Secure NAS
What is it?
This is the complete configuration for a Linux-based multiservice secure server that you can create yourself.
Features
- A totally open source solution.
-
Big hardware selection guide and "concurrents" description. On 2018.
-
Debian-based.
-
ZFS is the only filesystem that is used. Root and boot on ZFS mirror.
- Full-disk encryption with a native LUKS.
- Protection against reboot. Lightweight SSH server integrated in initramfs. You can decrypt disks remotely.
- All services communicate with user via HTTPS, even if the service does not explicitly support HTTPS.
- HTTPS with a regular certificate signed by Let's Encrypt.
- Certificate auto renewal.
- One certificate for all services using reverse proxy.
- Public-available services with CloudNS.
- Docker-isolation between services and between services and host.
- Most services are well-tested and stable from Linuxserver.io initiative.
- Multiuser with one authorization provider.
- LDAP as an authorization provider.
- Service can use LDAP authorization even if it doesn't support LDAP native.
- Integration between services. I.e. the media search service can use the torrent downloader to download movie.
- Some services were patched by the author for integration with others (i.e. Nextcloud was patched for use inside iframe Organizr).
And much more...
Subsystems
NAS control
OpenMediaVault installed as a package.
Backup
Multiagent backup service.
Implemented using UrBackup.
Cloud
Implemented using:
Download subsystem
- Searchers:
- Downloaders:
- Utilities:
Version control system
Implemented using GitLab.
Books library
- Database with automatic synchronization, based on patched Calibre. Only console. No user interaction required.
-
Calibre-web as a web-interface.
This service has an independent repository here.
Media system
Implemented using Emby
LDAP server
Frontend
Organizr.
Alternatives
You can find here another services, such as SeaFile, but I don't use and support them inside NAS.
Note
This is a part of my article series on building secure NAS.
You can see a copy of the documentation in the docs directory.