which NAS for home and docker support ?

[rzr]

I'm looking for a NAS for home, and also to host some of my private projects (in docker).
2 bay NAS should be sufficient for my data, and 2GB RAM.
What about security? I read in many posts that Synology is more secure than Qnap and that I shouldn't expose NAS to internet anyway.
Does it mean I should block ALL access to NAS from internet? or just not expose admin web console ?
What about syncing files between devices (google drive or dropbox client functionality) - at the end this is what I need, syncing files between PCs (even when they aren't at home) - what about QSync client or Synology Drive Client ? are they not safe as well ?
of course it would be nice to access those files thru web as well (from devices without installed client, or is it the security problem?)

Does hardening that setup make sense? routing traffic thru reverse-proxy (I have RaspberryPi4 Nginx for that).

or if exposing NAS functionalities to internet is not safe, then I could run Seafile (which I heard is pretty secure) in a Docker on that NAS (and expose only Seafile's ports)

I was thinking about running my own NAS (with RP4) - I use Seafile now, but I like the idea of a closed nice box with drives, without tinkering too much etc.)
(I mentioned only qnap and synology, but maybe there are other NASes worth considering?)

 

[L&LD]

Welcome to the forums @rzr.

I would recommend QNAP. I wouldn't recommend any two-bay NAS. Buy a 4 Bay or larger NAS and only populate it with the drives you need today (if the budget is that tight). But buying a 2 Bay NAS is just throwing out good money, particularly if the HDDs you're considering are large(r).

Use OpenVPN to have a secure tunnel back into your network. Do not use any of the methods you described to access your data while on the move.

Unless the files you're syncing are very small, you won't be doing backups to the NAS over the internet.

I prefer QNAP over Synology (and yes, you have it right, there are no other choices for a proper NAS), because you get a lot more hardware (2GB RAM is too little, btw) for much less cost.

 

[TheLostSwede]

I think you've read a few too many paranoid posts. Yes, there are security risks of exposing your NAS to the internet, but there are ways to mitigating this, like using a VPN when you connect to your home network when you're not at home.

Having worked at QNAP many moons ago, I can tell you that all the NAS makers are equally good/bad when it comes to security, as they've all been affected by various security holes that have enabled hackers to encrypt the data on internet connected NAS appliances. However, most of the time, this has been through their own remote access services that weren't secure. So as long as you use secure passwords and change them from time to time, you should be fine to expose some services, but remember that you can turn off those services after you're done using them, so you don't have to expose open ports when you don't need to.

You missed out on a kickstarter by Ugreen which offered some really affordable options, but outside of that, I would say Asustor offer better hardware for the money compared to QNAP and Synology. Some fun trivia, Synology was started by disgruntled people at QNAP and Asustor was started by disgruntled people at QNAP and Synology. One advantage with both Asustor and Ugreen, is that they have less patched up old code in their products, as both companies have more recent software foundations compared to QNAP and Synology. That said, I'm not sure how trustworthy Ugreen's software is, as it's a xinese company. Asustor, QNAP and Synology are all Taiwanes companies.

At least these days QNAP is making an appearance about patching security issues quickly, but I can tell you that when I was there, it was anything but priority. That is close to a decade ago by now, so things have hopefully changed. That said, Synology doesn't even seem to pretend to be bothered, which is equally bad if not worse.

Personally I built my own, running OpenMediaVault, which is pretty straight forward to get up and running without much fuss. Sure, the UI/UX isn't as slick, but it's getting updated regularly and worst case, you have full access to the underlying operating system and can update it on your own, as far as security patches are concerned.

Do NOT get an Arm based NAS if you're going pre-built, as those only get about a quarter of the software, especially the third party stuff, as not that many developers want to spend time on having to build their software for multiple processor platforms.

 

[rzr]

Ok So i read a bit and checked some apps, like QSync, which uses HTTPS for communication, it should be as secure as any web server (especially if it goes thru mine reverse-proxy which has geofence and quite strict fail2ban - banning IPs after 2 unsuccesful logins, or after a few http requests ending with 4xx status)
But, I've checked and installed WireGuard VPN on my RaspberryPi4 (works as reverse-proxy as well) and VPN client on my PC - so I can use it to access NAS.

considering that no NAS is secure enough to be exposed, it doesn't matter if it's Synology or Qnap or smth else at the end ?
QNaps have a bit better configuration for the same money, any other differences in functionality ?
Synology has Synology Hybrid RAID (SHR) - do other NASes have something similar? looks like useful thing during expansion of your NAS

 

[rzr]

I was thinking about buying older NAS to learn about it, and after a few months, when I know more, I could be buy final device (maybe 4 bays, and for many years).

I thought about used Synology DS218+ (~220 eur), DS418play, Qnap TS-453B 16GB (around 250 eur), TS-251D 8GB (around 250 eur too)

however, older models - ds218+, ts-453B have Celerons J3355 and J3455 www synoforum com /threads/reliability-issue-with-intel-celeron-n3350-j3355-j3455-and-pentium-n4200-cpus.1419/ nascompares com /intel-apollo-lake-n3350-j3355-j3455-and-n4200-nas-cpu-issue/
so is it safe buying those devices? even for a few months ?


TS-251D (Celeron J4025 - I couldn't find problems with it).
or I can see used DS220+ it has J4025 too.
Is it a good idea? or maybe I should look at other models?

new TS-262 costs almost 2x of that, DS224+ only a bit less.

 

[L&LD]

With NAS, there is no try, only do.

Don't waste your money time and energy on older units. The new ones are different. Sometimes, vastly.

Buy a four bay or larger (QNAP) NAS. Buy as many WD Red Plus drives (10TB or larger) as you can.

Set up the NAS and just use it for the next decade or so.

 

[sfx2000]

I can't recommend any NAS for Docker work... compatibility with current images along with security concerns...

Mostly due to the fact they can't have the most recent version of Docker itself... that and any updates, things can fall apart and break fairly easy...

I would suggest something like an Intel NUC or similar running a current LTS version of Linux, as that distro will have a more current version of Docker and the support needed...

 

[sfx2000]

At least these days QNAP is making an appearance about patching security issues quickly, but I can tell you that when I was there, it was anything but priority. That is close to a decade ago by now, so things have hopefully changed. That said, Synology doesn't even seem to pretend to be bothered, which is equally bad if not worse.

Mixed feelings here - I would like things to be current/up to date with patches, etc...

At the same time, not exposing the NAS to the internet reduces the threat surface for many of the CVE's targeted towards NAS devices...

QNAP has been aggressive at providing patches, mostly because their threat surface is a bit more that most...

Can't say Syno or others are any better...

Win/Mac as LAN servers are likely more secure overall... as Microsoft and Apple tend to keep on top of threats, and issue updates on a regular basis..

 

[rzr]

for now I bought used DS220+, (newer CPU - without bugs and expandable memory).
Also I've already done a test, If I need newest Docker (26.x) - I run VM with Alpine linux (256MB RAM - was possible to run on DS220+ with only 2GB RAM) with Docker and simple python3 webserver container (memory used around 90MB in VM).

 

[rzr]

I've installed 8GB Timetec stick, it works.
However, also I already found big a CON for me .... Synology Drive Client ignores symlinks ... which I thought would be an obvious thing (to organise things to be synced)