Sunday, July 29, 2018

Setting up Letsencrypt certificate on Synology DSM 6.0

HTTPS is already the de facto standard.  With Google Chrome now shaming non-HTTPS websites, little guys/gals like me running legacy insecure web servers are now on the wrong side of the line and risk losing business / traffic.

Fortunately, Synology DSM 6.x has a baked-in solution using the free certificate services from Let's Encrypt.  It looks scary at first, but it's very easy once you know all the steps. 

Things to know:
-  It's perfectly free, no cost.
 -  It works with dynamic DNS services.  You do not have to renew the security certificate if your IP changes.
-  It works with virtual hosts.
-  It is maintenance-free, as it auto-renews itself.
-  DON'T read the "Get Started" information at Let's Encrypt.  It will just confuse the hell out of you. 
-  Did I mention it is free?



This article assumed you have Web Station set up and your website(s) are running correctly.  If not, you obviously have other things to fix before you get around to HTTPS support, so go away and fix it.


It also assumes you have DSM 6.x.  If you are like I was, and still running DSM 5.x, you will have to upgrade in order for the security certificate to auto-renew.  Otherwise you will have to manually renew it every 90 days, which sucks.

I've gotten very conservative in my old age, as I've seen waaaay too many "upgrades" cause waaaay more trouble than they were ever worth.  So the prospect of accidentally borking my main file server frankly terrifies me.  However - and in my experience - upgrading from DSM 5.x to DSM 6.x was painless, so woman up and do it.

Note, however, that in 6.x, Web Station moved from within the Control Panel to its own application.  Look for it in the app box at the top left-hand corner of the web interface.


How to enable HTTPS on your Synology Web Station website(s):

1.  Make sure port 443 is open in your firewall.  (Somehow, nobody mentions this - I guess everyone assumes everyone already knows?)

Depending on your setup, the firewall may be in the Synology, or it may be in your router.  It will be in the same place where you have port 80 open for your website(s) to work in the first place.

While you're at it, disable any port forwarding you're not still using.  I had some old ports open from some old PVR applications that I stopped using ages ago.  Typically, all you need open is 80 (for HTTP) and 443 (for HTTPS).

2.  Go to Control Panel / Security / Certificate.  Click "Add", then "Add new certificate".


3.  Choose "Get a certificate from Let's Encrypt". 

4.  Fill in the blanks:
  Domain name = the domain name of your website [i.e. titam.com]
  Email = the contact info for that website  [me@titam.com]
  Subject Alternative Name = the www server name  [www.titam.com]

Note: if you don't put the "www" version of your domain in Subject Alternative Name, the certificate won't cover the web server name, and you'll get verification errors.

 5.  Click "Apply".

6.  The screen will return to "certificate" with the new certificate listed.

7.  Click "Configure".

8.  For the target domain (titam.com) change the "Certificate" from "synology.com" to the new certificate for that domain (also titam.com).

9.  Certificates are tied to the domain name.  So if you have multiple (virtual) hosts on different domains, repeat the above with each one of your vhosts, so they each have their own Letsencrypt certificate.

If you only have one domain / one website, and/or you don't know what "virtual hosts" are, you don't need to repeat anything.

10.  Use SSL Checker to ensure you get everything right. 

Common errors: 

-  Can't resolve:  Your dynamic DNS is borked.  Fix it.

-  Port error:  You didn't open port 443 in your firewall(s).  Go fix it.

-  Untrusted certificate:  You forgot to click "Configure" and change the domain name setting from the default Synology certificate to your new certificate.  Go fix it.

-  Unlisted / Incorrect hostname:  You forgot to list the "www" version of your website in Subject Alternative Name.  Restart the process with "Replace an existing certificate" and fix it.

Done.  Ta-da!

Kudos to Synology for baking this directly into DSM 6.x.  People often whine they are not user-friendly, but if this isn't user-friendly, then what is?  I mean, come on - like 10 clicks and you're done.  Give them some credit.


Wednesday, July 11, 2018

Cardo Freecomm1 volume levels

I still get to ride occasionally.  As I was renting a bike with a GPS, I wanted in-helmet audio.

Reviews on all in-helmet Bluetooth devices are mixed, no doubt because different helmets, bikes, and riding styles all affect how we perceive the volume levels.

I ride exclusively with 32 NRR earplugs in.  I can't understand how people ride without earplugs; seems to me you'd go deaf very soon.

I also have an "older" Uvex helmet I purchased in Germany.  (My HJC was killing me on my rental supermoto, which has much more wind exposure - the wind was pushing the front edge of the helmet into my forehead.)  Uvex has long since stopped making motorcycle helmets, but my helmet is still A-OK.

The Uvex includes a motocross peak (sun shade), which I always have on - even on the highway.  It adds some noise.

My Uvex has no speaker cutouts, so I had to make some.  This would place the speakers right on the shell, but I used the Cardo spacing pads to move them closer to my ears. 

Owing to the way the liner works, the helmet liner covers the speakers.

Finally, I was using the system on a touring bike with a BMW Motorrad GPS unit.  The bike had a windscreen but not a fully effective one.

This all makes for a situation pretty close to worst-case for an in-helmet audio system:

-  High-rated earplugs
-  Relatively noisy helmet
-  Non-optimal speaker placement
-  Speakers covered by helmet liner
-  Significant wind noise at higher speeds

I am happy to report that the system was audible and understandable even under these conditions at highway speeds (~ 65 MPH).

However, be aware that the audio was not great.  Voice prompts were audible, but distorted.  In a few cases they were difficult to understand.  However, they were loud enough to direct attention to the GPS screen so I didn't miss a turn.

At lower speeds, the system was just fine.  I was able to hear and understand the GPS without difficulty.

I imagine this setup would suck for music, as the audio quality will not be adequate.  But one is unlikely to expect earplugs and perfect audio quality to go together.

From what tiny experience I have had with the system without earplugs - which has exclusively been when I am NOT riding - the system appears loud enough to listen to music if you don't wear earplugs.  I would not recommend this since the noise levels are likely to damage your hearing, but to each his/her own.

I am also unsure about holding a conversation, at least at highway speeds.  My Freecomm1 has no two-way audio because I don't need it, so I can't test it.  However, I believe it should be possible to hear a riding companion at slightly lower speeds (< 50 MPH) even with 32 NRR earplugs in.

Hopefully this helps someone who is worried about using the Cardo Freecomm units with earplugs.