9'
services:
searxng:
image: searxng/searxng
container_name: SearXNG
mem_limit: 8g
cpu_shares: 2048
security_opt:
- no-new-privileges:true
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/searxng:/etc/searxng:rw
restart: on-failure:5
ports:
- 5147:8080
```

59
docs/Synology/Docker/docker-compose/send.md Normal file
View File

@@ -0,0 +1,59 @@
# send
| Création | dockge |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 1234 |
| Liens | [Github](https://github.com/timvisee/send)<br />[Docker](https://github.com/timvisee/send-docker-compose/tree/master) |
```yaml
version: "3"
services:
send:
image: registry.gitlab.com/timvisee/send:latest
restart: always
ports:
- 1234:1234
volumes:
- /volume1/docker/dockge/stacks/send/uploads:/uploads
labels:
- com.centurylinklabs.watchtower.enable=true
environment:
- VIRTUAL_HOST=send.photos-nas.ovh
- VIRTUAL_PORT=1234
- DHPARAM_GENERATION=false
- NODE_ENV=production
- BASE_URL=https://send.photos-nas.ovh
- PORT=1234
- REDIS_HOST=redis
- FILE_DIR=/uploads
# To customize upload limits
# - EXPIRE_TIMES_SECONDS=3600,86400,604800,2592000,31536000
# - DEFAULT_EXPIRE_SECONDS=3600
# - MAX_EXPIRE_SECONDS=31536000
# - DOWNLOAD_COUNTS=1,2,5,10,15,25,50,100,1000
# - MAX_DOWNLOADS=1000
# - MAX_FILE_SIZE=2684354560
redis:
image: redis:alpine
restart: always
volumes:
- send-redis:/data
volumes:
send-redis: null
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.60.0/24
```

47
docs/Synology/Docker/docker-compose/snapdrop.md Normal file
View File

@@ -0,0 +1,47 @@
# snapdrop
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 7653 |
| Liens | [Github](https://github.com/RobinLinus/snapdrop) |
```yaml
version: "3.9"
services:
snapdrop:
image: ghcr.io/linuxserver/snapdrop:latest
container_name: Snapdrop
hostname: snapdrop
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges:true
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:80
ports:
- 7653:443
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/snapdrop:/config:rw
environment:
TZ: Europe/Paris
PUID: 1026
PGID: 100
restart: on-failure:5
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.67.0/24
```

36
docs/Synology/Docker/docker-compose/snippet-box.md Normal file
View File

@@ -0,0 +1,36 @@
# snippet-box
| Création | dockge |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 5010 |
| Liens | [Github](https://github.com/RobinLinus/snapdrop) |
```yaml
version: "3"
services:
snippet-box:
image: pawelmalak/snippet-box:latest
container_name: snippet-box
labels:
- com.centurylinklabs.watchtower.enable=true
volumes:
- /volume1/docker/dockge/stacks/snippetbox/data:/app/data
ports:
- 5010:5000
restart: unless-stopped
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.65.0/24
```

57
docs/Synology/Docker/docker-compose/tautulli.md Normal file
View File

@@ -0,0 +1,57 @@
# Tautulli
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8181 |
| Liens | [Github](https://github.com/Tautulli/Tautulli)<br />[Tautulli](https://tautulli.com/) |
```bash
services:
tautulli:
image: linuxserver/tautulli:latest
container_name: tautulli
environment:
- PUID=1026 #CHANGE_TO_YOUR_UID
- PGID=100 #CHANGE_TO_YOUR_GID
- TZ=Europe/Paris #CHANGE_TO_YOUR_TZ
- UMASK=022
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/tautulli:/config
ports:
- 8181:8181/tcp
network_mode: synobridge
security_opt:
- no-new-privileges:true
restart: always
```
#### Portail de connexion -> Avancé -> Proxy inversé
Entête personnalisé:
| Nom de l'entête | Valeur |
| ----------------- | --------------------------- |
| Host | $host; |
| X-Real-IP | $remote_addr; |
| X-Forwarded-Host | $server_name; |
| X-Forwarded-For | $proxy_add_x_forwarded_for; |
| X-Forwarded-Proto | $scheme; |
| X-Forwarded-Ssl | on; |
https://github.com/Tautulli/Tautulli/wiki/Installation#synology
https://github.com/Tautulli/Tautulli/wiki/Frequently-Asked-Questions#general-q9

43
docs/Synology/Docker/docker-compose/watchtower.md Normal file
View File

@@ -0,0 +1,43 @@
# Watchtower
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | - |
| Liens | [Watchtower](https://containrrr.dev/watchtower/)<br />[Github](https://github.com/containrrr/watchtower/) |
```yaml
version: '2.1'
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower-nas
network_mode: bridge
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_TIMEOUT=30s
#- WATCHTOWER_POLL_INTERVAL=300
- WATCHTOWER_SCHEDULE=0 0 5 * * *
- TZ=Europe/Paris
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/watchtower/config.json:/root/.docker/config.json
restart: unless-stopped
```

44
docs/Synology/Docker/docker-compose/wgeasy.md Normal file
View File

@@ -0,0 +1,44 @@
# wg-easy
| Création | Portainer |
| ----------- | -------------------------------------------- |
| Mise-à-jour | Watchtower |
| Port | 51821 |
| Liens | [Github](https://github.com/wg-easy/wg-easy) |
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- WG_DEFAULT_DNS=192.168.2.216
restart: always
```

35
docs/Synology/Docker/docker-compose/yacy.md Normal file
View File

@@ -0,0 +1,35 @@
# yacy
| Création | Portainer |
| ----------- | ------------------------------------------------------------ |
| Mise-à-jour | Watchtower |
| Port | 8490 |
| Liens | [Yacy](https://yacy.net)<br />[Github](https://github.com/yacy/yacy_search_server) |
```yaml
services:
yacy:
image: yacy/yacy_search_server:latest
container_name: yacy
network_mode: bridge
dns:
- 192.168.2.116
- 192.168.2.216
user: 1028:65536
labels:
- com.centurylinklabs.watchtower.enable=true
ports:
- 8490:8090
- 8443:8443
volumes:
- /volume1/docker/yacy/data:/opt/yacy_search_server/DATA:rw
restart: unless-stopped
```

25
docs/Synology/Docker/docker-compose/yatch.md Normal file
View File

@@ -0,0 +1,25 @@
# yatch
```yaml
version: "3"
services:
yacht:
container_name: yacht
restart: unless-stopped
ports:
- 8001:8000
environment:
ADMIN_EMAIL: liste@clicclac.info
SECRET_KEY: 7dJuLowm7E5fuXtdEiG1aZ5XwpV8DMOePr5TxwETXTDvM9MgqYulzlb75OscYF4Yvto63jESprC02ZjegOKxDuQhz
volumes:
- yacht:/config
- /var/run/docker.sock:/var/run/docker.sock
image: selfhostedpro/yacht
volumes:
yacht:
# tokens modifiés
```

133
docs/Synology/Docker/grafana.md Normal file
View File

@@ -0,0 +1,133 @@
# Grafana
```yaml
version: "3.9"
services:
grafana:
image: grafana/grafana:latest
container_name: Grafana
hostname: grafana
networks:
- grafana-net
mem_limit: 512m
cpu_shares: 512
security_opt:
- no-new-privileges:true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:3000/api/health
ports:
- 3340:3000
volumes:
- /volume1/docker/grafana/data:/var/lib/grafana:rw
environment:
TZ: Europe/Paris
GF_INSTALL_PLUGINS: grafana-clock-panel,grafana-simple-json-datasource,natel-discrete-panel,grafana-piechart-panel
restart: on-failure:5
prometheus:
image: prom/prometheus
command:
- '--storage.tsdb.retention.time=60d'
- '--config.file=/etc/prometheus/prometheus.yml'
container_name: Prometheus
hostname: prometheus-server
networks:
- grafana-net
- prometheus-net
mem_limit: 1g
cpu_shares: 768
security_opt:
- no-new-privileges=true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9090/ || exit 1
volumes:
- /volume1/docker/grafana/prometheus:/prometheus:rw
- /volume1/docker/grafana/prometheus.yml:/etc/prometheus/prometheus.yml:ro
restart: on-failure:5
node-exporter:
image: prom/node-exporter:latest
command:
- --collector.disable-defaults
- --collector.stat
- --collector.time
- --collector.cpu
- --collector.loadavg
- --collector.hwmon
- --collector.meminfo
- --collector.diskstats
container_name: Prometheus-Node
hostname: prometheus-node
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges=true
read_only: true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9100/
restart: on-failure:5
snmp-exporter:
image: prom/snmp-exporter:latest
command:
- '--config.file=/etc/snmp_exporter/snmp.yml'
container_name: Prometheus-SNMP
hostname: prometheus-snmp
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges:true
read_only: true
user: 1026:100
healthcheck:
test: wget --no-verbose --tries=1 --spider http://localhost:9116/ || exit 1
volumes:
- /volume1/docker/grafana/snmp:/etc/snmp_exporter/:ro
restart: on-failure:5
cadvisor:
image: gcr.io/cadvisor/cadvisor:latest
command:
- '--docker_only=true'
container_name: Prometheus-cAdvisor
hostname: prometheus-cadvisor
networks:
- prometheus-net
mem_limit: 256m
mem_reservation: 64m
cpu_shares: 512
security_opt:
- no-new-privileges=true
read_only: true
volumes:
- /:/rootfs:ro
- /var/run:/var/run:ro
- /sys:/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: on-failure:5
networks:
grafana-net:
name: grafana-net
ipam:
config:
- subnet: 192.168.50.0/24
prometheus-net:
name: prometheus-net
ipam:
config:
- subnet: 192.168.51.0/24
```

102
docs/Synology/Docker/index.md Normal file
View File

@@ -0,0 +1,102 @@
# Docker
### Installation
Installer le paquet Container Manager dans DSM
[DockerHub](https://hub.docker.com/search?q=)
##### Redémarrer Container Manager
```bash
$ systemctl list-units --type=service --all | grep -i docker
pkg-ContainerManager-dockerd.service loaded active running Docker Application Container Engine
pkg-ContainerManager-event-watcherd.service loaded active running Docker event watch service
```
```bash
$ sudo systemctl restart pkg-ContainerManager-dockerd
```
### Utilisation
[Mise-à-jour des containers](updates.md) (Container Manager - WatchTower)
[Ports](ports.md)
```bash
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
```
Ajouter à `/etc/docker/daemon.json` (ou le créer)
```json
{
"default-address-pools" : [
{
"base" : "172.17.0.0/12",
"size" : 20
},
{
"base" : "192.168.0.0/16",
"size" : 24
}
]
}
```
Autre solution:
```yaml
networks:
default:
driver: bridge
ipam:
config:
- subnet: 172.16.57.0/24
```
https://straz.to/2021-09-08-docker-address-pools/
https://jareklipski.medium.com/docker-can-only-create-31-default-networks-e7f98f778626
https://serverfault.com/questions/916941/configuring-docker-to-not-use-the-172-17-0-0-range
https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am
### Containers
- [iGotify](docker-compose/igotify.md)
- [Pi.Alert](docker-compose/Pi.Alert.md)
- [searXNG](docker-compose/searXNG.md)
- [WireGuard](Wireguard.md)
### Login
```bash
$ sudo docker login --username=foo
# WARNING! Your password will be stored unencrypted in /root/.docker/config.json.
```
```bash
$ cat ~/my_password.txt | docker login --username foo --password-stdin
```
### Backups
https://mariushosting.com/synology-how-to-back-up-docker-containers/

148
docs/Synology/Docker/iperf3.md Normal file
View File

@@ -0,0 +1,148 @@
# iperf3
### Sur le NAS:
Installation d'iPerf sur le NAS:
```bash
$ sudo docker run -it --rm -p 5201:5201 networkstatic/iperf3 --help
```
Le serveur est lancé:
```bash
$ sudo docker run -it --rm --name=iperf3-server -p 5201:5201 networkstatic/iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
```
### Sur le mac:
```bash
$ brew install iperf3
```
On lance le client:
```bash
$ iperf3 -c 192.168.2.57
Connecting to host 192.168.2.57, port 5201
[ 5] local 192.168.2.240 port 60430 connected to 192.168.2.57 port 5201
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 14.2 MBytes 119 Mbits/sec
[ 5] 1.00-2.00 sec 12.9 MBytes 108 Mbits/sec
[ 5] 2.00-3.01 sec 13.0 MBytes 109 Mbits/sec
[ 5] 3.01-4.01 sec 12.0 MBytes 101 Mbits/sec
[ 5] 4.01-5.00 sec 12.5 MBytes 105 Mbits/sec
[ 5] 5.00-6.00 sec 14.0 MBytes 118 Mbits/sec
[ 5] 6.00-7.00 sec 13.4 MBytes 112 Mbits/sec
[ 5] 7.00-8.00 sec 13.0 MBytes 109 Mbits/sec
[ 5] 8.00-9.00 sec 10.0 MBytes 83.7 Mbits/sec
[ 5] 9.00-10.01 sec 10.5 MBytes 88.1 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.01 sec 126 MBytes 105 Mbits/sec sender
[ 5] 0.00-10.09 sec 125 MBytes 104 Mbits/sec receiver
iperf Done.
```
### Test externe:
```bash
iperf3 -c scaleway.testdebit.info -p 9215 -R -P 4
Connecting to host scaleway.testdebit.info, port 9215
Reverse mode, remote host scaleway.testdebit.info is sending
[ 7] local 192.168.2.240 port 60728 connected to 62.210.156.7 port 9215
[ 9] local 192.168.2.240 port 60729 connected to 62.210.156.7 port 9215
[ 11] local 192.168.2.240 port 60730 connected to 62.210.156.7 port 9215
[ 13] local 192.168.2.240 port 60731 connected to 62.210.156.7 port 9215
[ ID] Interval Transfer Bitrate
[ 7] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[ 9] 0.00-1.00 sec 256 KBytes 2.09 Mbits/sec
[ 11] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[ 13] 0.00-1.00 sec 384 KBytes 3.14 Mbits/sec
[SUM] 0.00-1.00 sec 1.38 MBytes 11.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 1.00-2.00 sec 1.88 MBytes 15.8 Mbits/sec
[ 9] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 11] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 13] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[SUM] 1.00-2.00 sec 5.62 MBytes 47.3 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 2.00-3.00 sec 3.50 MBytes 29.3 Mbits/sec
[ 9] 2.00-3.00 sec 1.88 MBytes 15.7 Mbits/sec
[ 11] 2.00-3.00 sec 2.75 MBytes 23.0 Mbits/sec
[ 13] 2.00-3.00 sec 2.00 MBytes 16.8 Mbits/sec
[SUM] 2.00-3.00 sec 10.1 MBytes 84.8 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 3.00-4.00 sec 3.12 MBytes 26.2 Mbits/sec
[ 9] 3.00-4.00 sec 1.62 MBytes 13.6 Mbits/sec
[ 11] 3.00-4.00 sec 2.62 MBytes 22.0 Mbits/sec
[ 13] 3.00-4.00 sec 1.75 MBytes 14.7 Mbits/sec
[SUM] 3.00-4.00 sec 9.12 MBytes 76.5 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 4.00-5.00 sec 5.25 MBytes 43.9 Mbits/sec
[ 9] 4.00-5.01 sec 3.00 MBytes 25.1 Mbits/sec
[ 11] 4.00-5.01 sec 4.38 MBytes 36.6 Mbits/sec
[ 13] 4.00-5.01 sec 2.88 MBytes 24.1 Mbits/sec
[SUM] 4.00-5.00 sec 15.5 MBytes 130 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 5.00-6.00 sec 5.62 MBytes 47.4 Mbits/sec
[ 9] 5.01-6.00 sec 2.88 MBytes 24.2 Mbits/sec
[ 11] 5.01-6.00 sec 4.25 MBytes 35.8 Mbits/sec
[ 13] 5.01-6.00 sec 3.25 MBytes 27.4 Mbits/sec
[SUM] 5.00-6.00 sec 16.0 MBytes 135 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 6.00-7.00 sec 6.12 MBytes 51.3 Mbits/sec
[ 9] 6.00-7.00 sec 3.38 MBytes 28.3 Mbits/sec
[ 11] 6.00-7.00 sec 4.62 MBytes 38.7 Mbits/sec
[ 13] 6.00-7.00 sec 3.75 MBytes 31.4 Mbits/sec
[SUM] 6.00-7.00 sec 17.9 MBytes 150 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 7.00-8.00 sec 5.62 MBytes 47.3 Mbits/sec
[ 9] 7.00-8.00 sec 3.00 MBytes 25.2 Mbits/sec
[ 11] 7.00-8.00 sec 4.25 MBytes 35.7 Mbits/sec
[ 13] 7.00-8.00 sec 3.75 MBytes 31.5 Mbits/sec
[SUM] 7.00-8.00 sec 16.6 MBytes 140 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 8.00-9.00 sec 4.75 MBytes 39.8 Mbits/sec
[ 9] 8.00-9.00 sec 2.50 MBytes 20.9 Mbits/sec
[ 11] 8.00-9.00 sec 3.75 MBytes 31.4 Mbits/sec
[ 13] 8.00-9.00 sec 3.25 MBytes 27.2 Mbits/sec
[SUM] 8.00-9.00 sec 14.2 MBytes 119 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ 7] 9.00-10.00 sec 4.88 MBytes 40.8 Mbits/sec
[ 9] 9.00-10.00 sec 2.75 MBytes 23.0 Mbits/sec
[ 11] 9.00-10.00 sec 4.12 MBytes 34.6 Mbits/sec
[ 13] 9.00-10.00 sec 3.88 MBytes 32.5 Mbits/sec
[SUM] 9.00-10.00 sec 15.6 MBytes 131 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 7] 0.00-10.05 sec 46.7 MBytes 39.0 Mbits/sec 0 sender
[ 7] 0.00-10.00 sec 41.1 MBytes 34.5 Mbits/sec receiver
[ 9] 0.00-10.05 sec 24.9 MBytes 20.8 Mbits/sec 0 sender
[ 9] 0.00-10.00 sec 22.5 MBytes 18.9 Mbits/sec receiver
[ 11] 0.00-10.05 sec 36.0 MBytes 30.1 Mbits/sec 0 sender
[ 11] 0.00-10.00 sec 32.4 MBytes 27.1 Mbits/sec receiver
[ 13] 0.00-10.05 sec 30.0 MBytes 25.1 Mbits/sec 0 sender
[ 13] 0.00-10.00 sec 26.1 MBytes 21.9 Mbits/sec receiver
[SUM] 0.00-10.05 sec 138 MBytes 115 Mbits/sec 0 sender
[SUM] 0.00-10.00 sec 122 MBytes 102 Mbits/sec receiver
iperf Done.
```
https://aradaff.com/tester-son-reseau/

34
docs/Synology/Docker/portainer.md Normal file
View File

@@ -0,0 +1,34 @@
# Portainer
| Création | docker-run |
| ----------- | ------------------------------------------------ |
| Mise-à-jour | manuelle |
| Port | 9000 |
| Liens | [Github](https://github.com/portainer/portainer) |
### Installation
https://mariushosting.com/synology-30-second-portainer-install-using-task-scheduler-docker/
### Mise-à-jour du container Portainer
https://mariushosting.com/synology-how-to-update-portainer/
Dans Container Manager:
- Onglet Image -> Mise-à-jour disponible -> Mettre à jour
- Onglet Container -> Action -> Démarrer
### Backup configuration
Portainer -> Settings -> Backup up Portainer -> Download backup

52
docs/Synology/Docker/ports.md
View File

@@ -2,21 +2,51 @@
| | | |
| ------------------------------------------------------------ | --------------------------- | ------ |
| mymediaforalexa | 52050 - 52051 | Docker |
| homebridge | Bridge: 51534<br />UI: 8581 | Docker |
| Hoobs | Bridge: 51826<br />UI: 8181 | Docker |
| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | Docker |
| Lychee | 90 | |
| | | |
| | | |
| | | |
| | | |
| | | Passerelle | Adresse IP | |
| ------------------------------------------------------------ | --------------- | ----------- | ------------ | ------------------ |
| | | | | |
| portainer | **8000** / 9000 | 172.17.0.1 | 172.17.0.3 | |
| geoipupdate | | 172.19.0.1 | 172.19.0.2 | |
| [PiHole](https://mariushosting.com/how-to-install-pi-hole-on-your-synology-nas/) | 8090 | 192.168.2.1 | 192.168.2.68 | 192.168.2.68 |
| freegeoip | **8080** / 8888 | 172.18.0.1 | 172.18.0.2 | |
| Acme | | 172.17.0.1 | 172.17.0.2 | |
| | | | | |
| wireguard | | 172.20.0.1 | 172.20.0.2 | 192.168.2.68:51820 |
| | | | | |
#### Redémarrer Container Manager:
```bash
systemctl restart pkg-ContainerManager-dockerd
```
#### Pare-feu:
- IP: 172.16.0.0
- Masque: 255.248.0.0
De 172.16.0.0 à 172.23.255.255
https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/
https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique
#### Liens:
Créer un utilisateur restreint pour docker:
https://drfrankenstein.co.uk/step-2-setting-up-a-restricted-docker-user-and-obtaining-ids/
https://mariushosting.com/synology-how-to-update-docker-image/
https://www.timmertech.io/manage-docker-without-sudo-on-synology/
https://stackoverflow.com/questions/43720339/docker-error-could-not-find-an-available-non-overlapping-ipv4-address-pool-am

116
docs/Synology/Docker/updates.md Normal file
View File

@@ -0,0 +1,116 @@
# Mise-à-jour des containers
### Container manager
##### Onglet Image:
Notifications pour les images dont:
- source: hub.docker.com
- tag: Latest ou Nightly
Cliquer sur 'Update available': l'image est téléchargé et le container mis-à-jour/
##### Onglet Projet:
Si il y a plusieurs containers dans le Projet:
- sélectionner le Projet -> Action -> Arrêt
- mettre à jour les images
- sélectionner le Projet -> Action -> Créer
### Watchtower
| Création | Portainer |
| ----------- | ---------- |
| Mise-à-jour | Watchtower |
| Ports | 8000/9000 |
https://drfrankenstein.co.uk/watchtower-automated-updates-in-container-manager-on-a-synology-nas/
```yaml
version: '2.1'
services:
watchtower:
image: containrrr/watchtower
container_name: watchtower
hostname: watchtower-nas
network_mode: bridge
environment:
- WATCHTOWER_NOTIFICATIONS=email
- WATCHTOWER_CLEANUP=true
- WATCHTOWER_DEBUG=true
- WATCHTOWER_LABEL_ENABLE=true
- WATCHTOWER_TIMEOUT=30s
- WATCHTOWER_POLL_INTERVAL=300
- TZ=Europe/Paris
env_file:
- stack.env
labels:
- "com.centurylinklabs.watchtower.enable=true"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /volume1/docker/watchtower/config.json:/root/.docker/config.json
restart: unless-stopped
```
##### Mettre-à-jour seulement les containers spécifiés:
A ajouter dans le compose de watchtower:
```yaml
environment:
- WATCHTOWER_LABEL_ENABLE=true
```
A ajouter aux containers que l'on souhaite mettre-à-jour:
```yaml
labels:
- "com.centurylinklabs.watchtower.enable=true"
```
##### Uniquement monitorer certains containers:
A ajouter aux containers que l'on souhaite suivre:
```yaml
labels:
- "com.centurylinklabs.watchtower.monitor-only=true"
```
##### Monitorer et mettre-à-jour seulement certains containers:
A ajouter dans le compose de watchtower:
```yaml
environment:
- WATCHTOWER_DISABLE_CONTAINERS=container1,container2
```
https://www.smarthomebeginner.com/watchtower-docker-compose-2024/
#### Lancer Watchtower manuellement:
```bash
$ docker run -v /var/run/docker.sock:/var/run/docker.sock containrrr/watchtower --run-once
```
#### Notifications:
https://containrrr.dev/watchtower/notifications/

62
docs/Synology/dsm7/HomeAssistant.md Normal file
View File

@@ -0,0 +1,62 @@
# HomeAssistant
### Package SynoCommunity
Version Core
[FAQ](https://github.com/SynoCommunity/spksrc/wiki/FAQ-HomeAssistant/)
#### Editer la configuration
```bash
sudo nano /var/packages/homeassistant/var/config/configuration.yaml
```
#### Voir les logs
```bash
tail -f /var/packages/homeassistant/var/homeassistant.log
```
### VMM
#### Erreur '400 Bad Request'
##### /homeassistant/configuration.yaml
```yaml
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
homeassistant:
external_url: "https://home-assistant.photos-nas.ovh" # ne pas indiquer le port
internal_url: "http://192.168.2.21:8123" # adresse locale de HA avec le port
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.2.57 # IP of Synology
ip_ban_enabled: false
```
Sir le NAS

11
docs/Synology/dsm7/Homebridge.md Normal file
View File

@@ -0,0 +1,11 @@
# Homebridge
### Wiki
https://github.com/homebridge/homebridge/wiki/Install-Homebridge-on-Synology-DSM
### Paquet
https://github.com/homebridge/homebridge-syno-spk

38
docs/Synology/dsm7/cli-tools.md Normal file
View File

@@ -0,0 +1,38 @@
# SynoCli Tools
### SynoCli File Tools
less, tree, ncdu, jdupes, fdupes, rhash, mc (midnight commander), mg (emacs-like text editor), nano, jupp (based on JOE - Joe's Own Editor 3.1), file, detox, pcre2, zstd, lzip, plzip, detox, iconv, dos2unix tools, lsd, bat, eza, rmlint, nnn (n³), micro (editor), fzf (fuzzy finder), rg (ripgrep), fd (fd-find), sd (sed alternative), rnm.
### bat
https://github.com/sharkdp/bat
```bash
$ bat --generate-config-file
Success! Config file written to /var/services/homes/bruno/.config/bat/config
```
```bash
$ bat --config-file
/var/services/homes/bruno/.config/bat/config
$ bat --config-dir
/var/services/homes/bruno/.config/bat
```
#### nano
Coloration syntaxique: https://github.com/scopatz/nanorc/
```bash
$ cd ~
$ mkdir .nano
$ install_path=~/.nano/
$ git clone https://github.com/scopatz/nanorc.git $install_path
$ cat $install_path/nanorc >> ~/.nanorc
```

29
docs/Synology/dsm7/dsm7.md
View File

@@ -239,6 +239,14 @@ synosystemctl restart nginx
#### Certificat Let's Encrypt
Si on utilise le certificat pour le domaine synology , il n'y a pas besoin d'ouvrir les ports.
Pour un domaine, il faut ouvrir le port 80.
#### Liens
[nginx.md](../nginx.md)
@@ -276,3 +284,24 @@ un bat-musl <none> <none> (no description available)
ii dans la 1ere colonne: correctement installé
#### Synology Photos:
dossier ~/Photos: Synology Photos -> espace personnel
#### ping
```bash
$ ping 8.8.8.8
ping: socket: Operation not permitted
```
```bash
$ $ ping 8.8.8.8
# ou
$ sudo setcap 'cap_net_raw+ep' "$(which ping)"
```

51
docs/Synology/dsm7/pare-feu.md Normal file
View File

@@ -0,0 +1,51 @@
### Pare-feu
| Règle | IP | Masque | Range | CIDR | Ports | Protocole | Action |
| ------------ | ----------- | --------------- | ------------------------------- | -------------- | --------------------- | --------- | ------ |
| Docker | 172.16.0.0 | 255.240.0.0 | De 172.16.0.0 à 172.23.255.255 | | Tous | Tous | Oui |
| Réseau local | 192.168.2.0 | 255.255.255.128 | De 192.168.2.0 à 192.168.2.127 | 192.168.2.0/25 | Tous | Tous | Oui |
| France | France | | | | Tous | Tous | Oui |
| Reste | | | | | Tous (sauf 80 et 443) | Tous | Non |
Depuis le tel:
| | | |
| ---- | ---------------------- | ---- |
| | https://photos-nas.ovh | OK |
| | | |
| | | |
#### Paquets
| | Numéro de port | Protocole |
| --------------------- | ------------------------------------------------------------ | --------- |
| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP |
| | | |
#### Applications mobiles
| | Numéro de port | Protocole |
| -------------- | ------------------------- | --------- |
| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP |
#### Liens:
https://cric.grenoble.cnrs.fr/Administrateurs/Outils/CalculMasque/
https://www.it-connect.fr/adresses-ipv4-et-le-calcul-des-masques-de-sous-reseaux/#VII_Comment_trouver_le_bon_masque_pour_un_nombre_dhotes_specifique

154
docs/Synology/dsm7/pcloud.md Normal file
View File

@@ -0,0 +1,154 @@
# Sauvegarde Synlogy NAS sur pCloud avec rClone
### Sur le Mac:
```bash
$ brew install rclone
```
```bash
$ rclone config
# remote
n) New remote
Enter name for new remote.
name> pcloud
Storage> 38
Option client_id.
client_id> # vide
Option client_secret.
client_secret> # vide
Edit advanced config
y/n> n
Use web browser to automatically authenticate rclone with remote?
y/n> y
S'identifier dans la fenêtre pCloud
Options:
- type: pcloud
- hostname: eapi.pcloud.com
- token: {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
Keep this "pcloud" remote ?
y/e/d> y
# Token modifié
```
On récupère le contenu du fichier de config:
```bash
$ cat .config/rclone/rclone.conf
```
```
[pcloud]
type = pcloud
hostname = eapi.pcloud.com
token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
# Token modifié
```
### Sur le NAS:
On installe rclone:
```bash
bruno@DS923:~$ wget https://rclone.org/install.sh
```
```bash
bruno@DS923:~$ sudo ./install.sh
```
On crée la config:
```bash
bruno@DS923:~$ rclone config touch
```
puis on l'édite:
```bash
bruno@DS923:~$ nano .config/rclone/rclone.conf
```
et on colle la config crée sur le mac:
```
[pcloud]
type = pcloud
hostname = eapi.pcloud.com
token = {"access_token":"UsdkHboizcI2oUxeCOqwAU5d4QKO8y508RCbVKLU8Y52wYbjEezS","token_type":"bearer","expiry":"0001-01-01T00:00:00Z"}
# Token modifié
```
On teste la configuration:
```bash
bruno@DS923:~$ rclone lsd pcloud:
-1 2021-05-03 14:16:15 -1 .dotfiles
-1 2023-10-30 07:20:28 -1 Animations
-1 2023-10-30 08:01:50 -1 Automatic Uploadb
-1 2019-07-24 13:40:00 -1 Backups
```
et on la sauvegarde:
```bash
bruno@DS923:~$ cp .config/rclone/rclone.conf /volume1/nas/rclone/rclone.conf
```
### Synchronisation:
On synchronise le dossier partagé **docker** dans pCloud:
Option:
`--dry-run` pour tester.
`-P` pour afficher la progression
```bash
# sudo nécessaire pour le docker Acme
bruno@DS923:~$ sudo rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*" -P
```
### Tache planifiée:
Panneau de configuration -> Planificateur de taches
Créer > Tâche planifiée > Script défini par lutilisateur
```bash
bruno@DS923:~$ rclone --config /var/services/homes/bruno/.config/rclone/rclone.conf sync /volume1/docker pcloud:Nas923/docker -v --log-file=/var/services/homes/bruno/Logs/rclone/journal.log --exclude "*{@eaDir/,Thumbs.db,.DS_Store}*"
```
https://www.gozen-consulting.com/2023/12/09/comment-sauvegarder-synology-nas-sur-pcloud-avec-rclone/

70
docs/Synology/dsm7/php.md
View File

@@ -11,16 +11,18 @@ https://www.synology.com/fr-fr/support/download/DS916+?version=7.0#packages
#### Les services **php** actifs:
```bash
$ systemctl | grep PHP
pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php74@da937888-3180-4a69-96d6-076b750f2b06.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php74@e32d3cf6-055c-43f0-802d-6b72e9437f42.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php80@746b57c5-03a4-4210-bf14-1d7df30c8b79.service loaded active running WebStation PHP8.0 fpm process
pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit
pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit
PHP7.3.slice loaded active active PHP7.3.slice
PHP7.4.slice loaded active active PHP7.4's slice
PHP8.0.slice loaded active active PHP8.0's slice
$ systemctl | grep PHP
pkg-WebStation-php74@182b445b-6caf-469f-acaa-a763582ba8db.service loaded active running WebStation PHP7.4 fpm process
pkg-WebStation-php80@139939eb-365d-4381-9996-ecf91c4216bc.service loaded active running WebStation PHP8.0 fpm process
pkg-WebStation-php80@4d11e742-c46a-406c-a988-263bfd259fc1.service loaded active running WebStation PHP8.0 fpm process
pkg-WebStation-php82@49b74e5d-1252-4bbb-947e-68a70242310a.service loaded active running WebStation PHP8.2 fpm process
pkg-WebStation-php82@95f7fe6c-5dbc-4f31-9c63-99ef91a6df1e.service loaded active running WebStation PHP8.2 fpm process
pkgctl-PHP7.4.service loaded active exited PHP7.4's service unit
pkgctl-PHP8.0.service loaded active exited PHP8.0's service unit
pkgctl-PHP8.2.service loaded active exited PHP8.2's service unit
PHP7.4.slice loaded active active PHP7.4's slice
PHP8.0.slice loaded active active PHP8.0's slice
PHP8.2.slice loaded active active PHP8.2's slice
```
#### Les services **apache** actifs:
@@ -35,12 +37,12 @@ $ systemctl | grep apache
#### Redémarrer un service:
```bash
$ sudo systemctl restart pkgctl-PHP8.0.service
$ sudo systemctl restart pkgctl-PHP8.2.service
```
```bash
$ sudo systemctl stop pkgctl-PHP8.0.service
$ sudo systemctl start pkgctl-PHP8.0.service
$ sudo systemctl stop pkgctl-PHP8.2.service
$ sudo systemctl start pkgctl-PHP8.2.service
```
@@ -78,6 +80,21 @@ $ find / -name php.ini 2>/dev/null
/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini memory_limit = 512M
/etc/php/php.ini memory_limit = 512M
/volume1/@appstore/PHP8.0/misc/php-fpm.ini <- memory_limit pris en compte par php-info memory_limit = 512M
$ find / -name php*.ini 2>/dev/null
/usr/local/etc/php82/cli/php.ini # memory_limit = 128M
/usr/local/etc/php74/cli/php.ini # memory_limit = 128M
/usr/local/etc/php80/cli/php.ini # memory_limit = 128M
/etc/php/php.ini
/etc.defaults/php/php.ini
/volume1/@appstore/PHP8.2/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP8.2/usr/local/etc/php82/cli/php.ini # memory_limit = 128M
/volume1/@appstore/PHP7.4/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP7.4/usr/local/etc/php74/cli/php.ini # memory_limit = 128M
/volume1/@appstore/PHP8.0/misc/php-fpm.ini # memory_limit = 128M
/volume1/@appstore/PHP8.0/usr/local/etc/php80/cli/php.ini # memory_limit = 128M
```
@@ -87,6 +104,7 @@ $ find / -name php.ini 2>/dev/null
#### Liste des fichiers de conf:
```bash
# Si modif
$ php --ini
Configuration File (php.ini) Path: /usr/local/etc/php80/cli
@@ -95,6 +113,13 @@ Scan for additional .ini files in: /usr/local/etc/php80/cli/conf.d
Additional .ini files parsed: /usr/local/etc/php80/cli/conf.d/extension.ini,
/usr/local/etc/php80/cli/conf.d/nextcloud.ini,
/usr/local/etc/php80/cli/conf.d/timezone.ini
# Sinon
$ php --ini
Configuration File (php.ini) Path: /etc/php
Loaded Configuration File: /etc/php/php.ini
Scan for additional .ini files in: (none)
Additional .ini files parsed: (none)
```
@@ -198,18 +223,33 @@ zlib
#### Log:
```bash
sudo tail -f /volume1/@appdata/PHP8.0/log/php80-fpm.log # alimenté
sudo tail -f /volume1/@appdata/PHP8.2/log/php80-fpm.log # n'existe pas
```
Webstation -> Paramètrers du language de script -> sélectionner un profil -> Coeur ->
- error_log : /volume1/web/log/php82_error.log
- log_errors : On
#### Dossier des modules:
`/volume1/@appstore/PHP8.0/usr/local/lib/php80/modules/`
`/volume1/@appstore/PHP7.4/usr/local/lib/php74/modules/`
`/volume1/@appstore/PHP8.2/usr/local/lib/php82/modules/`
Les extensions n'apparaissent pas dans les <u>Extensions du profil PHP</u> (Web Station). Il faut éditer `extension_list.json`:
```bash
$ sudo nano /volume1/@appstore/PHP8.0/misc/extension_list.json
$ sudo nano /volume1/@appstore/PHP8.2/misc/extension_list.json
"apcu": {
"enable_default": true,

185
docs/Synology/dsm7/pi-hole.md Normal file
View File

@@ -0,0 +1,185 @@
# pi-hole
https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
#### 1a. Créer un réseau macvlan:
```bash
$ sudo docker network create -d macvlan -o parent=ovs_eth0 --subnet=192.168.2.0/24 --gateway=192.168.2.1 --ip-range=192.168.2.68/32 ph_network
# 192.168.2.68 = IP Pi-hole
# si VMM est installé: -o parent=ovs_eth0
# sinon: -o parent=eth0
```
Equivalant yaml:
```yaml
services:
pihole:
../..
networks:
macvlan:
ipv4_address: 192.168.2.68
restart: always
networks:
macvlan:
name: ph_network
driver: macvlan
driver_opts:
parent: ovs_eth0
ipam:
config:
- subnet: "192.168.2.0/24"
ip_range: "192.168.2.254/24"
gateway: "192.168.2.1"
```
#### 1b. Bridge
#### 2. docker-compose.yml
```yaml
version: "3"
# Instructions: https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
services:
pihole:
container_name: pihole
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
- "67:67/udp" # Only required if you are using Pi-hole as your DHCP server
- "80:80/tcp"
networks:
- ph_network
environment:
TZ: 'Europe/Paris'
WEBPASSWORD: 'xxxxx'
# Volumes store your data between container upgrades
volumes:
- '/volume1/docker/pihole/pihole:/etc/pihole'
- '/volume1/docker/pihole/dnsmasq.d:/etc/dnsmasq.d'
cap_add:
- NET_ADMIN # Required if you are using Pi-hole as your DHCP server, else not needed
restart: unless-stopped
networks:
ph_network:
name: ph_network
external: true
```
#### 3. Ouvrir et configurer pihole:
```http
# ip fixée dans le réseau
http://192.168.2.68/admin/login.php
```
#### 4a. Régler les DNS dans le routeur:
- DNS 1: <ip pihole>
- DN2 2: 1.1.1.1
Tous les appareils utiliseront Pi-hole comme serveur DNS.
#### 4b. Régler les DNS dans chaque appareil:
- DNS 1: <ip pihole>
- DN2 2: 1.1.1.1
Si on utilise un macvlan, le DSM ne peut accèder à Pi-hole. Il faut utiliser des DNS externes:
- DNS 1: 9.9.9.9 (Quad9)
- DN2 2: 1.1.1.1 (Cloudflare)
#### 5. Listes:
https://www.libhunt.com/topic/pi-hole-blocklists
#### 6. Aller dans le containe pihole:
```bash
$ sudo docker exec -it pihole bash
```
```bash
$ pihole -v
```
#### 7. Loopback
Dans Pi-hole, aller à Local DNS -> DNS Records -> Add a new domain/IP combination:
Ajouter
/volume1/docker/pihole/dnsmasq.d/01-pihole.conf
```bash
addn-hosts=/etc/pihole/local.list
addn-hosts=/etc/pihole/custom.list
localise-queries
no-resolv
log-queries
log-facility=/var/log/pihole/pihole.log
log-async
cache-size=10000
server=8.8.8.8
server=8.8.4.4
interface=eth0
```
/volume1/docker/pihole/dnsmasq.d/06-rfc6761.conf
```bash
server=/test/
server=/localhost/
server=/invalid/
server=/bind/
server=/onion/
```
#### Liens
https://marketsplash.com/tutorials/docker/pihole-docker/
https://drfrankenstein.co.uk/pi-hole-in-container-manager-on-a-synology-nas/
https://www.wundertech.net/how-to-setup-pi-hole-on-a-synology-nas-two-methods/
https://github.com/pi-hole/docker-pi-hole

8
docs/Synology/dsm7/snapshot.md Normal file
View File

@@ -0,0 +1,8 @@
# Snapshot Replication
https://kb.synology.com/fr-fr/DSM/tutorial/Quick_Start_Snapshot_Replication

108
docs/Synology/dsm7/wireguard.md Normal file
View File

@@ -0,0 +1,108 @@
# WireGuard
### Installer WireGuard sur le NAS
https://www.blackvoid.club/wireguard-spk-for-your-synology-nas/
##### Identifier l'architecture du NAS:
https://kb.synology.com/en-global/DSM/tutorial/What_kind_of_CPU_does_my_NAS_have?ref=blackvoid.club
| **Model** | **CPU Model** | **Cores** **(each)** | **Threads** **(each)** | **FPU** | **Package Arch** | **RAM** |
| ---------- | --------------- | -------------------- | ---------------------- | ------- | ---------------- | ------------------- |
| **DS923+** | AMD Ryzen R1600 | 2 | 4 | ✓ | R1000 | DDR4 ECC SODIMM 4GB |
Télécharger le paquet (SPK) correspondant à la version courante de DSM (7.2):
https://www.blackvoid.club/content/files/2023/03/WireGuard-r1000-1.0.20220627.spk
Installer manuellement le paquet dans le Centre de paquet <u>mais ne pas le lancer.</u>
Sous DSM 7.2, redémarrer le NAS, puis démarrer WireGuard:
```
root@DS923:~# cd /var/packages/WireGuard/scripts
root@DS923:/var/packages/WireGuard/script
-rwxr-xr-x 1 root root 364 May 3 2022 start
-rwxr-xr-x 1 root root 1664 May 3 2022 start-stop-status
root@DS923:/var/packages/WireGuard/scripts# /var/packages/WireGuard/scripts/start
WireGuard have been successfully started
```
Le NAS supporte enfin WireGuard client et serveur.
### WireGuard Easy
https://github.com/wg-easy/wg-easy
https://www.blackvoid.club/wireguard-vpn-for-your-synology-nas/
```bash
bruno@DS923:/volume1/docker/wgeasy
-rwxrwxrwx+ 1 bruno users 488 Jan 28 12:24 docker-compose.yml
-rwxrwxrwx+ 1 root root 443 Jan 28 12:26 wg0.conf
-rwxrwxrwx+ 1 root root 195 Jan 28 12:26 wg0.json
```
##### docker-compose.yml
```yaml
version: "3.5"
services:
wgeasy:
image: ghcr.io/wg-easy/wg-easy:latest
network_mode: "bridge"
container_name: wgeasy
ports:
- "51820:51820/udp"
- "51821:51821"
cap_add:
- NET_ADMIN
- SYS_MODULE
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv4.ip_forward=1
volumes:
- /volume1/docker/wgeasy:/etc/wireguard
environment:
- WG_HOST=photos-nas.ovh
- PASSWORD=xxxxxxxxxxxxxx
restart: always
```
- WireGuard VPN server utilise le port UDP 51820 <u>(à ouvrir sur le routeur)</u>
- L'interface WG-Easy web utilise le port TCP 51821
```bash
bruno@DS923:/volume1/docker/wgeasy$ sudo docker-compose up -d
```
WG-Easy est disponible à http://192.168.2.57:51821, puis:
- Créer un nouveau client VPN
- Exporter la config ou scanner le QR code
https://www.wundertech.net/wg-easy-wireguard-vpn-server/
https://github.com/ngoduykhanh/wireguard-ui
https://www.nas-forum.com/forum/topic/77094-tutodocker-linuxserverwireguard-wireguard-ui/

170
docs/Synology/ovh.md Normal file
View File

@@ -0,0 +1,170 @@
# ovh
### Configuration du domaine chez OVH
Dans l'[espace client OVH](https://www.ovh.com/manager/#/hub), aller à l'onglet **Domaines** -> **DynHost** et cliquer sur **Ajouter un DynHost**.
Entrer l'IP de la box et le sous-domaine à créer:
- Sous-domaine: **ds923**.photos-nas.ovh
- IP: 86.209.254.226
On a ensuite besoin d'un identifiant pour mettre le sous-domaine à jour. Cliquer sur **Gérer les accès** puis **Créer un identifiant**:
- Suffixe de l'identifiant: photos-nas.ovh-**wildcard**
- Sous-domaine: **ds923**.photos-nas.ovh
- Mot de passe: <passwd>
Vérification:
```bash
$ nslookup photos-nas.ovh
Server: fe80::b85d:aff:fe58:f764%12
Address: fe80::b85d:aff:fe58:f764%12#53
Non-authoritative answer:
Name: photos-nas.ovh
Address: 213.186.33.5
```
On s'assure de la propoagation des DNS: https://www.whatsmydns.net/
### Configurer la mise à jour automatique de l'IP
Sur le NAS, aller dans le **Panneau de configuration** -> **Accès externe** -> onglet **DDNS** et cliquer sur Ajouter.
- Fournisseur de service: OVH
- Nom d'hôte: ds923.photos-nas.ovh
- Nom d'utilisateur: photos-nas.ovh-wildcard
- Mot de passe: <passwd>
- Adresse externe: Auto
https://leblogdejerome.com/2018/08/ajouter-un-nas-synology-a-un-dynhost-chez-ovh/
https://www.adrienfuret.fr/2015/05/31/nas-synology-ddns-ovh/
### Création du certificat wildcard Let's Encrypt
#### Création de la clé d'API chez OVH.
https://www.ovh.com/auth/api/createToken
- Application name: wildcard-photos-nas.ovh
- Application description: wildcard-photos-nas.ovh
- Validity: Unlimited
- Rights:
- GET /domain/zone/
- GET /domain/zone/{zone DNS}/status
- GET /domain/zone/{zone DNS}/record
- GET /domain/zone/{zone DNS}/record/*
- POST /domain/zone/{zone DNS}/record
- POST /domain/zone/{zone DNS}/refresh
- DELETE /domain/zone/{zone DNS}/record/*
- Restricted IPs: on rajoute son IP afin qu'en cas de vol des clés, elles ne puissent être exploitées et votre domaine détourné. (NB : Si vous n'avez pas une IP fixe, on passe ce dernier point)
Remplacer {zone DNS} par le domaine (photos-nas.ovh).
Cliquer sur Create keys.
- Application name: wildcard-photos-nas.ovh
- Application description: wildcard-photos-nas.ovh
- Application key: xxxxxxxxxxxxxxxx (16)
- Application secret: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy (32)
- Consumer Key: zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz (32)
### Reverse Proxy
Au lieu d'accéder au service Gitea par https//nomdedomaine.fr:8148 (après avoir affecté le port 8148 sur le routeur), on y accède par https://gitea.nomdedomaine.fr sur le port 443
#### Sur le routeur:
on ouvre uniquement les ports:
- 443 et 80 (renouvellement du certificat)
- 42xxx pour le ssh du NAS
#### Chez OVH:
On crée un DynHost pour chaque sous-domaine.
| DynHost | Cible |
| :---------------------------- | ---------- |
| .photos-nas.ovh | IP livebox |
| drive.photos-nas.ovh | |
| ds923.photos-nas.ovh | IP livebox |
| files.photos-nas.ovh | IP livebox |
| gitea.photos-nas.ovh | IP livebox |
| home-assistant.photos-nas.ovh | IP livebox |
| homebridge.photos-nas.ovh | IP livebox |
| photos.photos-nas.ovh | IP livebox |
| portainer.photos-nas.ovh | |
| www.photos-nas.ovh | IP livebox |
| asus.photos-nas.ovh | |
| ds916.photos-nas.ovh | |
| tunes.photos-nas.ovh | IP livebox |
https://www.ovh.com/manager/#/web/zone/photos-nas.ovh/dynhost
#### Sur le NAS:
##### Date d'expiration d'un certifcat:
```bash
# openssl x509 -enddate -noout -in /usr/syno/etc/certificate/system/default/cert.pem
notAfter=Apr 12 18:53:43 2024 GMT
```
##### Réglage du pare-feu:
Ouvrir le port 80 lors du renouvellement:
```bash
#!/usr/bin/env bash
# ====================================================================================== #
# ===================== Script renew_cert_with_firewall_actions.sh ===================== #
# ====================================================================================== #
/usr/syno/bin/synofirewall --profile-set LetsEncrypt-renew && /usr/syno/bin/synofirewall --reload
/usr/syno/sbin/syno-letsencrypt renew-all
/usr/syno/bin/synofirewall --profile-set custom && /usr/syno/bin/synofirewall --reload
```
##### Portail des applications de DSM
#### Empêcher les moteurs de recherche d'indexer l'adresse DDNS
Réseau -> Connectivité -> Cocher Activer l'en-tête "server" dans les réponses HTTP
En-tête "server" personnalisé : noindex

159
docs/Synology/ports.md Normal file
View File

@@ -0,0 +1,159 @@
# Quels sont les ports réseau utilisés par les services DSM ?
### Utilitaires de configuration
| Type | Numéro de port | Protocole |
| ------------------ | ---------------- | --------- |
| Synology Assistant | 9999, 9998, 9997 | UDP |
### Sauvegarde
| Type | Numéro de port | Protocole |
| ------------------------------------------------------------ | ------------------------------------------------------------ | --------- |
| Active Backup for Business | 5510 (Synology NAS) [1](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-01) | TCP |
| 443 (vCenter Server et hôte ESXi), 902 (hôte ESXi), 445 (SMB pour l'hôte Hyper-V ), 5985 (HTTP pour l'hôte Hyper-V ), 5986 (HTTPS pour l'hôte Hyper-V ) | TCP | |
| Data Replicator, Data Replicator II, Data Replicator III | 9999, 9998, 9997, 137, 138, 139, 445 | TCP |
| DSM 5.2 Data Backup, rsync, Synchro du dossier partagé, Remote Time Backup | 873, 22 (si chiffré via SSH) | TCP |
| Hyper Backup (destination de sauvegarde) | 22 (rsync avec le chiffrement du transfert activé), 873 (rsync sans le chiffrement du transfert), 5005 (WebDAV), 5006 (WebDAV avec HTTPS) | TCP |
| Hyper Backup Vault pour DSM 7.0 et versions ultérieures | 6281, 5000 (HTTP), 5001 (HTTPS) | TCP |
| Hyper Backup Vault pour DSM 6.0 | 6281 | TCP |
| Sauvegarde du LUN | 3260 (iSCSI), 873, 22 (si chiffré via SSH) | TCP |
| Snapshot Replication | 5566 (LUN avancés et dossiers partagés) | TCP |
| 3261 (LUN avancés hérités) | TCP | |
### Télécharger
| Type | Numéro de port | Protocole |
| ----- | ------------------------------------------------------------ | --------- |
| BT | Pour DSM 2.0.1 ou une version ultérieure : 16881, Pour DSM 2.0.1-3.0401 ou une version antérieure : 6890-6999 | TCP/ UDP |
| eMule | 4662 | TCP |
| 4672 | UDP | |
### Applications Web
| Type | Numéro de port | Protocole |
| ---- | ------------------------- | --------- |
| DSM | 5000 (HTTP), 5001 (HTTPS) | TCP |
### Service de messagerie
| Type | Numéro de port | Protocole |
| ---------------- | -------------- | --------- |
| IMAP | 143 | TCP |
| IMAP sur SSL/TLS | 993 | TCP |
| POP3 | 110 | TCP |
| POP3 sur SSL/TLS | 995 | TCP |
| SMTP | 25 | TCP |
| SMTP-SSL | 465 | TCP |
| SMTP-TLS | 587 | TCP |
### Transfert de fichiers
| Type | Numéro de port | Protocole |
| ----------------------------- | ------------------------------------------------------------ | --------- |
| AFP | 548 | TCP |
| CIFS/ SMB | smbd : 139 (netbios-ssn), 445 (microsoft-ds) | TCP/ UDP |
| Nmbd : 137, 138 | UDP | |
| FTP, FTP sur SSL, FTP sur TLS | 21 (commande), 20 (connexion de données en mode actif), 1025-65535 (connexion de données en mode passif) [2](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-02) | TCP |
| iSCSI | 3260, 3263, 3265 | TCP |
| NFS | 111, 892, 2049 | TCP/ UDP |
| TFTP | 69 | UDP |
| WebDAV | 5005, 5006 (HTTPS) | TCP |
### Paquets
| Type | Numéro de port | Protocole |
| ------------------------------------------------------------ | ------------------------------------------------------------ | --------- |
| Audio Station | 1900 (UDP), 5000 (HTTP), 5001 (HTTPS), 5353 ( service Bonjour ), 6001-6010 (contrôle/synchronisation AirPlay) | TCP/ UDP |
| Serveur Edge C2 Identity | 389 (LDAP), 7712 (HTTP), 8864 | TCP |
| 53 | UDP | |
| Central Management System | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Cluster d' CIFS | 49152-49252 | TCP/ UDP |
| 17909, 17913, 19998, 24007, 24008, 24009-24045, 38465-38501, 4379 | TCP | |
| Cloud Station | 6690 | TCP |
| DHCP Server | 53, 67, 68 | TCP/ UDP |
| DNS Server | 53 (nommé) | TCP/ UDP |
| LDAP Server (anciennement connu sous le nom de Directory Server) | 389 (LDAP), 636 (LDAP avec SSL) | TCP |
| Download Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| File Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Hybrid Share | 50051 (catalogue), 443 (API), 4222 (NATS) | TCP |
| iTunes Server | 3689 | TCP |
| Centre des journaux (serveur syslog ) | 514 (un port supplémentaire peut être ajouté) | TCP/ UDP |
| Logitech® Media Server | 3483, 9002 | TCP |
| MailPlus Server | 1344, 4190, 5000 (HTTP), 5001 (HTTPS), 5252, 8500 - 8520, 8893, 9526 - 9529, 10025, 10465, 10587, 11211, 11332 - 11334, 12340, 24245, 24246 | TCP |
| Client Web MailPlus | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Mail Station | 80 (HTTP), 443 (HTTPS) | TCP |
| Serveur multimédia | 1900 (UPnP), 50001 (navigation du contenu), 50002 (diffusion du contenu) | TCP/ UDP |
| Migration Assistant | 7400-7499 (DRBD), 22 (SSH) [3](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-03) | DRBD |
| Note Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Photo Station, Web Station | 80 (HTTP), 443 (HTTPS) | TCP |
| Presto File Server | 3360, 3361 | TCP/ UDP |
| Serveur Proxy | 3128 | TCP |
| RADIUS Server | 1812, 18120 | UDP |
| SMI-S Provider | 5988 (HTTP), 5989 (HTTPS) | TCP |
| Surveillance Station | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Calendar | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology CardDAV Server | 8008 (HTTP), 8443 (HTTPS) | TCP |
| Synology Chat | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Contacts | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Directory Server | 88 (Kerberos), 389 (LDAP), 464 ( changement de mot de passe Kerberos ) | TCP/ UDP |
| 135 (RPC Endpoint Mapper), 636 (LDAP SSL), 1024 (RPC), 3268 (LDAP GC), 3269 (LDAP GC SSL), 49152 (RPC) [4](https://kb.synology.com/fr-fr/DSM/tutorial/What_network_ports_are_used_by_Synology_services#notes-04) , 49300-49320 (RPC) | TCP | |
| Synology Drive Server | 80 (partage de lien), 443 (partage de lien), 5000 (HTTP), 5001 (HTTPS), 6690 (synchronisation/sauvegarde de fichiers) | TCP |
| Synology High Availability (HA) | 123 (NTP), ICMP, 5000 (HTTP), 5001 (HTTPS), 1234, 9997, 9998, 9999 (Synology Assistant), 874, 5405, 5406, 7400-7999 (HA) | TCP/ UDP |
| Synology Moments | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Photos | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Video Station | 1900 (UDP), 5000 (HTTP), 5001 (HTTPS), 9025-9040, 5002, 5004, 65001 (pour utiliser le tuner réseau HDHomeRun) | TCP/ UDP |
| Virtual Machine Manager | 2379-2382 (réseau de cluster), ICMP, 3260-3265 (iSCSI), 5000 (HTTP), 5001 (HTTPS), 5566 (réplication), 16509, 16514, 30200-30300, 5900-5999 (QEMU), 2385 (Redis Server) | TCP |
| VPN Server (OpenVPN) | 1194 | UDP |
| VPN Server (PPTP) | 1723 | TCP |
| VPN Server (L2TP/IPSec) | 500, 1701, 4500 | UDP |
### Applications mobiles
| Type | Numéro de port | Protocole |
| ---------------- | ------------------------- | --------- |
| DS audio | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS cam | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS cloud | 6690 | TCP |
| DS file | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS finder | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS get | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS note | 5000 (HTTP), 5001 (HTTPS) | TCP |
| DS photo | 80(HTTP), 443 (HTTPS) | TCP |
| DS video | 5000 (HTTP), 5001 (HTTPS) | TCP |
| MailPlus | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Drive | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Moments | 5000 (HTTP), 5001 (HTTPS) | TCP |
| Synology Photos | 5000 (HTTP), 5001 (HTTPS) | TCP |
### Équipement périphérique
| Type | Numéro de port | Protocole |
| ---------------------------- | -------------- | --------- |
| Bonjour | 5353 | UDP |
| LPR | 515 | UDP |
| Imprimante réseau (IPP)/CUPS | 631 | TCP |
| Network MFP | 3240-3259 | TCP |
| UPS | 3493 | TCP |
### Système
| Type | Numéro de port | Protocole |
| ---------------------------- | ---------------- | --------- |
| LDAP | 389, 636 (SLAPD) | TCP |
| MySQL | 3306 | TCP |
| NTP | 123 | UDP |
| Moniteur de ressources/ SNMP | 161 | TCP/ UDP |
| SSH/SFTP | 22 | TCP |
| Telnet | 23 | TCP |
| WS-Discovery | 3702 | UDP |
| WS-Discovery | 5357 (Nginx) | TCP |
Remarques :
1. Pour la destination de sauvegarde des Synology NAS, Hyper-V ou des périphériques physiques Windows/Linux/macOS.
2. La plage par défaut varie en fonction de vos modèles de produits Synology.
3. Pour le service SSH qui s'exécute sur un port personnalisé, assurez-vous que le port est accessible.
4. Seul Synology Directory Server version 4.10.18-0300 nécessite le port 49152.