how to change webserver settings for NAS 540

seemann1980
seemann1980 Posts: 3  Freshman Member
edited September 2019 in Personal Cloud Storage
the basic setting when entering the NAS540 via http (port 80) is that the address is routed to "/r51161,/desktop,/index.html" which is originally stored in "/usr/local/apache/htdocs/desktop,/" when i try to access this folder with root login via terminal (SSH/TELNET), I have no access to add/change files in the folder. It says "read-only file system". 

Is there any solution to gain write access to the "/usr/local/apache/htdocs/" folder? and/or to redirect/set the document root to another directory? 

All httpd configuration files are stored in "/etc/service_conf". But every time I edit the httpd_conf for example, the changes are reset/overwritten with the next reboot of the NAS.

My main reason to gain access is that I would like to install a CA signed certificate for SSL. For this I need to create a directory and place a file in my webserver root directory which is currenty 
"/usr/local/apache/htdocs/desktop,/".

Any idea to solve this?


#NAS_Sep_2019

All Replies

  • Mel
    Mel Posts: 83  Ally Member
    I think this is design limitation on NAS540.
  • seemann1980
    seemann1980 Posts: 3  Freshman Member
    Maybe. But why is there the Option to install CA signed certificates but no way to verify ownership for correct Installation of the certificate?
  • Mijzelf
    Mijzelf Posts: 1,717  Guru Member
    It is possible to put files in /usr/local/apache/htdocs/desktop,/ , but it's not intended, and so a bit cumbersome.
    I know 3 ways.
    1) Download the firmware sources, modify them and build your own firmware
    2) Copy the content of /usr/local/apache/htdocs/desktop,/ elsewhere, on a share, and add your files. Finally bindmount the directory on /usr/local/apache/htdocs/desktop, :
    mount --bind /path/to/copy/of/desktop, /usr/local/apache/htdocs/desktop,
    That bindmount will not survive a reboot, and will have to be repeated after each boot.
    3) The raid array md0 is mounted (read only) on /firmware/mnt/sysdisk, and contains a single file sysdisk.img. This file is an ext2 filesystem, which is mounted on /ram_bin, and partly bindmounted on /usr. This file is checksummed, and checked (and eventually replaced) on boot. When you create a file /firmware/mnt/sysdisk/mount.sda1.rw.flag, md0 will be mounted rw, and the checksum of sysdisk.img will not be checked. So this opens the possibility to change the /usr directory in a way which survives a reboot.
    So
    <div>mount -o remount,rw /dev/md0</div><div>touch /firmware/mnt/sysdisk/mount.sda1.rw.flag</div><div>mount -o remount,rw /ram_bin<br></div><div></div>
    And now you should be able to edit your web root. The edit will survive a reboot, but /ram_bin will be read only again after reboot. So further edits needs you to remount it again.

    When you upgrade the firmware (if ever) you ll have to remove the mount.sda1.rw.flag before upgrading. The checksum check is a part of the upgrade mechanism.

    Editing /etc/service_conf/ is a different cake. This file is inside a ramdisk which is stored in the kernel. So without rebuilding your own kernel it's not possible to permanently store changes. However, you can create a script which adds your changes on boot. One of the ways to get that script run is to install RandomTools, which will execute all scripts in /i-data/sysvol/.PKG/RandomTools/etc/custom_startscripts/. To install RandomTools you'll have to install MetaRepository first.







  • seemann1980
    seemann1980 Posts: 3  Freshman Member
    thanks a lot. But this only partly works…. I can add my file now, but once entering the url:  
    http://m30vuqof5bv9qthk.myfritz.net/.well-known/pki-validation/fileauth.txt
    it automaticly Redirects to "http://m30vuqof5bv9qthk.myfritz.net/r51161,/desktop,/index.html". Any Chance to stop this? or temporarly turn off the Redirect? 
    I thinks it is coming from httpd.conf in /etc/service_conf/

    DirectoryIndex index.html index.htm
    AuthZyxelRedirect /r51161,/desktop,/login.html
    AuthZyxelSkipPattern /favicon.ico /adv,/cgi-bin/weblogin.cgi /desktop,/cgi-bin/weblogin.cgi /desktop,/cgi-bin/file_download.cgi /desktop,/cgi-bin/dlnotify /desktop,/login.html /desktop,/res/ /desktop,/css/ /desktop,/utility/flag.js /MyWeb/ /register_main/setCookie /playzone,/mobile_login.html /playzone,/mobile/sencha/ /playzone,/mobile/images/ /playzone,/images/
    AuthZyxelSkipUserPattern /playzone,/ /cmd,/ /DMS,/ /adv,/cgi-bin/ /desktop,/cgi-bin/ /desktop,/


  • Mijzelf
    Mijzelf Posts: 1,717  Guru Member
    I think the redirection will be gone when adding /.well-known/  to AuthZyxelSkipPattern

    But if this is about let's encrypt or a similar service, I think you'll also have to add it to AuthZyxelSkipUserPattern, to suppress the login.