The Hemmelig application is to be used to share encrypted secrets across organizations, or as private users. Hemmelig truly cares about your privacy, and will do everything to stay that way. In this step by step guide I will show you how to install Hemmelig on your Synology NAS using Docker.
Hemmelig v6.0.10 release.
This guide works perfectly with the latestSTEP 1
Please Support My work by Making a Donation.
STEP 2
Install Portainer using my step by step guide. If you already have Portainer installed on your Synology NAS, skip this STEP. Attention: Make sure you have installed the latest Portainer version.
STEP 3
Make sure you have a synology.me Wildcard Certificate. Follow my guide to get a Wildcard Certificate. If you already have a synology.me Wildcard certificate, skip this STEP.
STEP 4
Go to Control Panel / Login Portal / Advanced Tab / click Reverse Proxy. Follow the instructions in the image below.
STEP 5
Now click the “Create” button. Follow the instructions in the image below.
STEP 6
After you click the Create button, the window below will open. Follow the instructions in the image below.
On the General area, set the Reverse Proxy Name description: type in hemmelig. After that, add the following instructions:
Source:
Protocol: HTTPS
Hostname: hemmelig.yourname.synology.me
Port: 443
Check Enable HSTS
Destination:
Protocol: HTTP
Hostname: localhost
Port: 3510
STEP 7
On the Reverse Proxy Rules click the Custom Header tab. Click Create and then, from the drop-down menu, click WebSocket. After you click on WebSocket, two Header Names and two Values will be automatically added. Click Save. Follow the instructions in the image below.
STEP 8
Go to Control Panel / Network / Connectivity tab/ Check Enable HTTP/2 then click Apply. Follow the instructions in the image below.
STEP 9
Go to Control Panel / Security / Advanced tab/ Check Enable HTTP Compression then click Apply. Follow the instructions in the image below.
STEP 10
Go to File Station and open the docker folder. Inside the docker folder, create one new folder and name it hemmelig. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 11
Now create two new folders inside the hemmelig folder that you created at STEP 10 and name them db and upload. Follow the instructions in the image below.
Note: Be careful to enter only lowercase, not uppercase letters.
STEP 12
Right click on the hemmelig folder that you have previously created at STEP 10 then click Properties. Follow the instructions in the image below.
STEP 13
Go to the Permission tab then click Advanced options. From the drop-down menu choose “Make inherited permissions explicit“. Follow the instructions in the image below.
STEP 14
Select Everyone then click the Edit tab. Follow the instructions in the image below.
STEP 15
Check all Read and Write Permissions. Click Done. Follow the instructions in the image below.
STEP 16
After you click Done on STEP 15, check “Apply to this folder, sub-folders and files“. Click Save. Follow the instructions in the image below.
STEP 17
Log into Portainer using your username and password. On the left sidebar in Portainer, click on Stacks then + Add stack. Follow the instructions in the image below.
STEP 18
In the Name field type in hemmelig. Follow the instructions in the image below.
version: "3.9" services: hemmelig: image: hemmeligapp/hemmelig:latest container_name: Hemmelig hostname: hemmelig init: true volumes: - /volume1/docker/hemmelig/upload:/var/tmp/hemmelig/upload/files - /volume1/docker/hemmelig/db:/home/node/hemmelig/database/ environment: - SECRET_LOCAL_HOSTNAME=0.0.0.0 - SECRET_PORT=3000 - SECRET_HOST=hemmelig.yourname.synology.me - SECRET_ROOT_USER=marius - SECRET_ROOT_PASSWORD=iamroot # The admin user password (Change this only after the first sign in! Do NOT change now!!!) - SECRET_ROOT_EMAIL=yourown@email - SECRET_FILE_SIZE=4 # Set the total allowed upload file size in mb - SECRET_FORCED_LANGUAGE=en # Set the default language for the application. de for German, it for Italian, fr for French. - SECRET_JWT_SECRET=MariushostingMariushostingMari13 - SECRET_MAX_TEXT_SIZE=1024 # The max text size for the secret. Is set in kb. i.e. 1024 for 1024kb ports: - 3510:3000 stop_grace_period: 1m restart: on-failure:5
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_HOST and type in your own synology.me DDNS without https:// at the beginning that you have previously created at STEP 6.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_ROOT_USER and type in your own username. marius is an example for an username you should use your own username.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_ROOT_EMAIL and type in your own email address.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_FORCED_LANGUAGE and set your default language. en is for English, de is for German, fr is for French etc.
Note: Before you paste the code above in the Web editor area below, change the value for SECRET_JWT_SECRET and add your own JWT SECRET. MariushostingMariushostingMari13 is an example for a JWT SECRET. You should invent your own Value. Add 32 random characters, both letters and numbers.
STEP 19
Scroll down on the page until you see a button named Deploy the stack. Click on it. Follow the instructions in the image below. The installation process can take up to a few minutes. It will depend on your Internet speed connection.
STEP 20
If everything goes right, you will see the following message at the top right of your screen: “Success Stack successfully deployed“.
STEP 21
Go back to STEP 1 or you will deal with karma 🙂.
STEP 22
Now open your browser and type in your HTTPS/SSL certificate like this https://hemmelig.yourname.synology.me that you have previously created at STEP 6. In my case it’s https://hemmeligh.mariushosting.synology.me If everything goes right, you will see the Hemmelig page. At the top right of the page click on the 3 horizontal lines. Follow the instructions in the image below.
STEP 23
Click Sign in. Follow the instructions in the image below.
STEP 24
Type in your own username that you have previously created at STEP 18 and the default password which is iamroot. Click Sign in. Follow the instructions in the image below.
STEP 25
On the left sidebar click Account settings. Follow the instructions in the image below.
STEP 26
Type in your current default password which is iamroot then type in your new password, then click Update details. Follow the instructions in the image below.
STEP 27
Disable user registration. On the left sidebar click Instance settings. Check Disable user account creation then click Update settings. Follow the instructions in the image below.
STEP 28
Add your own message, title, upload files, choose max views, add a password, restrict an IP or entire CIDR. Choose the Lifetime message. Click Create a secret link. Follow the instructions in the image below.
STEP 29
Copy your own link then share the link with your public. Follow the instructions in the image below.
STEP 30
Click View the secret to view the secret message if you have previously created a password at STEP 28. Follow the instructions in the image below.
STEP 31
Your secret page at a glance!
Enjoy Hemmelig!
If you encounter issues by using this container, make sure to check out the Common Docker issues article.
Note: Find out how to update the Hemmelig container with the latest image.
Note: Can I run Docker on my Synology NAS? See the supported models.
Note: How to Back Up Docker Containers on your Synology NAS.
Note: How to Free Disk Space on Your NAS if You Run Docker.
Note: How to Schedule Start & Stop For Docker Containers.
Note: How to Activate Email Notifications.
Note: How to Add Access Control Profile on Your NAS.
Note: How to Change Docker Containers Restart Policy.
Note: How to Use Docker Containers With VPN.
Note: Convert Docker Run Into Docker Compose.
Note: How to Clean Docker.
Note: How to Clean Docker Automatically.
Note: Best Practices When Using Docker and DDNS.
Note: Some Docker Containers Need WebSocket.
Note: Find out the Best NAS Models For Docker.
Note: Activate Gmail SMTP For Docker Containers.
This post was updated on Thursday / December 5th, 2024 at 10:31 PM