群晖DSM 7使用Docker安装ZeroTier

2022-5-4

官方文档:https://docs.zerotier.com/devices/synology

Synology 的 DSM 7 不允许第三方应用程序以 root 身份运行。因此,我们现在推荐使用 Docker 来运行 ZeroTier。

它是在您的 NAS 上运行第三方应用程序的更安全的方式。

设置后,此配置将在重新启动和 DSM 升级后保持不变。

创建一个持久的

以管理员方式运行

<span class="pln">sudo </span><span class="pun">-</span><span class="pln">i</span>
检查tun模块状态

检查是否安装了  tun  模块:

<span class="pln">lsmod </span><span class="pun">|</span><span class="pln"> grep tun</span>

如果结果为空,请尝试安装它:

<span class="pln">insmod </span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">modules</span><span class="pun">/</span><span class="pln">tun</span><span class="pun">.</span><span class="pln">ko</span>

如果一切顺利,继续进行下一个测试。

测试tun.ko模块是否有效

确保  tun.ko  模块可以正常工作:

<span class="pln">mkdir </span><span class="pun">/</span><span class="pln">dev</span><span class="pun">/</span><span class="pln">net
mknod </span><span class="pun">/</span><span class="pln">dev</span><span class="pun">/</span><span class="pln">net</span><span class="pun">/</span><span class="pln">tun c </span><span class="lit">10</span><span class="pln"> </span><span class="lit">200</span><span class="pln">
chmod </span><span class="lit">600</span><span class="pln"> </span><span class="pun">/</span><span class="pln">dev</span><span class="pun">/</span><span class="pln">net</span><span class="pun">/</span><span class="pln">tun
cat </span><span class="pun">/</span><span class="pln">dev</span><span class="pun">/</span><span class="pln">net</span><span class="pun">/</span><span class="pln">tun</span>

如果  cat  命令的返回结果是  File descriptor in bad state,则表示模块已正确安装。

使tun.ko模块持久化

模块安装需要在每次 Syn­ol­ogy 重启时保持持久性,就必须重复使用  insmod  命令。

可以创建开机脚本搞定,执行如下命令进行创建:

<span class="pln">cat </span><span class="pun"><<</span><span class="pln">EOF </span><span class="pun">></span><span class="pln"> </span><span class="str">/usr/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">rc</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">tun</span><span class="pun">.</span><span class="pln">sh
</span><span class="com">#!/bin/sh -e</span><span class="pln">

insmod </span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">modules</span><span class="pun">/</span><span class="pln">tun</span><span class="pun">.</span><span class="pln">ko
</span><span class="typ">EOF</span>

给脚本可执行权限:

<span class="pln">chmod a</span><span class="pun">+</span><span class="pln">x </span><span class="pun">/</span><span class="pln">usr</span><span class="pun">/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">rc</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">tun</span><span class="pun">.</span><span class="pln">sh</span>

重新启动 Syn­ol­ogy NAS 或手动执行一次脚本。完成!

运行一次脚本以创建一个 TUN

<span class="str">/usr/</span><span class="kwd">local</span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">rc</span><span class="pun">.</span><span class="pln">d</span><span class="pun">/</span><span class="pln">tun</span><span class="pun">.</span><span class="pln">sh</span>

运行ZeroTier Docker

创建目录来存储 ZeroTier 的身份和配置(容器目录挂载到宿主机)

<span class="pln">mkdir </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">one</span>

拉取ZeroTier Docker容器并运行(容器名zt):

<span class="pln">docker run </span><span class="pun">-</span><span class="pln">d           \
  </span><span class="pun">--</span><span class="pln">name zt             \
  </span><span class="pun">--</span><span class="pln">restart</span><span class="pun">=</span><span class="pln">always      \
  </span><span class="pun">--</span><span class="pln">device</span><span class="pun">=</span><span class="str">/dev/</span><span class="pln">net</span><span class="pun">/</span><span class="pln">tun \
  </span><span class="pun">--</span><span class="pln">net</span><span class="pun">=</span><span class="pln">host            \
  </span><span class="pun">--</span><span class="pln">cap</span><span class="pun">-</span><span class="pln">add</span><span class="pun">=</span><span class="pln">NET_ADMIN   \
  </span><span class="pun">--</span><span class="pln">cap</span><span class="pun">-</span><span class="pln">add</span><span class="pun">=</span><span class="pln">SYS_ADMIN   \
  </span><span class="pun">-</span><span class="pln">v </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">one</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">one zerotier</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">synology</span><span class="pun">:</span><span class="pln">latest</span>

Github:https://github.com/zerotier/zerotier-synology

Docker Hub:https://hub.docker.com/r/zyclonite/zerotier

常用命令

查看节点状态

<span class="pln">docker </span><span class="kwd">exec</span><span class="pln"> </span><span class="pun">-</span><span class="pln">it zt zerotier</span><span class="pun">-</span><span class="pln">cli status</span>

加入您的网络

<span class="pln">docker </span><span class="kwd">exec</span><span class="pln"> </span><span class="pun">-</span><span class="pln">it zt zerotier</span><span class="pun">-</span><span class="pln">cli join e5cd7a9e1cae134f</span>

在官网网络设备列表中授权NAS 。然后查看网络状态:

<span class="pln">docker </span><span class="kwd">exec</span><span class="pln"> </span><span class="pun">-</span><span class="pln">it zt zerotier</span><span class="pun">-</span><span class="pln">cli listnetworks</span>

显示正在运行的容器(可选)

<span class="pln">docker ps</span>

进入容器(可选)

<span class="pln">docker </span><span class="kwd">exec</span><span class="pln"> </span><span class="pun">-</span><span class="pln">it zt bash</span>

升级 ZeroTier

要升级 ZeroTier,您需要停止并删除容器,然后拉取最新的并启动一个新容器:

<span class="pln">docker ps</span>

示例输出:

<span class="pln">CONTAINER ID   IMAGE                               COMMAND          CREATED       STATUS      PORTS     NAMES
</span><span class="lit">52c7cb58a1dd</span><span class="pln">   zerotier</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">synology</span><span class="pun">:</span><span class="pln">latest   </span><span class="str">"zerotier-one"</span><span class="pln">   </span><span class="lit">5</span><span class="pln"> weeks ago   </span><span class="typ">Up</span><span class="pln"> </span><span class="lit">9</span><span class="pln"> days             zt</span>

停止容器

<span class="pln">docker stop </span><span class="lit">52c7cb58a1dd</span>

删除容器

<span class="pln">docker container rm </span><span class="lit">52c7cb58a1dd</span>

拉取最新镜像

<span class="pln">docker pull zerotier</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">synology</span><span class="pun">:</span><span class="pln">latest</span>

运行容器

<span class="pln">docker run </span><span class="pun">-</span><span class="pln">d           \
  </span><span class="pun">--</span><span class="pln">name zt             \
  </span><span class="pun">--</span><span class="pln">restart</span><span class="pun">=</span><span class="pln">always      \
  </span><span class="pun">--</span><span class="pln">device</span><span class="pun">=</span><span class="str">/dev/</span><span class="pln">net</span><span class="pun">/</span><span class="pln">tun \
  </span><span class="pun">--</span><span class="pln">net</span><span class="pun">=</span><span class="pln">host            \
  </span><span class="pun">--</span><span class="pln">cap</span><span class="pun">-</span><span class="pln">add</span><span class="pun">=</span><span class="pln">NET_ADMIN   \
  </span><span class="pun">--</span><span class="pln">cap</span><span class="pun">-</span><span class="pln">add</span><span class="pun">=</span><span class="pln">SYS_ADMIN   \
  </span><span class="pun">-</span><span class="pln">v </span><span class="pun">/</span><span class="kwd">var</span><span class="pun">/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">one</span><span class="pun">:</span><span class="str">/var/</span><span class="pln">lib</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">one zerotier</span><span class="pun">/</span><span class="pln">zerotier</span><span class="pun">-</span><span class="pln">synology</span><span class="pun">:</span><span class="pln">latest</span>

加入网络

 

<span class="pln">docker </span><span class="kwd">exec</span><span class="pln"> zt zerotier</span><span class="pun">-</span><span class="pln">cli join </span><span class="lit">9c960b9ac2(你的网络ID)
</span>
阅读剩余
版权声明:
作者:laifa
链接:https://www.tyhlw.org/?p=329
文章版权归作者所有,未经允许请勿转载。
THE END
zerotier
群晖 Docker部署全能下载工具 Aria2 Pro
<<上一篇
win10、win11 最新版下载
下一篇>>
相关推荐
群晖第三方套件源汇总
轻量级 NAS 系统推荐 Zimaos, 最新版1.3.1
unRAID Server Pro 6.12.11 老毛子版
iStoreOS 一个路由兼轻 NAS 系统,有自己的应用市场。
群晖(NAS)安装 zerotier
VMware vSphere 8.0c - 企业级工作负载平台
轻量级PHP单文件在线文件管理器 tinyfilemanager
CasaOS,一个有个有着漂亮界面的家庭云(nas)系统
群晖DSM 7使用Docker安装ZeroTier
群晖 Docker部署全能下载工具 Aria2 Pro