Resilio Sync in a FreeNAS Jail

Update (10/08/2020): For a scripted version of this resource, refer to Scripted Resilio Sync Installation in the Resources section of the FreeNAS Community Forum. 

Intended Audience

This post may be of interest if you are setting up Resilio Sync, not using the supplied plugin, but in a jail under FreeNAS 11.3.

Assumptions

  1. The guide is suitable for a small business or home network that doesn’t use a domain controller for authenticated access.
  2. The reader has a working knowledge of FreeNAS.

Background

There are several limitations of setting up Resilio Sync using the plugin:

  1. Configuration files are stored within the plugin jail. Reinstalling Resilio Sync means that client connections have to be set up again. This is laborious for anything more than a few connections. It would be better to have the configuration files stored outside the jail to eliminate the need to do this.
  2. Plugin jails are not designed to be tampered with, so tweaking the jail is discouraged.
  3. Plugins aren’t updated regularly. For instance, at the time of writing, the Resilio Sync plugin is using Resilio Sync version 2.6.3. the current version is 2.6.4.

At the time of writing this, I am working with FreeNAS 11.3-U1 and Resilio Sync 2.6.4.

Overview

I’ve tried to match the actions of the plugin as much as possible while giving the jail the required flexibility I’m seeking. The key steps for setting up Resilio Sync on FreeNAS are:

  1. Create the jail.
  2. Set up required packages.
  3. Set up the run command directory.
  4. Set up the rslsync executable.
  5. Set up the rslsync configuration file.
  6. Set up the mount points.
  7. Enable startup.

Step 1: Create the Jail

Jails ⇒ Add

screenshot.220.png
screenshot.223.png
screenshot.224.png

Edit the jail after it’s created:

Jails ⇒ rslsync ⇒ Edit

…and make sure to check the following items:

Under Basic Properties:

screenshot.183.png

Don’t forget to save these settings, then start the jail.

Jails ⇒ rslsync ⇒ Start

Step 2: Set up required packages

Shell into the jail.

Jails ⇒ rslsync ⇒ Shell

I’ll be installing the following package:

  1. ca_root_nss – Allow https. Required for the fetch command.
pkg install ca_root_nss

Step 3: Set up the run command directory

mkdir /usr/local/etc/rc.d
ee /usr/local/etc/rc.d/rslsync

Add the code block below. Note that this code block is used for rslsync in the Resilio Sync plugin version 2.6.3.

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: rslsync
# REQUIRE: LOGIN
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
# to enable this service:
#
# rslsync_enable (bool):        Set to NO by default.
#                               Set it to YES to enable it.
# rslsync_user:                 The user account rslsync daemon runs as
#                               what you want it to be. It uses 'rslsync'
#                               user by default. Do not sets it as empty or it
#                               will run as root.
# rslsync_group:                The group account rslsync daemon runs as
#                               what you want it to be. It uses 'rslsync'
#                               group by default. Do not sets it as empty or it
#                               will run as wheel.

. /etc/rc.subr
name="rslsync"
rcvar="${name}_enable"
load_rc_config ${name}

: ${rslsync_enable:="NO"}
: ${rslsync_user:="rslsync"}
: ${rslsync_group:="rslsync"}

pidfile="/var/run/rslsync/rslsync.pid"
command="/usr/local/bin/rslsync"
command_args="--config /usr/local/etc/rslsync.conf"

start_precmd=rslsync_prestart
rslsync_prestart() {
        if [ ! -d ${pidfile%/*} ]; then
                install -d -o ${rslsync_user} -g ${rslsync_group} ${pidfile%/*}
        fi
}

run_rc_command "$1"

Exit and save changes and make the file executable.

chmod u+x /usr/local/etc/rc.d/rslsync

Step 4: Set up the rslsync executable

This refers to the first highlight in the rslsync code block.

mkdir /usr/local/bin
cd /usr/local/bin
fetch https://download-cdn.resilio.com/stable/FreeBSD-x64/resilio-sync_freebsd_x64.tar.gz 
tar -xzvf resilio-sync_freebsd_x64.tar.gz 
rm resilio-sync_freebsd_x64.tar.gz

Step 5: Set up the rslsync configuration file

Set up rslsync.conf.sample. This refers to the second highlight in the rslsync code block. This file is the same as that used for the plugin.

cd /usr/local/etc/
ee rslsync.conf.sample

Add the following code:

{
   "device_name": "My Sync Device",
// "listening_port" : 0, // 0 - randomize port

/* storage_path dir contains auxilliary app files if no storage_path field: .sync dir created in current working directory */
 "storage_path" : "/var/db/rslsync",

/* set location of pid file */
 "pid_file" : "/var/run/rslsync/rslsync.pid",

/* use UPnP for port mapping */
  "use_upnp" : true,

/* limits in kB/s. 0 - no limit */
  "download_limit" : 0,
  "upload_limit" : 0,

/* proxy configuration */
// "proxy_type" : "socks4", // Valid types: "socks4", "socks5", "http_connect". Any other value means no proxy
// "proxy_addr" : "192.168.1.2", // IP address of proxy server.
// "proxy_port" : 1080,
// "proxy_auth" : false, // Use authentication for proxy. Note: only username/password for socks5 (RFC 1929) is supported, and it is not really secure
// "proxy_username" : "user",
// "proxy_password" : "password",

/* directory_root path defines where the WebUI Folder browser starts (linux only). Default value is / */
//  "directory_root" : "/home/user/MySharedFolders/",

/* directory_root_policy defines how directory_root is used (linux only).
   Valid values are:
     "all" - accepts directory_root and its subdirectories for 'getdir' and 'adddir' actions
     "belowroot" - accepts directory_root's subdirectories for 'getdir' and 'adddir' actions,
     but denies attempts to use 'adddir' to create directories directly within directory_root
   Default value is "all". */
//  "directory_root_policy" : "all",

  "webui" :
  {
    "listen" : "0.0.0.0:8888" // remove field to disable WebUI

/* preset credentials. Use password or password_hash */
//  ,"login" : "admin"
//  ,"password" : "password" // (not recommended, better use 'password_hash_unified')
//  ,"password_hash" : "" // (not recommended) Works on *nix only!
// Use either 'password_hash' or 'password_hash_unified' (recommended), but not both of them!
//  ,"password_hash_unified" : "" // Works on all platforms.
//  ,"password_hash_salt_unified" : "" // Salt for unified password's hash. Works on all platforms.
//  ,"allow_empty_password" : false // Defaults to true
/* ssl configuration */
//  ,"force_https" : true // disable http
//  ,"ssl_certificate" : "/path/to/cert.pem"
//  ,"ssl_private_key" : "/path/to/private.key"

/* dir_whitelist defines which directories can be shown to user or have folders added (linux only)
   relative paths are relative to directory_root setting */
// ,"dir_whitelist" : [ "/home/user/MySharedFolders/personal", "work" ]
  }

/* !!! if you set shared folders in config file WebUI will be DISABLED !!!
   shared directories specified in config file override the folders previously added from WebUI. */ 
/*,
  "shared_folders" :
  [
    {
      "secret" : "MY_SECRET_1", // required field - use --generate-secret in command line to create new secret
      "dir" : "/home/user/resilio/sync_test", // * required field
      "use_relay_server" : true, // use relay server when direct connection fails
      "use_tracker" : true,
      "search_lan" : true,
      "use_sync_trash" : true, // enable SyncArchive to store files deleted on remote devices
      "overwrite_changes" : false, // restore modified files to original version, ONLY for Read-Only folders
      "selective_sync" : false, // add folder in selective sync mode
      "known_hosts" : // specify hosts to attempt connection without additional search
      [
        "192.168.1.2:44444"
      ]
    }
  ]
*/

/* Advanced preferences can be added to config file. Info is available at "https://help.getsync.com/hc/en-us/articles/207371636"
For example see folder_rescan_interval below */
//, "folder_rescan_interval" : 600

}

Set up rslsync.conf

cp rslsync.conf.sample rslsync.conf

Step 6: Set up the mount points

Set up the rslsync user and create the configuration storage path (highlight in the rslsync.conf code block above)..

mkdir /var/db/rslsync
pw user add rslsync -c rslsync -u 817 -d /nonexistent -s /usr/bin/nologin 

Stop the jail.

Jails ⇒ rslsync ⇒ Stop

Map configuration and sync data locations outside the jail.

Jails ⇒ rslsync ⇒ Mount Points ⇒ Actions ⇒ Add.

For example:

TIP: Make sure that rslsync (UID/GID 817) has write access to the source directories e.g. chown -R 817:817 /mnt/tank/apps/rslsync/data /mnt/tank/apps/rslsync/config.

Step 7: Enable startup

Start and shell into the jail.

Jails ⇒ rslsync ⇒ Start

Jails ⇒ rslsync ⇒ Shell

sysrc rslsync_enable="YES"
service rslsync start

Resilio can be accessed from a browser at jail_IP:8888.

References

  1. HOWTO Resilio(btsync) iocage setup
  2. Resilio Sync download
  3. Resilio Sync UI

 

Keep Reading

PreviousNext

12 thoughts on “Resilio Sync in a FreeNAS Jail

  1. thanks for the guide!

    i keep getting “you do not have permission to write to the directory” when i try to update the default locations in Sync Guide and get this error “Cant’t load/save the settings file”

    I assume i am doing something wrong at step 6 on the mountpoints. Are you able to elaborate more as to what needs to be done? I created a user and group rslsync with GID817 and assigned it to the dataset which I think needs to be done

    1. Hi Clarence, I have config and data as nested datasets under a parent dataset rslsync outside the jail. Both config and data are owned and have full access by rslsync (UID/GID 817). Assuming both are empty, when the ‘service rslsync start’ is first issued, the config dir will be seeded while the data dir will remain empty.

      If you continue to experience problems, contact me via the FreeNAS forum as this blog does not lend itself to interactive debugging.

      1. Hello Basil,

        I checked that UID/GID 817 has an R/W access to conf and data, and it still don’t work… Do you have any idea ?

Leave a Reply