虽然可以买群晖，也能DIY黑群晖，虽然有FreeNAS，但我还是更喜欢用Debian/Ubuntu系统构建自己的NAS，轻量、稳定。

安装Debian 8系统

安装的时候选择源选择最上面的手动输入163源的host名mirrors.ustc.edu.cn，目录默认即可。

如果是安装之后，添加源：

vi /etc/apt/sources.list

deb http://mirrors.ustc.edu.cn/mirrors/debian jessie main non-free contrib
deb http://mirrors.ustc.edu.cn/mirrors/debian jessie-updates main non-free contrib
deb http://mirrors.ustc.edu.cn/mirrors/debian jessie-backports main non-free contrib
deb http://mirrors.ustc.edu.cn/mirrors/debian jessie-proposed-updates main contrib non-free
deb http://mirrors.ustc.edu.cn/mirrors/debian-security jessie/updates main contrib non-free

deb-src http://mirrors.ustc.edu.cn/mirrors/debian jessie main non-free contrib
deb-src http://mirrors.ustc.edu.cn/mirrors/debian jessie-updates main non-free contrib
deb-src http://mirrors.ustc.edu.cn/mirrors/debian jessie-backports main non-free contrib
deb-src http://mirrors.ustc.edu.cn/mirrors/debian jessie-proposed-updates main contrib non-free
deb-src http://mirrors.ustc.edu.cn/mirrors/debian-security jessie/updates main contrib non-free

dpkg-reconfigure locales

1 2	选中en_US.UTF-8/zh_CN.GB2312/zh_CN.UTF-8/zh_CN.GB18030/zh_CN.GBK 默认选en_US.UTF-8

apt-get update && apt-get upgrade

apt-get install vsftpd apache2 vim ntfs-3g samba console-setup sysv-rc-conf git subversion rar unrar unzip ntpdate psmisc htop exfat-utils screen tmux bzip2 nload nethogs wireless-tools wpasupplicant nfs-common nfs-kernel-server rsync db5.3

dpkg-reconfigure console-setup

UTF-8
Combined - Latin; Slavic Cyrillic; Hebrew; basic Arabic
VGA
8x16

/etc/init.d/console-setup start

sysv-rc-conf

关闭一些服务，基本留ssh就行了，如果是图形界面，就还需要留light-dm

配置网卡IP，如果不是dhcp记得在/etc/resolv.conf添加nameserver，也就是DNS解析服务器

vi /etc/network/interfaces

auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
allow-hotplug eth2
iface eth0 inet static
address 192.168.20.32
netmask 255.255.255.0
gateway 192.168.20.254
iface eth2 inet dhcp

FTP配置

FTP多用户配置

cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

vi /etc/vsftpd.conf

listen=YES
use_localtime=YES
listen_port=21
anonymous_enable=NO
local_enable=YES
write_enable=NO
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=NO
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to White FTP servers
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
pam_service_name=vsftpd
userlist_enable=NO
tcp_wrappers=YES
idle_session_timeout=300
data_connection_timeout=1
guest_enable=YES
guest_username=vftp
user_config_dir=/etc/vsftpd/vconf
virtual_use_local_privs=YES
pasv_min_port=9000
pasv_max_port=9045
accept_timeout=5
connect_timeout=1

锁定用户主目录的名单
vi /etc/vsftpd.chroot_list

test

mkdir /etc/vsftpd
cd /etc/vsftpd
vi login.txt

添加帐号密码，奇数行为帐号偶数行为密码

1 2	test white

db5.3_load -T -t hash -f /etc/vsftpd/login.txt /etc/vsftpd/vsftpd_login.db
chmod 600 /etc/vsftpd/vsftpd_login.db
vi /etc/pam.d/vsftpd

在最前面添加

1 2	auth required /lib/i386-linux-gnu/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login account required /lib/i386-linux-gnu/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

如果是64位系统

1 2	auth required /lib/x86_64-linux-gnu/security/pam_userdb.so=/etc/vsftpd/vsftpd_login account required /lib/x86_64-linux-gnu/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

其他的注释掉

useradd -d /Disk/FTP -s /usr/sbin/nologin vftp
chmod -R 555 /Disk/FTP
chown -R vftp:vftp /Disk/FTP

设定某目录可写
chmod -R 757 /Disk/FTP/Up
touch /var/log/vsftpd.log
chown vftp:vftp /var/log/vsftpd.log
mkdir /etc/vsftpd/vconf

配置用户权限
vi /etc/vsftpd/vconf/test

local_root=/Disk/FTP
write_enable=Yes
anon_world_readable_only=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO

配置完成启动服务
/etc/init.d/vsftpd restart

FTP单root用户配置

mkdir /etc/vsftpd
echo root > /etc/vsftpd/user_list
sed -i “s/root/#root/g” /etc/ftpusers
vi /etc/vsftpd.conf

listen=YES
listen_ipv6=NO
listen_port=2122
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
#connect_from_port_20=YES
chown_uploads=YES
chown_username=root
local_root=/NetDisk
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
#nopriv_user=ftpsecure
#async_abor_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
#chroot_local_user=YES
#chroot_local_user=YES
#chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd.chroot_list
#ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
ftpd_banner=Welcom to NAS Server

配置完成启动服务
/etc/init.d/vsftpd restart

Web服务

Apache2

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.bak
cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
vi /etc/apache2/apache2.conf

删除

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

vi /etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /web
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /web/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

配置完成重启服务
/etc/init.d/apache2 restart

Samba服务

Samba多用户

useradd -d /home/test -s /usr/sbin/nologin yun
useradd -d /home/test -s /usr/sbin/nologin white
passwd yun
passwd white
smbpasswd -a yun
smbpasswd -a white
chown -R yun:yun /NetDisk
chown -R white:white /NetDisk/DATA1/aa

yun能访问读写所有目录，white仅访问/DATA1目录，仅能写/DATA1目录下的aa目录

cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
vi /etc/samba/smb.conf

interfaces = eth0 eth1

[global]
   workgroup = WORKGROUP
   server string = %h server
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog only = yes
   syslog = 0
   security = user
   encrypt passwords = true
   passdb backend = tdbsam

   obey pam restrictions = yes
   unix password sync = yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully*
 .
   pam password change = yes
   map to guest = bad user

   usershare allow guests = no

[white]
   comment = white Samba
   path = /NetDisk/DATA1
   browseable = yes
   writeable = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
#   force user = root
   printable = no

[yun]
   comment = Yun Samba
   path = /NetDisk
   browseable = yes
   writeable = yes
   create mask = 0700
   directory mask = 0700
   valid users = %S
   force user = root
   printable = no

如果需要单用户配置一个用户即可

Win下如果多个用户登陆会报错不允许一个用户使用一个以上用户名与一个服务器或共享资源的多重连接

CMD打开命令终端后执行net use * /del / use * /del /

Rsync服务

服务端配置

apt-get install rsync
vi /etc/default/rsync

1	RSYNC_ENABLE=true

vi /etc/rsyncd.conf

uid = root
gid = root
use chroot = no
max connections = 4
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log

[System_A]
path = /data/System_A
comment = System_Version_A
read only = yes
list = yes

[System_B]
path = /data/System_B
comment = System_Version_B
read only = yes
list = yes

配置完成
/etc/init.d/rsync start

客户端使用：

rsync -v rsync://IP
可以查看Rsync目录信息

rsync -avrtl –progress –delete –delete-excluded rsync://IP/System_A/ System_A

rsync -avH –progress –delete rsync://IP/System_A/ System_A

即可同步System_A目录

如果只是校验System_A，则只需添加参数n

rsync -avnH –progress –delete rsync://IP/System_A/ System_A

如果只是同步本地目录

rsync -avrtopg –progress –delete aa/ bb

rsync -avH –progress –delete aa/ bb

将aa同步到bb

如果只是校验就加个n参数
rsync -avzrtopgn –progress –delete aa/ bb

如果需要判断是否同步完成

检查最后有如下反馈：

1 2	sent 59656 bytes received 526 bytes 120364.00 bytes/sec total size is 188121746 speedup is 3125.88

NFS共享

服务器配置

vi /etc/exports

1	/NetDisk *(rw,no_subtree_check,no_root_squash,async,wdelay,insecure)

客户端

mkdir /nfs
mount -t nfs4 xxx.xxx.xxx.xxx:/ /nfs/

加入fstab

vi /etc/fstab

1	xxx.xxx.xxx.xxx:/ /nfs nfs4 soft,intr,rsize=8192,wsize=8192,nosuid

苹果AFP共享

在Debian 8的源里面已经没有netatalk，需要下载源码自己编译，Debian 7和Ubuntu有。

cp AppleVolumes.default AppleVolumes.default.bak
vi AppleVolumes.default

1 2	#~/ "Home Directory" /Disk "TimeMachine" options:tm

vi /etc/default/netatalk

ATALKD_RUN=no
PAPD_RUN=no
TIMELORD_RUN=no
A2BOOT_RUN=no

vi /etc/netatalk/afpd.conf

1	- -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword

vi /etc/avahi/services/afpd.service

<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
        <name replace-wildcards="yes">%h</name>
        <service>
                <type>_afpovertcp._tcp</type>
                <port>548</port>
        </service>
        <service>
                <type>_device-info._tcp</type>
                <port>0</port>
                <txt-record>model=Xserve</txt-record>
        </service>
</service-group>

/etc/init.d/netatalk restart
/etc/init.d/avahi-daemon restart

SVN服务器

安装支持库
apt-get install libapr1-dev libaprutil1-dev libtool

编译安装svn
从官网下载最新的svn

tar -xvf subversion-1.8.13.tar.bz2
cd subversion-1.8.13
./autogen.sh
./configure
make
make install

创建svn目录和版本库
mkdir /opt/svn
svnadmin create /opt/svn/project

初始化版本仓库中的目录

建立临时目录
mkdir -p project/test{1,2,3}
svn import project/ file:///opt/svn/project -m “初始化SVN目录”

删除临时建立的目录
rm -rf project

添加用户并修改访问策略
vi /opt/svn/project/conf/passwd

1 2	[users] white = 123

vi /opt/svn/project/conf/authz

1
2
3

[/]
white = rw
* =

修改svnserve.conf文件,让用户和策略配置升效
svnserve.conf内容如下:

[general]
anon-access = none
auth-access = write
password-db = passwd
authz-db = authz

SVN服务脚本

vi svn_start.sh

1
2
3

#!/bin/sh

/usr/local/bin/svnserve -d -r /opt/svn

vi svn_stop.sh

1
2
3

#!/bin/sh

fuser -k /usr/local/bin/svnserve

vi svn_restart.sh

#!/bin/sh

fuser -k /usr/local/bin/svnserve 
/usr/local/bin/svnserve -d -r /opt/svn

Git服务器

安装git-core
apt-get install git-core

创建目录并初始化一个repository
mkdir /opt/git
cd /opt/git
git init –bare white

初始化提交
mkdir test1
cd test1
git init
git remote add origin /opt/git/white
touch Readme
git add Readme
git commit -m “initial commit”
git push origin master

Loacl本地使用
git clone /opt/git/white

SSH使用
git clone [email protected]:/opt/git/white

使用git-daemon搭建git服务

apt-get install git-daemon
vi /etc/default/git-daemon

GIT_DAEMON_ENABLE=true
GIT_DAEMON_USER=root
GIT_DAEMON_DIRECTORY="/var/cache/git /opt/git"

# Additional options that are passed to the Daemon.
GIT_DAEMON_OPTIONS="--export-all --enable=upload-pack --enable=upload-archive --enable=receive-pack --informative-errors"
GIT_DAEMON_BASE_PATH=/opt/git

GIT_DAEMON_USER 用户权限，用户必须对git目录有权限
GIT_DAEMON_DIRECTORY 目录白名单
GIT_DAEMON_OPTIONS 参数，如果想上传且全部导出，就设置–export-all –enable=upload-pack –enable=upload-archive –enable=receive-pack，如果需要git push必须打开–enable=receive-pack
GIT_DAEMON_BASE_PATH 根目录，设置git clone寻找的根目录

/etc/init.d/git-daemon restart

git clone git://172.168.10.137/white

总结

DIY的NAS更自主一些，虽然app支持神马的不如专业NAS，但如果爱好者自己使用，还是用直接搭建的系统比较舒服。

NAS架构之Debian 8