-
Notifications
You must be signed in to change notification settings - Fork 0
/
My-NAS.html
30 lines (30 loc) · 11.1 KB
/
My-NAS.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
<!DOCTYPE html><html lang="en"><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" name="viewport"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="black-translucent" name="apple-mobile-web-app-status-bar-style"><meta content="telephone=no" name="format-detection"><meta name="description" content=""><title>搭建个人NAS | 禅游人生</title><link rel="stylesheet" type="text/css" href="/css/style.css?v=1.0.0"><link rel="stylesheet" type="text/css" href="//lib.baomitu.com/normalize/latest/normalize.min.css"><link rel="stylesheet" type="text/css" href="//lib.baomitu.com/pure/latest/pure-min.min.css"><link rel="stylesheet" type="text/css" href="//lib.baomitu.com/pure/latest/grids-responsive-min.min.css"><link rel="stylesheet" href="//lib.baomitu.com/font-awesome/4.7.0/css/font-awesome.min.css"><script type="text/javascript" src="//lib.baomitu.com/jquery/latest/jquery.min.js"></script><link rel="icon" mask="" sizes="any" href="/favicon.ico"><link rel="Shortcut Icon" type="image/x-icon" href="/favicon.ico"><link rel="apple-touch-icon" href="/apple-touch-icon.png"><link rel="apple-touch-icon-precomposed" href="/apple-touch-icon.png"><script type="text/javascript" src="//lib.baomitu.com/clipboard.js/latest/clipboard.min.js"></script><script type="text/javascript" src="//lib.baomitu.com/toastr.js/latest/toastr.min.js"></script><link rel="stylesheet" href="//lib.baomitu.com/toastr.js/latest/toastr.min.css"><meta name="generator" content="Hexo 6.2.0"></head><body><div class="body_container"><div id="header"><div class="site-name"><h1 class="hidden">搭建个人NAS</h1><a id="logo" href="/.">禅游人生</a><p class="description">Life Of Zen Tour</p></div><div id="nav-menu"><a class="current" href="/."><i class="fa fa-home"> Home</i></a><a href="/archives/"><i class="fa fa-archive"> Archive</i></a><a href="/about/"><i class="fa fa-user"> About</i></a></div></div><div class="pure-g" id="layout"><div class="pure-u-1 pure-u-md-3-4"><div class="content_container"><div class="post"><h1 class="post-title">搭建个人NAS</h1><div class="post-meta">2023-05-28<span> | </span><span class="category"><a href="/categories/%E5%B7%A5%E5%85%B7/">工具</a></span></div><div class="post-content"><h2 id="序言"><a href="#序言" class="headerlink" title="序言"></a>序言</h2><p> 几年前自己买了一块RockPro64,想着自己搞个NAS用用。然而其实历史经验告诉我,自己动手能力其实挺一般的,之所以自己搞,主要还是因为穷吧,一个简简单单两盘位的群晖NAS最便宜也要接近1K RMB了。<br> 后来看了下就想着拿树莓派之类的SBC挂个硬盘得了,比来比去还是觉得RockPro64性价比更高,于是就下单了一组,包括SBC、NAS盒子、Wifi组件、风扇、CPU散热片。<br> 现在总结下来其实可能还是买现成的NAS更省钱,因为自己组建遇到的坑、花费的时间都远超过这点价差- -。Anyway,就当记录个历程吧,总结沉淀下。</p>
<h2 id="系统"><a href="#系统" class="headerlink" title="系统"></a>系统</h2><p> 最早最早我是直接给RK64刷的其实是OpenMediaVault,奈何总是用着不顺手(更多的是把它当服务器用,不如直接用Linux来得顺手),后来就换了Armbian一直到现在(不用Arch系还是因为当时自己菜,怕滚挂了搞不定)。</p>
<h2 id="服务"><a href="#服务" class="headerlink" title="服务"></a>服务</h2><p> 之前搭建过Synchting作文件同步、Radicale做CalDav(同步联系人、日历等)、calibre-server做在线图书管理和阅读、VaultWarden做密码管理软件。<br> 后来听闻大佬在用Owncloud,自己研究一翻后上了Nextcloud,替换掉了Syncthing和Radicale。后二者体验其实还是很丝滑的,尤其是是Syncthing,同步速度很快。用Nextcloud纯粹就是想统一管理吧。</p>
<h2 id="网络"><a href="#网络" class="headerlink" title="网络"></a>网络</h2><p> 架构好服务后,也就来到了网络设置篇,一句话描述就是:如何在外面访问家里的NAS。这可能是所有NAS玩家的基本需求了,但是还是要强调下,公网暴露NAS服务还是有风险的,需要审慎考量是否需要,尤其NAS上有私人敏感信息的情况下。</p>
<p> 经多了对Frp的多次配置尝试和长期使用后,感觉目前还是比较稳定的,家里是联通的网络,Frps是一台外网AWS,会二次过墙但还算稳定。<br> 一开始我是所有服务都走Frp暴露出去的,直到有一天突然想到自己的家目录是通过Samba挂在到Nextcloud上了,如果哪天Nextcloud有什么0day,是不是我家目录也不保了,里面虽然没啥但是有些信息还是比较敏感的。所以这类服务或者数据可能还是不适合公网开放,于是就又上了Wireguard组网。</p>
<h3 id="目前的网路布局大概如下"><a href="#目前的网路布局大概如下" class="headerlink" title="目前的网路布局大概如下"></a>目前的网路布局大概如下</h3><p> <img src="/assets/images/nas-network.png" alt="NAS Network"></p>
<h4 id="Wireguard"><a href="#Wireguard" class="headerlink" title="Wireguard"></a>Wireguard</h4><ul>
<li>UDP流量会被运营商QOS, 组网后ping几乎完全不通,需要包装或伪装为TCP。<br>a. AWS与NAS为Linux,用Udp2Raw即可。<br>b. Udp2Raw Android端也可以用,不过为了简便实用,可通过ClashMeta配置Wireguard dialer-proxy,先走VLESS建立TLS通道,然后在其中传递Wireguard流量(udp-over-tcp)。其他服务只要支持udp转发应该也可以。</li>
</ul>
<h4 id="Frp"><a href="#Frp" class="headerlink" title="Frp"></a>Frp</h4><ul>
<li>NAS与AWS之间使用mTLS,增强安全性</li>
<li>Frps放置在Nginx之后,通过一些访问路径区分是访问博客还是访问NAS服务。自我感觉比通过SNI分流后分别访问根路径要安全(多了一步校验)。缺点就是NAS服务都需要改为路径访问了,不过因为公网暴露服务不多,所以问题不大。</li>
</ul>
</div><div class="tags"><a href="/tags/Nextcloud"><i class="fa fa-tag">Nextcloud</i></a><a href="/tags/NAS"><i class="fa fa-tag">NAS</i></a></div><div class="post-nav"><a class="next" href="/In-Memory-Of-Haoel.html">In Memory of Haoel</a></div><div id="container"></div><link rel="stylesheet" type="text/css" href="//unpkg.com/gitalk/dist/gitalk.css"><script type="text/javascript" src="//cdn.bootcss.com/blueimp-md5/2.10.0/js/md5.js"></script><script type="text/javascript" src="//unpkg.com/gitalk/dist/gitalk.min.js"></script><script>var gitalk = new Gitalk({
clientID: 'ab484e60331c8693259f',
clientSecret: '8643754d5a120718722cea1c33200a2cf0c1b6bd',
repo: 'isr4z6er.github.io',
owner: 'isr4z6er',
admin: ['isr4z6er'],
id: md5(location.pathname),
distractionFreeMode: false
})
gitalk.render('container')
</script></div></div></div><div class="pure-u-1-4 hidden_mid_and_down"><div id="sidebar"><div class="widget"><div class="search-form"><input id="local-search-input" placeholder="Search" type="text" name="q" results="0"/><div id="local-search-result"></div></div></div><div class="widget"><div class="widget-title"><i class="fa fa-folder-o"> Categories</i></div><ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%A5%BD%E7%89%A9%E5%88%86%E4%BA%AB/">好物分享</a></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%B7%A5%E5%85%B7/">工具</a></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E5%BF%83%E6%83%85%E9%9A%8F%E7%AC%94/">心情随笔</a></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E6%88%91%E4%B8%8D%E6%98%AF%E5%90%83%E8%B4%A7/">我不是吃货</a></li><li class="category-list-item"><a class="category-list-link" href="/categories/%E9%9A%8F%E6%83%B3/">随想</a></li></ul></div><div class="widget"><div class="widget-title"><i class="fa fa-star-o"> Tags</i></div><div class="tagcloud"><a href="/tags/Nextcloud/" style="font-size: 15px;">Nextcloud</a> <a href="/tags/NAS/" style="font-size: 15px;">NAS</a></div></div><div class="widget"><div class="widget-title"><i class="fa fa-file-o"> Recent</i></div><ul class="post-list"><li class="post-list-item"><a class="post-list-link" href="/My-NAS.html">搭建个人NAS</a></li><li class="post-list-item"><a class="post-list-link" href="/In-Memory-Of-Haoel.html">In Memory of Haoel</a></li><li class="post-list-item"><a class="post-list-link" href="/tweets-202211.html">📝Tweets-202211</a></li><li class="post-list-item"><a class="post-list-link" href="/%E4%B8%BASSH%E7%99%BB%E9%99%86%E5%BC%80%E5%90%AF%E9%82%AE%E4%BB%B6%E6%8F%90%E9%86%92%E9%80%9A%E7%9F%A5.html">🧑💻为SSH登陆开启邮件提醒通知</a></li><li class="post-list-item"><a class="post-list-link" href="/%E7%82%92%E8%8A%B1%E8%9B%A4%E6%8A%80%E5%B7%A7.html">🍜炒花蛤技巧</a></li><li class="post-list-item"><a class="post-list-link" href="/Mac%E8%87%AA%E7%94%A8%E8%BD%AF%E4%BB%B6%E9%9B%86%E9%94%A6.html">🧑💻Mac自用软件集锦</a></li><li class="post-list-item"><a class="post-list-link" href="/%E6%B8%85%E7%A9%BA.html">📝清空</a></li><li class="post-list-item"><a class="post-list-link" href="/All-Refreshed.html">📝All Refreshed</a></li><li class="post-list-item"><a class="post-list-link" href="/stable%20is%20everything.html">2️⃣stable is everything</a></li><li class="post-list-item"><a class="post-list-link" href="/ssh%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C.html">🧑💻ssh常用操作</a></li></ul></div><div class="widget"><div class="widget-title"><i class="fa fa-external-link"> Links</i></div><ul></ul><a href="http://loztone.top/" title="loztone.top" target="_blank">loztone.top</a></div></div></div><div class="pure-u-1 pure-u-md-3-4"><div id="footer">Copyright © 2024 <a href="/." rel="nofollow">禅游人生.</a> Powered by<a rel="nofollow" target="_blank" href="https://hexo.io"> Hexo.</a><a rel="nofollow" target="_blank" href="https://github.com/tufu9441/maupassant-hexo"> Theme</a> by<a rel="nofollow" target="_blank" href="https://github.com/pagecho"> Cho.</a></div></div></div><a class="show" id="rocket" href="#top"></a><script type="text/javascript" src="/js/totop.js?v=1.0.0" async></script><script type="text/javascript" src="//lib.baomitu.com/fancybox/latest/jquery.fancybox.min.js" async></script><script type="text/javascript" src="/js/fancybox.js?v=1.0.0" async></script><link rel="stylesheet" type="text/css" href="//lib.baomitu.com/fancybox/latest/jquery.fancybox.min.css"><link rel="stylesheet" type="text/css" href="/css/search.css?v=1.0.0"><script type="text/javascript" src="/js/search.js?v=1.0.0"></script><script>var search_path = 'search.xml';
if (search_path.length == 0) {
search_path = 'search.xml';
}
var path = '/' + search_path;
searchFunc(path, 'local-search-input', 'local-search-result');
</script><script type="text/javascript" src="/js/copycode.js?v=1.0.0" successtext="Copy Successed!"></script><link rel="stylesheet" type="text/css" href="/css/copycode.css?v=1.0.0"><script type="text/javascript" src="/js/codeblock-resizer.js?v=1.0.0"></script><script type="text/javascript" src="/js/smartresize.js?v=1.0.0"></script></div></body></html>