AList is a nice tool to make your shares accessible online.
Overall documentation can be reached here, somehow the direct link is a bit hidden in the overall mix of Chinese and English.
The funny thing is that this is a Chinese devleoped open source app. You can see it by the quality of the translations, somehow this make it more interesting to me, as non-English Open Source community needs to be helped and supported as much as possible for a richer and more diverse ecosystem. I am not bothered by security since i trust China not less nor more than the US (or whatever other country…).
I admire how AList guys are trying hard to provide english documentation, and it's another positive point toward the project, which is also actively maintained.
Very simple to host without containers, the porject releases binary packages on GitHub. Download your preferred release here, grab the appropriate binary (linux, amd64, or whatever your self hosting architecture is).
The AList will need to be installed as user fileserver and group users, see this page for more details.
The daemon itself will be stored under /dada/daemons/fileserver, while it's data will be split between:
So:
useradd -m -d /data/daemons/fileserver -g users fileserver mkdir /var/log/alist chown fileserver:users /var/log/alist mkdir /data/shares/alist_data chown fileserver /data/shares/alist_data su - fileserver wget https://github.com/AlistGo/alist/releases/download/<< version >>/alist-linux-amd64.tar.gz mkdir bin cd bin tar xvf ../alist-linux-amd64.tar.gz
AList config file and support data will be located under /data/shares/alist_data.
Run AList once to generate admin password, then replace it with one of you choice:
/data/daemons/fileserver/bin/alist --data /data/shares/alist_data admin INFO[2025-03-19 09:34:53] reading config file: /data/shares/alist_data/config.json INFO[2025-03-19 09:34:53] config file not exists, creating default config file INFO[2025-03-19 09:34:53] load config from env with prefix: ALIST_ INFO[2025-03-19 09:34:53] init logrus... INFO[2025-03-19 09:34:53] Successfully created the admin user and the initial password is: oierjfeD INFO[2025-03-19 09:34:53] Admin user s username: admin INFO[2025-03-19 09:34:53] The password can only be output at the first startup, and then stored as a hash value, which cannot be reversed INFO[2025-03-19 09:34:53] You can reset the password with a random string by running [alist admin random] INFO[2025-03-19 09:34:53] You can also set a new password by running [alist admin set NEW_PASSWORD] fileserver@casa ~/bin $ ./alist --data /data/shares/alist_data admin set new_password INFO[2025-03-19 09:35:35] reading config file: /data/shares/alist_data/config.json INFO[2025-03-19 09:35:35] load config from env with prefix: ALIST_ INFO[2025-03-19 09:35:35] init logrus... INFO[2025-03-19 09:35:35] admin user has been updated: INFO[2025-03-19 09:35:35] username: admin INFO[2025-03-19 09:35:35] password: new_password
Now edit the configuration file /data/shares/alist_data/config.json and at leat change the following values:
"site_url": "https://drive.mydomain.com",
"scheme": {
"address": "127.0.0.1",
"http_port": 5244,
"log": {
"enable": true,
"name": "/var/log/alist/alist.log",
"database": {
"db_file": "/data/shares/alist_data/data.db",
"temp_dir": "/tmp/alist_data/temp",
"bleve_dir": "/tmp/alist_data/bleve",
I have only reported the basic lines to edit, feel free to adapt it to your needs.
Following my reverse proxy concept guidelines, use this configuration file:
server {
server_name drive.mydomain.com;
listen 443 ssl;
listen 8443 ssl;
http2 on;
access_log /var/log/nginx/drive.mydomain.com_access_log main;
error_log /var/log/nginx/drive.mydomain.com_error_log info;
proxy_cache off;
proxy_max_temp_file_size 0;
location / {
proxy_pass http://127.0.0.1:5244;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_redirect off;
client_max_body_size 20000m;
}
include com.mydomain/certbot.conf;
}
and restart your NGINX.
Now start is manually once, or follow the autostart instruction below.
/data/daemons/fileserver/bin/alist --data /data/shares/alist_data server
Point your browser to drive.mydomain.com and login as admin with the password you changed above.
You need to go to the settings page and adapt the settings to your liking.
From Manage go to Settings. The following settings can be interesting to edit.
Under site settings:
Under style settings:
Under preview settings:
Under global settings:
Under other settings:
These are all downloaders. If you don't use them, don't need them linked to AList, but enpty URLs.
The other settings (LDAP, SSO, S3..) are for various authentications approaches. Only SSO (with Authelia) will be discossed below.
Local users can be added individually under the users tab in manage.
I recomend to link to the SSO, as described below instead.
From Manage go to storages. Add all the storages you like. A few notes for local storage at least:
You can add a guest user, one is available but disabled by default, or you can create meta links with specific sharing password. See here for more details.
AList support indexing with many different backends. The easiest one is to enable indexing inside the SQLite database.
According to this page, there are some caveats and in general it can lead to a fairly big SQLite database file, while MySQL has issues. At the same time, my usage is limited, so i don't want to spin up a dedicated indexing external service.
In other words, i leave indexing to none. YMMV.
WebDAV is enabled and can be reached with the same credentials adding dav to the URL, so:
https://drive.mydomain.com <- standard browser login https://drive.mydomain.com/dav/ <- WebDAV client login
AList support plugins, a list can be found here. Good luck! :)
Note: so far i failed at setting up Authelia in AList. The following notes are as far as i got, but currently there seems to be no communication between Authelia and AList itself.
If you have setup your SSO backend, like i describe in this page, go to management → settings → Single Sign ON to enable the link to your Authelia.
The official documentation here is very detailed, hoping you can read Chinese (i cannot)… Otherwise, follow the indications below.
Authelia configuration section, to be added to /home/authelia/configuration.yml:
clients:
- client_id: '<< generate a custom client id, see below >>'
client_secret: '<< generate a custom client secret, see below, the digest goes here >>'
client_name: 'alist'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- https://drive.mydomain.com/api/auth/sso_callback\?method=sso_get_token
- https://drive.mydomain.com/api/auth/sso_callback\?method=get_sso_id
scopes:
- 'openid'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
To generate a ClientID:
authelia crypto rand --length 72 --charset rfc3986
To generate a Client Secret:
authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
Please note both the digest and the password itself!
In AList use the following information:
While AList has a backup function included, i strongly suggest to ignore it and follow my backup approach with rest / backrest.
You will need to backup the /data/shares/alist_data folder.
Create the following file as /etc/init.d/alist:
#!/sbin/openrc-run
# Copyright 1999-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
description="AList file browser"
pidfile="/run/alist.pid"
command_background=true
command="/data/daemons/fileserver/bin/alist"
command_args="--data /data/shares/alist_data server"
command_user="fileserver:users"
depend() {
need net
}
Make it executable, and enable on boot:
chmod +x /etc/init.d/alist rc-update add alist default /etc/init.d/alist start