User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
selfhost:fileserver [2024/01/16 10:34] willyselfhost:fileserver [2025/03/19 15:09] (current) willy
Line 1: Line 1:
-====== File Server ======+====== H) File Server ======
  
 +I will not discuss how to share your files on the home network using __legacy__ tools like [[https://it.wikipedia.org/wiki/Network_File_System|NFS]] or [[https://it.wikipedia.org/wiki/Samba_(software)|SAMBA]], there are plenty of tutorials online and, beside, it's kind out of the scope for self-hosting.
  
-Access to a **common area** and user-specific **private** areas.+I will focus on how to provide access via __web browser__ and via __WebDAV__, which is web-based sharing protocol a bit like NFS or SAMBA, but aimed ad broader //in**ter**net// access, and not //in**tra**net// access.
  
-Access must be both from web page (HTTP/S) and from WebDAV.+The idea is to create share areas where your users will be able to store files. It is possible to extend this idea also to user-specific areas where each user can put private stuff not visible by other users, but this require a little bit extra complexity and might be addressed in the future.
  
-[[sailing:filebrowser]] is used for web based access from browser+You will be using your SSO authentication, there will be no need to create new users anywhere, and it will of course be protected by the Reverse Proxy for external access.
  
-[[sailing:NGINX]] is used as WebDAV server.+In the past i used a more complex solution leveraging more tools. That obsolete solution has been moved, for reference, [[selfhost:obsolete:fileserver-legacy|here]].
  
-===== Background =====+===== Overall Architecture and Shares =====
  
-From users point of view, the common area will be managed by user **filebrowser** which is designed to run as group **users** with an //umask// 550 so that any files uploaded via web browser will be accessible to the normal users.+This solution leverages the use of one tool called AList (installation & configuration instructions [[services:alist|here]]). AList is a pretty neat open source tool which is capable to provide, at the same time, both a browser-based solution and a WebDAV solution to access your files.
  
-Of courseeach user will need to be part of the **users** group as well.+AList itself also support SSO integrationopening the way to provide also a public sharing approach, if needed since the SSO should not be enabled at reverse-proxy level.
  
-You will need a common "archive" folder under **/data/archive** to store some needed stuff. +You can also define as many shared folders as you likeand even connect to remote services from the same UI.
-This folder will need to contain: +
-  * **common** subfolderwhere the common area files will be stored (created in the [[sailing:filebrowser]] instructions) +
-  * **temp/uploads** subfolder, required by WebDAV to upload files  +
-  * **temp/pids** subfolder, to store NGINX pids +
-  * **temp/tmp** subfolder, to store NGINX run files +
-  * **logs** subfolder, to store NGINX log files +
-  * **conf** subfolder, where you will store custom NGINX config files for the private areas (and common area too)+
  
-Create the folders:+I will assume that your shares are under **/data/shares**, but of course each share can be located anywhere you like. Let's also assume, as an example, that your share is called __/data/shares/common__ and is managed by the user __fileserver__ of the group __users__. The requirement for users and groups will be detailed later on. 
 + 
 +Each share folder will have the following structure: 
 +  * /data/share/common/ 
 +  * /data/share/other_share/ 
 +  * /data/share/another_share/ 
 + 
 +Your AList installation will provide WebDAV and browser access from one single port hwich need to be reverse-proxied. 
 + 
 +I choose to assign a dedicated subdomain, **drive.mydomain.com**, as file server and organize the shares like this: 
 +  * **https://drive.mydomain.com**: will show a main login page to access all the shares  
 +  * **https://drive.mydomain.com/common**: direct browser access URL for __common__ 
 +  * **https://drive.mydomain.com/webdav**: WebDAV access URL for all the shares 
 +  * **https://drive.mydomain.com/webdav/common**: WebDAV specific access URL for __common__ 
 +  * **https://drive.mydomain.com/dav**: WebDAV access URL for all the shares 
 +  * **https://drive.mydomain.com/dav/common**: WebDAV specific access URL for __common__ 
 + 
 +I think that /webdav is easier to remember than /dav, but AList by default shared WebDAV under /dav, NGINX will be used to map the /webdav path to /dav. 
 + 
 +You can add any more folders as separate shares as you like. Due to how WebDAV works, it is mandatory to separate the browser accessible URLs from the WebDAV ones, like i did above. 
 + 
 + 
 +=== Permissions and Users === 
 + 
 +(Note: you should run AList as the user **fileserver** and group **users**) 
 + 
 +I assume you have already created the user **fileserver** when installing AList.  
 + 
 +You need to set the //umask// for the fileserver user to **0002** so that any new files created by it will be writable by the users:
 <code bash> <code bash>
- > mkdir /data/archive +mkdir /data/shares 
- mkdir /data/archive/logs +mkdir /data/shares/common 
- > mkdir /data/archive/common +chown fileserver:users /data/shares
- > mkdir /data/archive/temp +
- > mkdir /data/archive/temp/pids +
- > mkdir /data/archive/temp/tmp +
- > mkdir /data/archive/conf +
- > chown filebrowser:users -R /data/archive+
 </code> </code>
  
-===== NGINX WebDAV approach ===== 
  
-No need to use third party WebDAV server since NGINX has a pretty solid implementation of it already. Follow the [[sailing:nginx]] instructions to set NGINX up with WebDAV and PAM auth support.+===== Fileserver access via Browser =====
  
-Nowthere is a nasty catch here which stems from using NGINX as WebDAV server... You need to run NGINX as //filebrowser// user to ensure that the access trough WebDAV will not incur in access permissions errors. Running NGINX as standalone user requires the creation of a specific nginx.conf with some specifics in it.+Nothing extra needs to be done except install AListand adding the new shares inside it's WEB configuration.
  
-For consistency, this NGINX config file will be **/data/archive/conf/nginx_common.conf**: 
-<file txt /data/archive/conf/nginx_common.conf> 
  
 +===== Fileserver access via WebDAV =====
  
-</file> +__NOTE:__ using HTTP will cause a 301 redirect to HTTPS, and WebDAV clients will fail. So use HTTPS URL in webdav clients and not HTTP.
- +
-nginx -c /deposito/archive/conf/nginx_common.conf -e /deposito/archive/logs/common_error_log+
  
 +The only chnage you need to make is to add the following location to the NGINX configuration file you created during AList setup:
 +<code>
 +        location /webdav/ {
 +               proxy_pass http://127.0.0.1:5244/dav/;
 +               proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +               proxy_set_header X-Forwarded-Proto $scheme;
 +               proxy_set_header Host $http_host;
 +               proxy_set_header X-Real-IP $remote_addr;
 +               proxy_set_header Range $http_range;
 +               proxy_set_header If-Range $http_if_range;
 +               proxy_redirect off;
 +               client_max_body_size 20000m;
 +        }
 +</code>
  
 +which will remap /webdav to /dav