Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

WebDAV

#1
Heart 
First of all, thank you Rob... for being a real good and genuine bloke, wanting to help people.
Ideally Id rather talk to you instead of writing everything but I will try to cram everything in this post.
The project Im working on is pretty much geared towards helping people as well and I really could use some help reaching my goals.
I have done "a ton" of research but Im really stuck right now. The more I learn the more questions I tend to have so I have decided to stop learning about these things as Im really not computer "savy". 
As a research student, I need to have my own WebDAV folder so that I am able to sync my files via Windows, android phone and mainly Ipad directly to my own WebDAV server acting as my own "cloud" stored in my own home instead of a lets say dropbox, icloud ect which is out of my hands.
The closest I came was being able to set it up via Windows IIS + Publishing + Using SSL certificate to ensure I can be on the HTTPS version ect
BUT
that seems to be VERY weak in terms of security according to alot of posts it is easy to get into as long as the IP is known via commands on a Linux forexample. Besides, that would mean my WebDAV folder is ON my computer which makes it a bad idea for backups.
Thats when I came to the NAS world. Soon finding out about the the security weaknesses of QNAP so my focus quickly got shifted towards Synology and Asustor... Mainly looking at the 923+/1522+ or the Lockerstor 4 Gen2 (before hearing your suggestions of course), not that I need 4-5 bays but my "ton of research" shows its just a bad idea buying a 2-bay NAS for many reasons including RAID options. Later it seemed Asustor is struggling with WebDAV as some users report connection errors ect... I personally dont like the "proprietary apple-like" approach Synology seems to have so I wanted to like the Asustor. Now bear in mind Im not completely clear on what WebDAV even is besides its generic definition of being part of the HTTP protocol. Some of my million questions are:
1. What NAS solution has the best WebDAV implementation?
2a. Why does Synology when writing about WebDAV say we must use additional programs like Cyberduck + spesify DNS server?
2b. Why cant WebDAV just be an address like https://YOURIP:YOURPORT/Webdavfolder ? why does it need a domain as in a DNS server?
the DNS server is its domain, right? Or am I confused about that?
3. What RAID would you use for a single user? Im between RAID 10 and 6... RAID 10 seem to not be upgradable which is the only reason Im unsure about it. IF there existed NAS solutions with SAS controller also included, I would use RAID 1 then have 2 disks one being a good Toshiba SAS and then another being a good SATA from another brand, decreasing the chance of 2 disk failures at the same time. What is the next best option to this?
Even if I bought 3-4 disk of the same type.. I would make sure each come from a different batch. Which my research shows important. You have been a large part of my research btw Smile
4. Is NAS the only "non-windows" way of getting WebDAV ?
5. It seems a VPN can increase the security of a NAS/WebDAV in general... why and in what way does a VPN do that if the connection is encrypted via HTTPS to begin with? From my weak understanding, can it be relevant in the port forwarding process? As in the router port forwards ONLY to 1 STATIC IP of the VPN... so whether on the phone, windows or IPAD... as long as they are all accessing the NAS/WebDAV via that spesific IP, it works while blocking all other IP addresses? Am I completely wrong in my thought process? Please correct me. 
6. What NAS "features" play less of a role if there is going to be 1 or at least less than 3 users EVER, connected to it. Ive been thinking that it would be such a waste NOT upgrading RAM lets say on ANY NAS or add like a NVME cache to it... 
7. Last question (for now), can a NAS be divided into sections? Lets say there is 8 TB of available storage... 4TB is used for the WebDAV folder (having its own password).... 4TB is used for backup of lets say computer/phone (having its own password, which I assume would be root access to the NAS).

I really have a million questions but I have to stop here in respect for you. I also did all that research to try not to waste your time before posting.
Thanks a million Rob !!

PS: I subscribe/support/follow you online.
Reply
#2
Synology is known to have good WebDAV implementation.
2a. Cyberduck is a file transfer client that can connect to WebDAV, and specifying a DNS server is necessary if you want to use a domain name to access your WebDAV server instead of an IP address.
2b. WebDAV can be accessed using an IP address and port number, but using a domain name is more convenient.
RAID 6 is a good option for a single user, as it provides good data redundancy with efficient use of storage space.
No, WebDAV can also be implemented on Linux servers and other non-Windows systems.
A VPN can provide an additional layer of security by encrypting the entire network traffic between the client and server, preventing any potential eavesdropping or interception of data.
Upgrading RAM or adding NVME cache would provide performance benefits, but may not be necessary for a single user or small number of users.
Yes, you can create multiple shares on a NAS, each with its own password or access control settings.


I would forget about webdav and simply go for TailScale - you will then see your NAS as a local disk. Way better and faster than webdav.

https://nascompares.com/guide/how-to-acc...tailscale/
Reply
#3
(02-13-2023, 11:14 AM)ed Wrote: Synology is known to have good WebDAV implementation.
2a. Cyberduck is a file transfer client that can connect to WebDAV, and specifying a DNS server is necessary if you want to use a domain name to access your WebDAV server instead of an IP address.
2b. WebDAV can be accessed using an IP address and port number, but using a domain name is more convenient.
RAID 6 is a good option for a single user, as it provides good data redundancy with efficient use of storage space.
No, WebDAV can also be implemented on Linux servers and other non-Windows systems.
A VPN can provide an additional layer of security by encrypting the entire network traffic between the client and server, preventing any potential eavesdropping or interception of data.
Upgrading RAM or adding NVME cache would provide performance benefits, but may not be necessary for a single user or small number of users.
Yes, you can create multiple shares on a NAS, each with its own password or access control settings.


I would forget about webdav and simply go for TailScale - you will then see your NAS as a local disk. Way better and faster than webdav.

https://nascompares.com/guide/how-to-acc...tailscale/

Thank you for your reply Ed !
I have to touch on a few things and if you dont mind ask a few additional questions... just to get everything straight for me. All this is very new.

Regarding your answers for 2a and 2b:
- doesn't Synology provide users with multiple domain names to use (as it seems from the different youtube videos I have watched)? Users seem to have YOU.synology.com via forexample QuickConnect they have... why do users need another DNS server from lets say freedns.com as different write ups suggest? I really dont get this part.
- why is a file transfer client like Cyberduck needed when windows, DSM, mac, ios, android... all have their own file transfer clients ?

Regarding "A VPN can provide an additional layer of security by encrypting the entire network traffic between the client and server, preventing any potential eavesdropping or interception of data." :
- if the WebDAV is using HTTPS which already is 256 bit encryption via TLS, what does another layer of 256 bit encryption do? Would it make it 512 bit encryption together? If so it makes sense but then again I thought 256 bit encryption couldn't be cracked?
I really would like to understand this so I would appreciate it if you would explain... mainly from this part "between the client and server, preventing any potential eavesdropping or interception of data." is the NAS the server? Who is the client? Lets say I wanted to prevent eavesdropping from my ISP of ALL my activities on my NAS including the WebDAV folder, would they be able to eavesdrop on HTTPS connections to my NAS? Would I have to connect to a VPN first and THEN use HTTPS to connect to the NAS for maximum security? 
Am I understanding the steps correctly`, as in... first connect to the VPN and THEN connect to your https address of your NAS ? Is that the best practice for maximum security?

I have 2 small quick additional questions please:
1. In a lets say 5 bay NAS... is it possible to populate bay 1 3 and 5 to ensure maximum airflow between them inside the NAS? or does RAID make it required that they are in the "next slot available" ?
2. In the case of using 3 or 4 disks, wouldnt it decrease the probability of 2 disk simultaneous failures by using lets say 3 brands ? Or atleast 2 really good brands of enterprise disks ? Does RAID or Synology accept this if the disk are all lets say the same size, speed and SATA600 ?
IF you would recommend ALL disk be the same, I would make sure all are of different batches as Rob taught me.

PS: Im sure TailScale is better and frankly Im already pretty upset at this WebDAV thing considering the lack of in depth information regarding it BUT the programs Im going to use accept commercial solutions like icloud and dropbox/googledrive ect for backups and WebDAV is the ONLY solution they offer to store my files on my own disk via my own "cloud" so Im pretty stuck in having to set it up. I do appreciate you trying to save me of all the "pain" I guess.

Thank again Ed and say hello to Rob from me and read my shout outs in my first message to him. Hope it will cheer him up and forget about the seagulls even for just a minute  Heart
Reply
#4
Originally Synology did not allow their domain to be used for DNS. Now you can. Just like any other domain, it does not make any difference. Simply choose which one looks better.

Quickconnect is not DNS. It is proxy service. With that ID you connect via their server. It is safer because it does not per se enable port forwarding like DNS would (you can also open ports if wanted to).

Cyberduck might have functions you may need. But if you are first-time user, there is no need for any other software that Synology provides.


HTTPS encryption and web dav encryption is still a 256 bit based. It does not multiply.

Connecting via VPN is the only way to hide your communication between your computer and NAS server. DNS or proxy is visible to the world and hackers can target these connections. Not VPN. Tailscale is therefore popular.

In a 5 bay, you can fill any bays you want. There is no restrictions how to do it.

About simultaneous failures. This does not happen often with hard drives. They usually wear out slowly and you will be altered when they soon will become unusable. It is more likely that SATA connectors would fail at the same time.

But you can mix different batches of same drive of go for different branded drives.

Using Tailscale is the same as using DNS or Quickconnect. In fact it is 10 times easier and 10 times safer.
Reply
#5
Hey Ed...

I forgot to thank you ! So here I am... Thank you so much. I am in the process of researching and learning more. A lot of what you wrote sent me on the right way and Im learning more every day. I have yet to buy the hardware as I will also setup a firewall which I later found out I needed but that Tailscale thing using wire guard in that manner is pure magic. I will have some more questions in the future but until then I must just ask for 1 sentence which was unclear, "DNS or proxy is visible to the world and hackers can target these connections. Not VPN."
You just meant that by using a VPN the hackers can not see our DNS address like mysynology.com in the logs/history right?
Because even if I was connected to a VPN or Tailscail I would still have to type my NAS server address in a browser which I assume is the DNS right?
I dont know of a way of accessing NAS without using an address to go to... unless Tailscale could also list "destinations" and not only clients, to connect to so that one would not have to type any address which could potentially be intercepted by a keylogger for example.
Right? Or am I off here?
Reply
#6
Every device connected to the network has its IP address that identifies it.
DNS or Domain name is a human-friendly way of masking this IP address. It looks like you type in mysynology.com, but actually, this is converted into an IP.

Every IP behind open ports are visible to the world as a door. Hackers then scan test if you have latest updates installed. if not, you may have some hole in the software they could hack and get into the NAS.

VPN do not open any ports. when hackers scan your home IP address they see nothing. And they go away.

With Tailscale each device will have its IP address. You will simply paste it into your browser or file management app instead of using verbal DNS/Domain. There is no other difference.
Reply
#7
Thank you Ed for clearing that up. I see... that makes sense. I will be reading up that and learning more and will be back with more questions, specially when I have bought the hardware and set everything up.

PS: I vote that you do more vids, in addition to Rob. I was reading up on what Docker is the other day and learning the difference between virtual vs container and really found your video from last year showing all the fun things one could for example do with docker really interesting.
I never knew this world of NAS and software associated with it could be so relevant for doing research.
Keep up the good work and tell Rob that some one on the forums said you guys are awesome !!
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)