Hi there,
I am resuming this thread (but there are many very similar) to explain my way to surf the internet from remote using my NAS connection. This could be useful to bypass geo restrictions (using those of where your NAS is located) or stringent corporate firewall rules. Everything without requiring to install anything on your client desktop/machine and just using a web browser.
The trick is to use a light ubuntu machine (with docker to simplify things), noVNC (a VNC server not requiring a client other than a browser) and ngrok (I will explain why).
Here are the steps:
1. on QTS install Container Station and ngrok (packaged by QNAP_Stephane)
2. from Container Station install the
dorowu/ubuntu-desktop-lxde-vnc docker container which runs a noVNC server on port 6080.
3. check which is the host port used by this docker (i.e. the port used by the NAS to forward requests to the docker). e.g. 32764. In this way going to http://[NAS ip]:32764 you will reach your dockerized ubuntu desktop which has no lock screen access (sudo password is "ubuntu" by default).
4. if you don't want to port forward port 32764 of your router to your NAS and secure your access a bit, I suggest you to use ngrok (which starts at boot and just needs to be configured once).
ngrok, if you don't know it, is an awesome service which, upon installation of this tiny client, creates a tunnel (i.e. a reverse proxy) toward ngrok.io website giving the tunnel a randomly chosen alphanumeric subdomain (e.g. http://03d8b034.ngrok.io).
This is extremelly useful as you will just need to type (in the example) http://03d8b034.ngrok.io to reach your ubuntu machine (and therefore use the browser) without having to open router ports or install anything on your client workstation.
The problem is that ngrok creates - for non paying accounts - random subdomains, it is therefore essential to know where to point your browser to access your system.
This is why I have created the following start.sh and stop.sh scripts for our NAS.
Code:
#!/bin/sh
# test if line is up
wget -q --spider http://google.com
if [ $? != 0 ]; then
sleep 60
/etc/init.d/NGrok.sh restart
else
## /opt/NGrok/ngrok (type your command below for automatic exec when NAS/QPKG Start)
/opt/NGrok/ngrok http -auth="admin:password" -bind-tls=false -inspect=false 192.168.1.3:32769 &
# after tunnel creation sleep for 10 seconds to ensure the tunnel is created
sleep 10
# take timestamp for notification
TIMESTAMP=$(date +"%Y-%m-%d %Hh%M")
# create temp files and assign variables
CURL_NGROK="/share/Public/ngrok-curl.txt"
TR_NGROK="/share/Public/ngrok/ngrok-tr.txt"
MAIL="/share/Public/ngrok/ngrok-mail.txt"
# take raw information
curl http://127.0.0.1:4040/api/tunnels > $CURL_NGROK
# put raw information in column (by ")
tr '"' '\n' < $CURL_NGROK > $TR_NGROK
# take 24th line (information on tunneled server)
# take 14th line (information on tunneled url)
# send output to QTS
/sbin/log_tool -a "$TIMESTAMP - Ngrok http tunnel created for `sed '24q;d' $TR_NGROK` to `sed '14q;d' $TR_NGROK`." -t 1 >&2
# send email
echo "To: "xxx" <xxx.yyy@zzz.com>" > $MAIL
echo "Subject: ngrok http tunnel created" >> $MAIL
echo "From: "aaa" <aaa@aaaa.com>" >> $MAIL
echo "" >> $MAIL
echo "" >> $MAIL
echo "$TIMESTAMP - Ngrok http tunnel created for `sed '24q;d' $TR_NGROK` to `sed '14q;d' $TR_NGROK`." >> $MAIL
/usr/sbin/sendmail -vvv -t < $MAIL
exit 0
fi
As you can see the important line is the following:
Code:
/opt/NGrok/ngrok http -auth="admin:password" -bind-tls=false -inspect=false 127.0.0.1:32764 &
This means that ngrok will create an http tunnel (not https) with the HTTP basic authentication credentials "admin" and "password" (of course you can change) for the service (in our case the container ubuntu system) running on 127.0.0.1:32764.
The other part of the script is simply to:
a) verify that the internet connection is on (if not, wait 60 seconds), useful in case of reboot
b) check which is the subdomain given by ngrok to the tunnel
c) send an email (and a notification on QTS) with the subdomain, so that you know what is this subdomain.
Of course you could also check the ngrok website or check localhost:4040, but this is the easiest way.
The stop.sh script is the following:
Code:
#!/bin/sh
# terminate all ngrok services
killall -9 -f ngrok
# assign variables
CURL_NGROK="/share/Public/ngrok-curl.txt"
TR_NGROK="/share/Public/ngrok-tr.txt"
MAIL="/share/Public/ngrok-mail.txt"
# remove temporary files
rm $CURL_NGROK $TR_NGROK $MAIL
exit 0
You should put these scripts in /opt/NGrok/ which is the folder automatically generated at the installation of ngrok.
5. Just restart ngrok from QTS (having changed email parameters) and you will receive an email with the ngrok tunnel URL.
Now you can access internet without restrictions!
ps: just few notes
a) you need to set up your email credentials on QTS in the notification section to send emails from "aaa@aaaa.com" (check
here).
b) you need to register to ngrok (it is free) to use the HTTP base authentication. Once done that you need to install the authtoken (check
here).