Synology DSM6 and mod_proxy


Since Synonoly released version 6 of Disk Station Manager (DSM), things in the Apache configuration where changed. I used to have a reverse proxy using Apache mod_proxy. The old configuration was stored in /etc/httpd/sites-enabled-user/httpd-vhost.conf (or httpd-ssl-vhost.conf in my case since I use SSL). The new configuration to put your reverse proxy configuration can be found in: /usr/local/etc/httpd/sites-enabled/httpd-vhost.conf-user.

To set-up a reverse proxy to services listening on strange ports, like SabNZBd, SickRage / SickBeard, CouchPotato or Transmission use these lines as an example and edit them to your needs. With this configuration you should be able to download your CentOS images from usenet without getting blocked by the company firewall…

<Location /sb>

<Location /sabnzbd>

<Location /couchpotato>

<Location /transmission>


Welkom, Sierra



Schermafbeelding 2016-08-09 om 13.33.11

Bugs so far:

  • TimeMachine (Synology DS1815+) doesn’t work
  • Networking to Synology (AFP and SMB) share doesn’t work
    • Fix: Let the firewall accept incoming mDNSresponder connections
  • DHCP (FRITZ!Box 7390) doesn’t work. Fixed IP does
    • Fix: Let the firewall accept incoming configd connections
  • MacPGP (GPGmail) doesn’t work, but this was expected
    • Fix: Wait for update.
  • Citrix Receiver doesn’t work anymore
    • Fix: Reinstall Citrix Receiver from this package.

Fix Brew (MacPorts alternative)

sudo chown -R $(whoami) /usr/local
xcode-select –install

Getting ready for RHCSA and RHCE


rhce_logoI’m busy with the training and certification for Red Hat Enterprise Linux 7. Many things changed in the new release of Red Hat Linux. IPtables is replaced by Firewalld, UPstart is replaced by systemd and the ext4 file-system by xfs. The problem: good documentation isn’t available in books. However, online there are tons of documentation. One of my favorites:

This website doesn’t only include documentation but also daily lab-exercises that are mandatory to pass the RHCSA or RHCE exams since these are hands on instead of multiple choice questions. Sorry braindump fellows out there. These will not help you. Hands on experience is mandatory in order to separate the wheat from the chaff. Without this, you won’t pass the exams.

My RHCSA exam is planned for August. RHCE will follow later. There were no options to take the exam earlier in the Netherlands due to the holiday season.

Update: another website to help you:
Update: Passed RHCSA on 12/aug/2016. Next: RHCE (but time…).

Disable auto-updates on Windows 10


Windows10Yesterday, Microsoft released Windows 10 to the public. For home users this update will be free of charge, even if your current Windows 7, 8 or 8.1 installation is semi-legal.

Windows 10 brings new features to the desktop. Among others, these include:

  • The start menu is back. Live tiles are integrated in this menu;
  • Speech control with Cortana, just like Siri on the iPhone does;
  • A new task-switcher to replace the Alt-Tab combination;
  • Action Center, just like the Notification center in Mac OSX;
  • The command prompt enters the 21st century;
  • The new Edge browser. Goodbye Internet Explorer and Silverlight;
  • Automatic installation of Windows updates and auto-rebooting.

The last one is a good feature to protect end-users if we forget about the consequences when Microsoft pushes out a bad update. Been there, done that. Even during the Beta-testing of Windows 10, when Microsoft pushed out a bad Nvidia video driver. But let’s not focus on that at this moment. In some environments you want to have more control over when and how updates are being installed and, if needed, when your PC is being restarted.

Option 1: Disable the Windows update service

There are a few options to disable auto-updating of Windows 10. The first one is to disable the Windows Update service itself. The disadvantage of this is that you don’t have the option to automatically check for updates and you won’t get notified is updates are ready, to install them on your workstation at a time convenient for you. However, if you want to go for this, use these PowerShell lines (or click around in the GUI).

stop-service wuauserv
set-service wuauserv –startup disabled

Finally, check if this all worked via WMI

get-wmiobject win32_service –filter "name='wuauserv'"

Option 2: Registry hack to bring back the old update

The second option is to bring back the old Windows update style by applying some lines in the registry. Copy and paste the lines below in a .reg file and apply this. This will bring back the old Windows Update applet in the Control Panel.

Windows Registry Editor Version 5.00 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX] "IsConvergedUpdateStackEnabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings] "UxOption"=dword:00000000

New job: Technical Consultant


SLTN-IAOn June 1st I started my new job as Technical Consultant with SLTN Inter Access. My first assignment is internal as VMware vCloud engineer to support Managed Services due to the coming holiday season. This will last till half August. See for more details.

I’ve worked with VMware vCloud Director since the first public release and still remember installing the service using RHEL and Oracle. Since then, many things changed. Microsoft SQL Server is supported and many things changed in the vShield support for networking like VPN and firewalling.

My department will be the UNIX/Infra group.

Install SSLH on your Synology DiskStation


sslhYou’re in an office or using public wifi and ports other than 53, 80 and 443 are blocked. How to SSH or VPN to your DiskStation? SSLH provides a solution for this, by acting as a proxy listening on port 443 and passing the traffic to deamons like SSHd, Apache or OpenVPN. The SSLH package is available in the SynoCommunity repository but manual work needs to be done to get it working.

By default, Apache on the Synology listens on port 443 without binding to an IP-address or interface. The first step would be to change the configuration so Apache listens on port 443 on localhost only. SSH to the DiskStation and change the configuration in these 3 files:

  • /etc/httpd/conf/extra/httpd-ssl.conf
  •  /etc/httpd/conf/extra/httpd-ssl.conf-sys
  •  /etc/httpd/conf/extra/httpd-ssl.conf-user

This can be done recursively with sed:

mkdir /root/http-backup
cp -a /etc/httpd/conf/extra/httpd-ssl.conf* /root/http-backup/
sed -i 's/*:443/' /etc/httpd/conf/extra/httpd-ssl.conf*

Now change the configuration of SSLH. By default, de service listens on port 3000. The configuration file can be found in /usr/local/sslh/var/sslh.cfg. Also change your host ( to the IP-address of the Synology. In case you use multiple interfaces, the interface to your router should be the one.

When done, reboot your Synology DiskStation and test if https, ssh and/or OpenVPN works via port 443.

Free e-Training (and exam): Brocade Certified vRouter Engineer


Brocade-BCVREAbout 2,5 years ago, Brocade acquired Vyatta, providing a software-based virtual router, virtual firewall and VPN products for Internet Protocol networks (IPv4 and IPv6). Brocade now let’s you become a Brocade Certified vRouter Engineer for free, by taking web-based training, gaining hands-on experience on a Vyatta appliance (in VMware, KVM, Virtualbox, whatever you like) and gives you a free in-person test at one of Person VUE’s testing centers.

I started with the course today. The full length of the training video’s is about 5 hours. I took the first hour or so. In terms of content I notice it’s not about protocols like BGP or OSFP itself, but about setting up and configuring the router (and protocols) via the Command Line Interface (CLI). Therefor I’d suggest everyone who’s not afraid for a CLI and doesn’t have in depth-knowledge of protocols to take the training and course.

It will cost you about a full day and gives you a free certification. If you don’t have any network certifications yet, this might be a nice first step to widen – and prove – your knowledge.

Information about the contents of the training can be found on this website. Get started with the training and certification on this website: Don’t forget to have a look at the free PDF: BCVRE in a Nutshell Study Guide for Exam 170-010. Good luck!

Synology DS1815 from the inside


About every two years I upgrade my Synology NAS. This time, the DS713+ made place for a DS1815. Tough the DS713+ isn’t bad at all, in particular after a memory upgrade, a faster CPU was preferred for single threaded applications like all Python apps are. Also, I needed a minimum of 4 Gbyte memory but more was preferred since Docker is a new Synology Package and more disk shelfs would be nice. I ended up ordering the new DS1815.

Some pictures from the unit, in particular the memory slot.




In-place upgrade CentOS6 to CentOS7


centos-logoI’m currently busy testing the CentOS6 to CentOS7 online upgrade.

The first tests on a plain CentOS (6.5) installation were successful and I’m hoping to start testing some (DirectAdmin development boxes running ‘real’ websites soon).

The CentOS core team has pre-build packages available of Red Hat’s tool to do the in-place upgrade. These are available as RPM-package in this repository.

Installation is done by adding a repo file (/etc/yum.repos.d/upgrade.repo) with this content:


Limit number of kernels in CentOS


By default, CentOS will keep the 5 last installed kernels available. Since kernels are getting bigger and the /boot partition is, in most of the cases, a primary partition which is difficult to extent, you can run into problems like I had today. My /boot was getting too small.

I always create it with a size of 150M, but 250M is more common these days. The workaround is quite easy: limit the number of old kernels that you want to keep after installing a new one to 3 instead of the default 5.

Install the package yum-utils:

yum install yum-utils

Now remove the old kernels:

package-cleanup --oldkernels --count=2

To make this permanent, edit /etc/yum.conf and set installonly_limit:


That’s it. CentOS will now install no more than 3 kernels. The current one and two older versions. This also works with other RPM-based systems like Fedora and Redhat or Oracle Enterprise Linux.

Go to Top