Synology oathtool via Docker

Prerequisite#

• Synology Container Manager package

Reason#

oathtool is needed for deploying LetsEncrypt certificates with the acme.sh script via the synology_dsm hook if you have two factor authentication enabled.

Instructions#

The first thing we want to do is to build a custom docker image. I used this for my Dockerfile.

FROM debian:bullseye-slim

RUN apt-get update && \
    apt-get install -y --no-install-recommends oathtool && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/*

ENTRYPOINT ["oathtool"]

After creating your Dockerfile, we build the image.

docker build -t custom-oathtool .

Now that we have a docker image with oathtool installed, we will create a script to act as the oathtool and pass arguments to the oathtool inside the docker images. We want to make sure we remove the container (–rm) created after it runs the tool so we do not accumulated a large amount of old containers.

We want to name the script oathtool and place it in /usr/bin/ so that when oathtool is called by any other script our script runs.

/usr/bin/oathtool :

#!/bin/sh
docker run --rm custom-oathtool "$@"

Now we need to make sure it is executable

chmod 755 /usr/bin/oathtool

You can now use SYNO_TOTP_SECRET environmental variable to deploy your acme.sh certificates with the synology_dsm hook.