QNAP Backup to S3 over HTTPS

If you’re like me, and you have a QNAP NAS for your home network and you want to back it up to Amazon’s S3, be aware that their default configuration uses HTTP and not HTTPS!

You have to manually update the configuration file yourself to use HTTPS. Why it’s not an option in the GUI? Who knows….

You need to edit this file:

/usr/local/amazons3/amazonS3RR.php

and change this line:

public function __construct($accessKey = null, $secretKey = null, $useSSL = false) {

to this one:

public function __construct($accessKey = null, $secretKey = null, $useSSL = true) {

Thank you to usr metrical on the QNAP forums for suggesting this.

Background: while setting up firewall rules for my home network, like a good infosec professional should do for all their services (including IoT), I noticed that the traffic during S3 backups was leaving on port 80 instead of port 443. After some googling, I came across the article linked above.

BTW I have been using Peplink’s Pepwave SOHO Mk3 and I highly recommend it! Easier to use than DD-WRT and more stable. They also do automatic updates of firmware so you never need to worry about outdated firmware ever again. And they keep adding features to the device. Personally, I am hoping for an NTP proxy because all my systems locally use either hardcoded NTP servers or I configure them to pool.ntp.org — but it would be nice to redirect them all to a local NTP server (which I am in the market for).

qnap-s3-bkp

Update: be sure to check the configuration after running a firmware update because the file may be overwritten and default back to using HTTP.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s