how to change webserver settings for NAS 540
Options
seemann1980
Posts: 3 
Freshman Member
Freshman Member
the basic setting when entering the NAS540 via http (port 80) is that the address is routed to "/r51161,/desktop,/index.html" which is originally stored in "/usr/local/apache/htdocs/desktop,/" when i try to access this folder with root login via terminal (SSH/TELNET), I have no access to add/change files in the folder. It says "read-only file system".
Is there any solution to gain write access to the "/usr/local/apache/htdocs/" folder? and/or to redirect/set the document root to another directory?
All httpd configuration files are stored in "/etc/service_conf". But every time I edit the httpd_conf for example, the changes are reset/overwritten with the next reboot of the NAS.
My main reason to gain access is that I would like to install a CA signed certificate for SSL. For this I need to create a directory and place a file in my webserver root directory which is currenty
"/usr/local/apache/htdocs/desktop,/".
Any idea to solve this?
#NAS_Sep_2019
Is there any solution to gain write access to the "/usr/local/apache/htdocs/" folder? and/or to redirect/set the document root to another directory?
All httpd configuration files are stored in "/etc/service_conf". But every time I edit the httpd_conf for example, the changes are reset/overwritten with the next reboot of the NAS.
My main reason to gain access is that I would like to install a CA signed certificate for SSL. For this I need to create a directory and place a file in my webserver root directory which is currenty
"/usr/local/apache/htdocs/desktop,/".
Any idea to solve this?
#NAS_Sep_2019
0
All Replies
-
I think this is design limitation on NAS540.0
-
Maybe. But why is there the Option to install CA signed certificates but no way to verify ownership for correct Installation of the certificate?0
-
It is possible to put files in /usr/local/apache/htdocs/desktop,/ , but it's not intended, and so a bit cumbersome.I know 3 ways.1) Download the firmware sources, modify them and build your own firmware2) Copy the content of /usr/local/apache/htdocs/desktop,/ elsewhere, on a share, and add your files. Finally bindmount the directory on /usr/local/apache/htdocs/desktop, :
mount --bind /path/to/copy/of/desktop, /usr/local/apache/htdocs/desktop,
That bindmount will not survive a reboot, and will have to be repeated after each boot.3) The raid array md0 is mounted (read only) on /firmware/mnt/sysdisk, and contains a single file sysdisk.img. This file is an ext2 filesystem, which is mounted on /ram_bin, and partly bindmounted on /usr. This file is checksummed, and checked (and eventually replaced) on boot. When you create a file /firmware/mnt/sysdisk/mount.sda1.rw.flag, md0 will be mounted rw, and the checksum of sysdisk.img will not be checked. So this opens the possibility to change the /usr directory in a way which survives a reboot.So<div>mount -o remount,rw /dev/md0</div><div>touch /firmware/mnt/sysdisk/mount.sda1.rw.flag</div><div>mount -o remount,rw /ram_bin<br></div><div></div>
And now you should be able to edit your web root. The edit will survive a reboot, but /ram_bin will be read only again after reboot. So further edits needs you to remount it again.When you upgrade the firmware (if ever) you ll have to remove the mount.sda1.rw.flag before upgrading. The checksum check is a part of the upgrade mechanism.Editing /etc/service_conf/ is a different cake. This file is inside a ramdisk which is stored in the kernel. So without rebuilding your own kernel it's not possible to permanently store changes. However, you can create a script which adds your changes on boot. One of the ways to get that script run is to install RandomTools, which will execute all scripts in /i-data/sysvol/.PKG/RandomTools/etc/custom_startscripts/. To install RandomTools you'll have to install MetaRepository first.
0 -
thanks a lot. But this only partly works…. I can add my file now, but once entering the url:
http://m30vuqof5bv9qthk.myfritz.net/.well-known/pki-validation/fileauth.txt
it automaticly Redirects to "http://m30vuqof5bv9qthk.myfritz.net/r51161,/desktop,/index.html". Any Chance to stop this? or temporarly turn off the Redirect?
I thinks it is coming from httpd.conf in /etc/service_conf/
DirectoryIndex index.html index.htmAuthZyxelRedirect /r51161,/desktop,/login.html
AuthZyxelSkipPattern /favicon.ico /adv,/cgi-bin/weblogin.cgi /desktop,/cgi-bin/weblogin.cgi /desktop,/cgi-bin/file_download.cgi /desktop,/cgi-bin/dlnotify /desktop,/login.html /desktop,/res/ /desktop,/css/ /desktop,/utility/flag.js /MyWeb/ /register_main/setCookie /playzone,/mobile_login.html /playzone,/mobile/sencha/ /playzone,/mobile/images/ /playzone,/images/
AuthZyxelSkipUserPattern /playzone,/ /cmd,/ /DMS,/ /adv,/cgi-bin/ /desktop,/cgi-bin/ /desktop,/0 -
I think the redirection will be gone when adding /.well-known/ to AuthZyxelSkipPatternBut if this is about let's encrypt or a similar service, I think you'll also have to add it to AuthZyxelSkipUserPattern, to suppress the login.
0
Ally Member
Guru Member
Categories
- All Categories
- 390 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
