Complete Guide: How to Set Up a NAS with Ubuntu Server
Gordon Data
Empowering Businesses with Data | Data Architecture & Business Intelligence Solutions, Full-Stack Development | Maximizing Data Potential & Boosting Operational Efficiency
I bought a Network Attached Storage (NAS) device to free my development computers from a lot of attached disks, and to host my websites in-house.
The NAS is TerraMaster F4-423, equipped with an Intel Celeron Quad-Core N5095 @ 2.00GHz and 4GB of DDR4 RAM.
Hardware Upgrading
I upgraded the NAS by extending its RAM to 20 GB with DDR4 RAM (TED416G3200C22), adding a 1 TB M.2 2280 NVMe SSD (CT1000P3SSD8), and installing two 16TB HDDs (ST16000NM000J) to set up a RAID.
1, Lay the NAS face down, remove the 6 screws, gently take off the fan panel, disconnect the fan cable, and then slide the enclosure off.
2, Insert the RAM into the slot and press it down until the side clips snap in place.
3, Remove the screw from the SSD mount on the motherboard, insert SSD, and then tighten the screw back into the mount.
4, If installing a 3.5" HDD: Take out the HDD tray, detach the plastic fillers from both sides, place the HDD in the tray with the SATA interface facing outward, align the four side holes on disk with the four side holes on the tray, and then put the fillers back.
5, If installing a 2.5" HDD: Take out the HDD tray, detach the lower plastic filler, place the HDD in the tray with the SATA interface facing outward, align the three face holes on the disk with the three face holes on the tray, and tighten three screws to secure the HDD to the tray.
BIOS Update
1, Extract Bios_T1509BG0.zip and copy all the files to the root directory of a FAT32 USB stick.
2, Connect the NAS to a monitor via the HDMI port, plug a keyboard into one USB port, and insert the USB stick into the other USB port.
3, Turn on the NAS and repeatedly tap the Esc key to enter the BIOS settings page.
4, Navigate to Boot > Boot Option #1 and select [USB Device]. Then enter UEFI USB Drive BBS Priorities and set Boot Option #1 to the FAT32 USB stick. Go to the Fast menu, disable TOS Boot First. Save the changes, and exit BIOS to reboot the NAS
5, Once we see "FPT Operation Successful", turn off the NAS, remove the FAT32 USB stick, and deleted all files in the root directory except for the two subdirectories.
6, Reboot the NAS with the FAT32 USB stick inserted to access the shell interface, then run the following commands.
fs0:
cd DmiEditEfi64
AMIDEEFIx64.EFI /SP 000-F4423-NT140-0001
OS Installation
The NAS comes with TOS (TerraMaster Operating System). Due to limitations in downloading community apps and a preference for more flexibility, I decided to install a different operating system. After researching, I found TrueNAS to be too resource-intensive, UnRAID and QNAP to be paid options, and OpenMediaVault to be open source but limited in customisation. I ultimately chose Ubuntu 22.04.4 LTS, which has standard support until Apr 2027.
1, Flash the Ubuntu Server 22.04.4 LTS?ISO onto a USB drive.
2, In the BIOS, go to Boot > Boot Option #1 and select [USB Device]. Enter UEFI USB Drive BBS Priorities and set Boot Option #1 to the USB stick with the Ubuntu Server ISO. Save the changes and exit to reboot the NAS and start the installation.
3, During installation, choose the language, keyboard layout, customize the partition to install Ubuntu Server on the NVMe SSD / in btrfs format, configure the username and password, skip the upgrade to pro, and check the option to install the OpenSSH server. Once the installation is complete, reboot.
4, When rebooting, go back into the BIOS and select Boot > Boot Option #1 [NVME]. Enter UEFI NVME Drive BBS Priorities and set Boot Option #1 to the CT1000P3SSD8 SSD. Save the changes and exit to reboot the NAS.
5, Finally, upgrade the installed Ubuntu Server on the NAS
sudo apt update
sudo apt list --upgradable
sudo apt upgrade
sudo apt autoremove
Remote Access
ssh
1, As mentioned earlier, I have installed the OpenSSH server during the OS installation. If not, we can install it manually and start the service.
sudo apt install openssh
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
2, Find the NAS's IP address and MAC address.
sudo apt install net-tools
ifconfig
3, Now, in Windows, we can remotely log in to the NAS using putty.
4, Ideally, we should reserve an IP address for the NAS to ensure consistent remote access: Sign in to our modem/router, go to Advanced > Network > LAN Settings > Address Reservation, and add an entry with the MAC address and a reserved IP.
xrdp
With putty, we can only log in to the NAS in terminal mode. To access the NAS in graphical mode, we will need to install xrdp.
1, Install xrdp on the NAS
sudo apt install xrdp
sudo systemctl start xrdp
2, Install a graphical desktop environment
Popular desktop environments in Linux include GNOME, Cinnamon, MATE, KDE, Xfce, and LXQT. etc. Among them, Xfce is a good choice as it is lightweight, fast, and low on system resources.
sudo apt install xubuntu-desktop
# when prompted to choose a display manager, select lightDM
echo "startxfce4" > ~/.xsession
sudo vi /etc/xrdp/startwm.sh
unset DBUS_SESSION_BUS_ADDRESS
unset XDG_RUNTIME_DIR
exec startxfce4
sudo systemctl restart xrdp
3, Now, in Windows, we can remotely access to the NAS use mstsc (Remote Desktop Connection)
File Storage and Sharing
fdisk, mkfs
1, We can use lsblk to list storage devices such as SSDs, HDDs, USB sticks etc.
2, To create partitions, use fdisk (or gdisk if the storage is 2TB or larger, or if we need to create more than four partitions).
3, After creating file system with mkfs, and mounting the partition into a directory, we can start to changing access permission, creating directory, and so on.
lsblk
sudo fdisk /dev/nvme0n1
sudo gdisk /dev/nvme0n1
sudo mkfs.btrfs /dev/nvme0n1p3
sudo mkdir -p /mnt/btrfs_nvme_830g
sudo mount /dev/nvme0n1p3 /mnt/btrfs_nvme_830g
cd /mnt/btrfs_nvme_830g
sudo chmod 777 .
mkdir VirtualBoxVMs
samba
1, We can use samba to share file storage with Windows clients. To do this, we can use testparm to validate the smb.conf file and smbpasswd to set up passwords.
2, To ensure that the samba share remains accessible after the NAS restarts, edit /etc/fstab to mount the storage automatically. For greater reliability, mount the file storage by UUID instead of by name, as the name can change if the HDD tray is placed in a different slot. We can find the UUID using the blkid command.
sudo apt install samba
sudo vi /etc/samba/smb.conf
[btrfs_nvme_830g]
path = /mnt/btrfs_nvme_830g
read only = No
valid users = gordon
testparm
sudo smbpasswd -a gordon
sudo systemctl restart smbd
blkid
sudo vi /etc/fstab
#/dev/nvme0n1p3 /mnt/btrfs_nvme_830g btrfs defaults 0 0
/dev/disk/by-uuid/901f4932-ca8b-4e1b-9ced-46f51d6c4efe /mnt/btrfs_nvme_830g btrfs defaults 0 0
4, Now, in Windows, the NAS shared folder btrfs_nvme_830g should be accessible, allowing us to copy, for example, existing VirtualBox virtual machine files into it.
Virtualization
1, One virtualization solution is Oracle VirtualBox. It can be directly installed using apt install, and launched with a graphical user interface in the Ubuntu desktop environment (e.g., through Remote Desktop Connection). We can start the existing virtual machine with vboxmanage.
2, However, the version installed by default is 6.1, which may cause a "Guru Meditation" error: "A critical error has occurred while running the virtual machine and the machine execution has been stopped." A better solution is to install version 7.0 instead.
2.1, Remove the current package, purge the configuration files, and auto-remove dependencies.
2.2, Add the VirtualBox package URL to apt repository and download the GPG key for package signing.
2.3, Install virtualbox-7.0
2.4, Optional: we can create a service to start the virtual machine automatically when the NAS starts.
sudo apt install virtualbox
virtualbox
/usr/bin/vboxmanage startvm "en-us_windows_10_enterprise_ltsc_2021_x64_dvd_d289cf96" --type headless
sudo apt remove --purge --auto-remove virtualbox virtualbox
echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian $(lsb_release -sc) contrib" | sudo tee /etc/apt/sources.list.d/virtualbox.list
sudo apt install gnupg2
wget -qO- https://www.virtualbox.org/download/oracle_vbox_2016.asc | sudo gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/virtualbox.gpg
sudo apt update
sudo apt install virtualbox-7.0
sudo vi /etc/systemd/system/vboxvm.service
[Unit]
Description=VirtualBox VM autostart
After=network.target
[Service]
User=gordon
Group=gordon
ExecStart=/usr/bin/VBoxManage startvm "en-us_windows_10_enterprise_ltsc_2021_x64_dvd_d289cf96" --type headless
ExecStop=/usr/bin/VBoxManage controlvm "en-us_windows_10_enterprise_ltsc_2021_x64_dvd_d289cf96" acpipowerbutton
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl enable vboxvm
sudo systemctl start vboxvm
sudo systemctl status vboxvm
sudo journalctl --unit=vboxvm
RAID Support
To store important files, we can set up a Redundant Array of Independent Disks (RAID) for data redundancy, which improves both data security and read performance. To do this, install mdadm, and then create the RAID and file system.
Similar to editing /etc/fstab, for greater reliability, it is recommended to create RAID using partition UUIDs (PARTUUID) instead of name, as the name can change if the HDD tray is placed in a different slot. The PARTUUID can be found using the blkid command.
I chose NTFS file format here to overcome Unicode filename length limit: NTFS allows for 255 UTF-16 code units, while ext4 and Btrfs have a limit of 255 UTF-8 code units. Since UTF-8 requires more bytes than UTF-16 to encode the same number of Chinese characters and emojis, a file name that fits within the NTFS limit might be too long for ext4 and Btrfs.
sudo apt-get install mdadm gparted
# sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdc1
blkid
sudo mdadm --create /dev/md0 --level=1 --raid-devices=2 --uuid=f368dfec-e65d-b04e-9843-6e3b01a3450d --uuid=7eb564e9-cd2b-4db1-a75c-72e93b73fa5c
sudo mdadm --detail /dev/md0
sudo mkfs.ntfs /dev/md0
And of course, we can configure auto-mount and file sharing for the RAID as well.
sudo vi /etc/fstab
#/dev/md0 /mnt/ntfs_raid_14dot6t ntfs defaults 0 0
/dev/disk/by-uuid/1C6AE0921EBE2E8F /mnt/ntfs_raid_14dot6t ntfs defaults 0 0
sudo vi /etc/samba/smb.conf
[ntfs_raid_14dot6t]
path = /mnt/ntfs_raid_14dot6t
read only = yes
valid users = gordon
File Synchronization
Rsync is a utility for synchronizing files between a computer and a storage drive, as well as across networked computers, by comparing the modification times and sizes of files.
Timeshift, which will be covered in a few sections below, provide functionality similar to the System Restore feature in Windows and the Time Machine tool in macOS.
领英推荐
However, timeshift does not work well with the latest version of rsync.
1, Install rsync version 3.2.3-8, which has been proven to work well with timeshift, and hold back the package to prevent updates.
2, Insert a USB stick and mount it.
3, If needed, use sudo du to check the size of files or folders and sudo df to check disk space availability.
4, Use rsycn to synchronize the USB stick's content to the RAID array.
5, Eject the USB stick.
6, If not already installed, install CIFS to access Windows shared folders, and mount the shared folder.
7, Use rsync to synchronise the Windows shared folder's content to the RAID array.
sudo apt-get install rsync=3.2.3-8ubuntu3
sudo apt-mark hold rsync
sudo mount /dev/sdf1 /mnt/usb
sudo du -h -chd 1 /mnt/usb/
sudo df -h /mnt/ntfs_raid_14dot6t/
rsync -ahrn --info=progress2 /mnt/usb/ /mnt/ntfs_raid_14dot6t/Q
# -a: archive mode (preserves permissions, timestamps, symbolic links, etc.)
# -h: human-readable output (makes file sizes easier to read)
# -r: recursive
# -n: trial run with no changes made
rsync -ahr --info=progress2 /mnt/usb/ /mnt/ntfs_raid_14dot6t/E_3t6_Media/
sudo eject /dev/sdf1
sudo apt install cifs-utils
sudo mount -t cifs //192.168.1.8/X /mnt/winshare -o username=Gordon
rsync -ahr --info=progress2 /mnt/winshare/ /mnt/ntfs_raid_14dot6t/L_447g1_Opti/Lubuntu/
Media Streaming
Jellyfin is a free and open-source media server for managing and streaming media. With a large array of official and third-party clients, Jellyfin is available on most popular platforms. "Your media is ready to follow you, wherever you go." Jellyfin can also serve media to DLNA and Chromecast-enabled devices.
1, Install apt-transport-https to enable the use of repositories accessed via the HTTPS protocol.
2, Add the Jellyfin package URL to apt repository and download the GPG key for package signing.
3, Install Jellyfin
4, In a browser, navigate to http://<jellyfin_server_ip_address>:8096/web/#/wizardstart.html to start configuring Jellyfin
sudo apt install apt-transport-https
echo "deb [arch=$( dpkg --print-architecture )] https://repo.jellyfin.org/ubuntu $( lsb_release -c -s ) main" | sudo tee /etc/apt/sources.list.d/jellyfin.list
wget -O - https://repo.jellyfin.org/ubuntu/jellyfin_team.gpg.key | sudo apt-key add -
sudo apt update
sudo apt install jellyfin
Security Features
ufw
Uncomplicated Firewall(UFW) is installed by default on Ubuntu Server 22.04.4 LTS, but it is not enabled by default.
1, We can use ufw status to list the currently allowed ports.
2, Typically, we might want to enable the following ports: 22 for SSH, 3389 for xrdp, 80 for HTTP, 443 for HTTPS, 8920/tcp for Jellyfin, 10000/tcp for webadmin (which will be covered in a few sections below), 137,138/udp and 139,445/tcp for samba.
sudo ufw status verbose
sudo ufw allow 22,3389/tcp
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 8920/tcp
sudo ufw allow 10000/tcp
sudo ufw allow 137,138/udp
sudo ufw allow 139,445/tcp
sudo ufw enable
sudo ufw status verbose
ssl
HTTP websites are insecure. Malicious gateway and firewall might exploit their vulnerabilities, for example, by hijacking the websites and injecting code to launch DDoS attack. For websites in production, it is essential to enable HTTPS.
We can run Certbot to automatically obtain free HTTPS certificates, ensuring that the website remains secure indefinitely.
1, Install certbot
2, Sign in to our modem/router, go to Advanced > NAT Forwarding > Virtual Servers, and add an entry to allow external access to the NAS' port 80
3, Sign in to our DNS provider (for example, noip.com, cloudflare.com ), configure DNS record to map the hostname to our public IP address, which can found by visiting whatismyipaddress.com
4, Request the SSL certificate. If completed successfully, the certificates will be generated in /etc/letsencrypt/live/
5, Apply the certificate, for example, to Jellyfin:
5.1, Install nginx and the nginx plugin for certbot.
5.2, Create a configuration file for the Jellyfin site.
5.3, Enable and test the nginx configuration, and reload the service.
5.4, Now, in a browser, navigate to https://<jellyfin_server_hostname>:8920/ to access Jellyfin.
sudo apt install certbot
sudo certbot certonly --standalone --preferred-challenges http -d gordonjhchen.ddns.net
sudo apt install nginx python3-certbot-nginx
sudo vi /etc/nginx/sites-available/jellyfin
server {
listen 8920 ssl;
server_name gordonjhchen.ddns.net;
ssl_certificate /etc/letsencrypt/live/gordonjhchen.ddns.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gordonjhchen.ddns.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass https://localhost:8096;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# sudo rm /etc/nginx/sites-enabled/default
sudo ln -s /etc/nginx/sites-available/jellyfin /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
Surveillance Camera
Ubuntu Server is well-suited for monitoring security cameras. Motion is an open-source surveillance program that detects motion and monitors footage for movement.
1, Install v4l-utils to retrieve video device parameters.
2, Install motion and edit the motion.conf file to configure the settings.
3, Enable and start the motion service. Check the service status and review any errors if encountered.
sudo apt install v4l-utils
sudo v4l2-ctl --list-devices
sudo v4l2-ctl -d /dev/video0 --list-formats-ext
sudo apt install motion
sudo vi /etc/motion/motion.conf
target_dir /mnt/ntfs_1t4/Users/Gordon/Videos/motion
vid_control_params v4l2_palette=8
netcam_url v4l2:///dev/video0
width 1280
height 720
threshold 5500
threshold_maximum 25000
threshold_tune on
on_movie_end wput ftp://pc:[email protected]:4607/device/DCIM/motion/ %f
movie_filename %Y%m%d-%H%M%S-%t-%v
stream_localhost off
sudo systemctl enable motion
sudo systemctl start motion
sudo systemctl status motion
sudo journalctl -u motion
more /var/log/motion/motion.log
Monitoring and Management Tools
webmin
Webmin is a web-based system administration tool for Ubuntu Server. It allows us to monitor system information including CPU temperature and usage, memory usage, drive temperature and disk space, disk I/O, network I/O and processes. We can even execute terminal commands through the web interface.
1, Download a script to configure apt repositories.
2, Install webmin.
3, In a browser, navigate to http://<webmin_server_ip_address>:10000/ to access webmin.
4, In the web interface, go to Webmin > Webmin Configuration > SSL Encryption, then input the Private key file and Certificate file, and click Save.
5, Now, in a browser, navigate to https://<webmin_server_hostname>:10000/ to access webmin securely.
curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
sudo sh setup-repos.sh
sudo apt-get install webmin
raid-sleep
The NAS is intended to run 24/7 throughout the year. It is good practice to put the hard disks into standby mode when they are idle for extended periods, as this can save power and prolong the disks' life expectancy.
1, Remote Desktop Connection to the NAS, go to Applications > Settings > Disks. Choose a disk, click the vertical ... next to the minimize window button, click Drive Settings. In the Standby tab, enable Standby Timeout Settings and set the Enter Standby After to 15 minutes. In the APM tab, choose Spindown.
2, Some disk brands do not support such settings. In this case, we might need to use hd-idle. However, the raid-sleep script has proven to be a reliable solution, even for RAID.
2.1, Download the raid-sleep release package and decompress it.
2.2, Use find /dev/disk/by-id to identify the disk IDs.
2.3, Edit raid-sleep.conf file to input the disk IDs and set timeout to 900 seconds (15 minutes).
2.4, After 15 minutes, use hdparm to check whether the disks are in standby mode.
2.5, Sometimes, disks may be unexpectedly woken up. We can use sudo lsof | grep to check which process is responsible for the waking-up, sudo smbstatus to identify which client if the process is smbd, and use sudo systemctl to stop and disable certain services if necessary.
wget https://github.com/thomask77/raid-sleep/archive/refs/tags/v1.1.0.tar.gz
tar -xvzf ~/v1.1.0.tar.gz
lsblk -I 8 |awk 'NR==1{print $0" DEVICE-ID(S)"}NR>1{dev=$1;gsub("[^[:alnum:]]","",dev);printf $0"\t\t";system("find /dev/disk/by-id -lname \"*"dev"\" -printf \" %p\"");print "";}'
cd raid-sleep-1.1.0/
sudo vi raid-sleep.conf
DISKS=\
/dev/disk/by-id/scsi-1ATA_ST16000NM001G-2KK103_ZL2JGF06 \
/dev/disk/by-id/scsi-1ATA_ST16000NM001G-2KK103_ZL2JQNS6 \
/dev/disk/by-id/md-name-nas-ubuntuserver:0
TIMEOUT=900
sudo ./install.sh
sudo hdparm -C /dev/sda1
sudo hdparm -C /dev/disk/by-id/scsi-1ATA_ST16000NM001G-2KK103_ZL2JQNS6
sudo lsof | grep raid
sudo smbstatus
sudo systemctl stop plocate-updatedb.timer
sudo systemctl disable plocate-updatedb.timer
timeshift
We have configured numerous features, including Remote Access, File Storage and Sharing, Virtualization, RAID Support, File Synchronization, Media Streaming, Security Features, Surveillance Camera, and Monitoring and Management Tools. It is time to create a system restore point so that we can roll back changes if something goes wrong later.
As mentioned earlier, timeshift provide functionality similar to the System Restore feature in Windows and the Time Machine tool in macOS.
1, Install rsync if it is not already installed, specifically version 3.2.3-8, and hold back the package to prevent updates. Then, install timeshift.
2, Create a snapshot of the current system state.
3, List the available snapshots.
4, Restore the system to a previous snapshot if necessary.
sudo apt-get install rsync=3.2.3-8ubuntu3
sudo apt-mark hold rsync
sudo apt install timeshift
sudo timeshift --create --comments "install.ssh.xrdp.mkfs.samba.virtualbox.mdadm.rsync.jellyfin.ufw.ssl.webmin.spindown.timeshift" --snapshot-device /dev/sdb2
sudo timeshift --list --snapshot-device /dev/sdb2
sudo timeshift --restore
-- EOF --