Update (10/08/2020): For a scripted version of this resource, refer to Scripted Resilio Sync Installation in the Resources section of the FreeNAS Community Forum.
Intended Audience
This post may be of interest if you are setting up Resilio Sync, not using the supplied plugin, but in a jail under FreeNAS 11.3.
Assumptions
- The guide is suitable for a small business or home network that doesn’t use a domain controller for authenticated access.
- The reader has a working knowledge of FreeNAS.
Background
There are several limitations of setting up Resilio Sync using the plugin:
- Configuration files are stored within the plugin jail. Reinstalling Resilio Sync means that client connections have to be set up again. This is laborious for anything more than a few connections. It would be better to have the configuration files stored outside the jail to eliminate the need to do this.
- Plugin jails are not designed to be tampered with, so tweaking the jail is discouraged.
- Plugins aren’t updated regularly. For instance, at the time of writing, the Resilio Sync plugin is using Resilio Sync version 2.6.3. the current version is 2.6.4.
At the time of writing this, I am working with FreeNAS 11.3-U1 and Resilio Sync 2.6.4.
Overview
I’ve tried to match the actions of the plugin as much as possible while giving the jail the required flexibility I’m seeking. The key steps for setting up Resilio Sync on FreeNAS are:
- Create the jail.
- Set up required packages.
- Set up the run command directory.
- Set up the rslsync executable.
- Set up the rslsync configuration file.
- Set up the mount points.
- Enable startup.
Step 1: Create the Jail
Jails ⇒ Add
Edit the jail after it’s created:
Jails ⇒ rslsync ⇒ Edit
…and make sure to check the following items:
Under Basic Properties:
Don’t forget to save these settings, then start the jail.
Jails ⇒ rslsync ⇒ Start
Step 2: Set up required packages
Shell into the jail.
Jails ⇒ rslsync ⇒ Shell
I’ll be installing the following package:
- ca_root_nss – Allow https. Required for the fetch command.
pkg install ca_root_nss
Step 3: Set up the run command directory
mkdir /usr/local/etc/rc.d ee /usr/local/etc/rc.d/rslsync
Add the code block below. Note that this code block is used for rslsync in the Resilio Sync plugin version 2.6.3.
#!/bin/sh # # $FreeBSD$ # # PROVIDE: rslsync # REQUIRE: LOGIN # KEYWORD: shutdown # # Add the following lines to /etc/rc.conf.local or /etc/rc.conf # to enable this service: # # rslsync_enable (bool): Set to NO by default. # Set it to YES to enable it. # rslsync_user: The user account rslsync daemon runs as # what you want it to be. It uses 'rslsync' # user by default. Do not sets it as empty or it # will run as root. # rslsync_group: The group account rslsync daemon runs as # what you want it to be. It uses 'rslsync' # group by default. Do not sets it as empty or it # will run as wheel. . /etc/rc.subr name="rslsync" rcvar="${name}_enable" load_rc_config ${name} : ${rslsync_enable:="NO"} : ${rslsync_user:="rslsync"} : ${rslsync_group:="rslsync"} pidfile="/var/run/rslsync/rslsync.pid" command="/usr/local/bin/rslsync" command_args="--config /usr/local/etc/rslsync.conf" start_precmd=rslsync_prestart rslsync_prestart() { if [ ! -d ${pidfile%/*} ]; then install -d -o ${rslsync_user} -g ${rslsync_group} ${pidfile%/*} fi } run_rc_command "$1"
Exit and save changes and make the file executable.
chmod u+x /usr/local/etc/rc.d/rslsync
Step 4: Set up the rslsync executable
This refers to the first highlight in the rslsync code block.
mkdir /usr/local/bin cd /usr/local/bin fetch https://download-cdn.resilio.com/stable/FreeBSD-x64/resilio-sync_freebsd_x64.tar.gz tar -xzvf resilio-sync_freebsd_x64.tar.gz rm resilio-sync_freebsd_x64.tar.gz
Step 5: Set up the rslsync configuration file
Set up rslsync.conf.sample. This refers to the second highlight in the rslsync code block. This file is the same as that used for the plugin.
cd /usr/local/etc/
ee rslsync.conf.sample
Add the following code:
{
"device_name": "My Sync Device",
// "listening_port" : 0, // 0 - randomize port
/* storage_path dir contains auxilliary app files if no storage_path field: .sync dir created in current working directory */
"storage_path" : "/var/db/rslsync",
/* set location of pid file */
"pid_file" : "/var/run/rslsync/rslsync.pid",
/* use UPnP for port mapping */
"use_upnp" : true,
/* limits in kB/s. 0 - no limit */
"download_limit" : 0,
"upload_limit" : 0,
/* proxy configuration */
// "proxy_type" : "socks4", // Valid types: "socks4", "socks5", "http_connect". Any other value means no proxy
// "proxy_addr" : "192.168.1.2", // IP address of proxy server.
// "proxy_port" : 1080,
// "proxy_auth" : false, // Use authentication for proxy. Note: only username/password for socks5 (RFC 1929) is supported, and it is not really secure
// "proxy_username" : "user",
// "proxy_password" : "password",
/* directory_root path defines where the WebUI Folder browser starts (linux only). Default value is / */
// "directory_root" : "/home/user/MySharedFolders/",
/* directory_root_policy defines how directory_root is used (linux only).
Valid values are:
"all" - accepts directory_root and its subdirectories for 'getdir' and 'adddir' actions
"belowroot" - accepts directory_root's subdirectories for 'getdir' and 'adddir' actions,
but denies attempts to use 'adddir' to create directories directly within directory_root
Default value is "all". */
// "directory_root_policy" : "all",
"webui" :
{
"listen" : "0.0.0.0:8888" // remove field to disable WebUI
/* preset credentials. Use password or password_hash */
// ,"login" : "admin"
// ,"password" : "password" // (not recommended, better use 'password_hash_unified')
// ,"password_hash" : "" // (not recommended) Works on *nix only!
// Use either 'password_hash' or 'password_hash_unified' (recommended), but not both of them!
// ,"password_hash_unified" : "" // Works on all platforms.
// ,"password_hash_salt_unified" : "" // Salt for unified password's hash. Works on all platforms.
// ,"allow_empty_password" : false // Defaults to true
/* ssl configuration */
// ,"force_https" : true // disable http
// ,"ssl_certificate" : "/path/to/cert.pem"
// ,"ssl_private_key" : "/path/to/private.key"
/* dir_whitelist defines which directories can be shown to user or have folders added (linux only)
relative paths are relative to directory_root setting */
// ,"dir_whitelist" : [ "/home/user/MySharedFolders/personal", "work" ]
}
/* !!! if you set shared folders in config file WebUI will be DISABLED !!!
shared directories specified in config file override the folders previously added from WebUI. */
/*,
"shared_folders" :
[
{
"secret" : "MY_SECRET_1", // required field - use --generate-secret in command line to create new secret
"dir" : "/home/user/resilio/sync_test", // * required field
"use_relay_server" : true, // use relay server when direct connection fails
"use_tracker" : true,
"search_lan" : true,
"use_sync_trash" : true, // enable SyncArchive to store files deleted on remote devices
"overwrite_changes" : false, // restore modified files to original version, ONLY for Read-Only folders
"selective_sync" : false, // add folder in selective sync mode
"known_hosts" : // specify hosts to attempt connection without additional search
[
"192.168.1.2:44444"
]
}
]
*/
/* Advanced preferences can be added to config file. Info is available at "https://help.getsync.com/hc/en-us/articles/207371636"
For example see folder_rescan_interval below */
//, "folder_rescan_interval" : 600
}
Set up rslsync.conf
cp rslsync.conf.sample rslsync.conf
Step 6: Set up the mount points
Set up the rslsync user and create the configuration storage path (highlight in the rslsync.conf code block above)..
mkdir /var/db/rslsync pw user add rslsync -c rslsync -u 817 -d /nonexistent -s /usr/bin/nologin
Stop the jail.
Jails ⇒ rslsync ⇒ Stop
Map configuration and sync data locations outside the jail.
Jails ⇒ rslsync ⇒ Mount Points ⇒ Actions ⇒ Add.
For example:
TIP: Make sure that rslsync (UID/GID 817) has write access to the source directories e.g. chown -R 817:817 /mnt/tank/apps/rslsync/data /mnt/tank/apps/rslsync/config
.
Step 7: Enable startup
Start and shell into the jail.
Jails ⇒ rslsync ⇒ Start
Jails ⇒ rslsync ⇒ Shell
sysrc rslsync_enable="YES" service rslsync start
Resilio can be accessed from a browser at jail_IP:8888.
References
thanks for the guide!
i keep getting “you do not have permission to write to the directory” when i try to update the default locations in Sync Guide and get this error “Cant’t load/save the settings file”
I assume i am doing something wrong at step 6 on the mountpoints. Are you able to elaborate more as to what needs to be done? I created a user and group rslsync with GID817 and assigned it to the dataset which I think needs to be done
Hi Clarence, I have config and data as nested datasets under a parent dataset rslsync outside the jail. Both config and data are owned and have full access by rslsync (UID/GID 817). Assuming both are empty, when the ‘service rslsync start’ is first issued, the config dir will be seeded while the data dir will remain empty.
If you continue to experience problems, contact me via the FreeNAS forum as this blog does not lend itself to interactive debugging.
Hey, I have the same issue.
Make sure that outside the jail, UID/GID 817 has r/w access to the config and data directories.
I’ll check that. Thank you.
Hello Basil,
I checked that UID/GID 817 has an R/W access to conf and data, and it still don’t work… Do you have any idea ?
I’ve since set up an automated script to install Resilio Sync in a jail based on this post. You can find it on the FreeNAS community forum at https://www.ixsystems.com/community/resources/scripted-resilio-sync-installation.151/
freenas 11.3 u2.1 ,能用,谢谢!
You’re welcome.
followed the guide step by step, everything works great! Now i just need to dig into the settings of the application. Thanks!
I’m glad it’s working for you.