This is an old revision of the document!
File Server
Access to a common area and user-specific private areas.
Access must be both from web page (HTTP/S) and from WebDAV.
filebrowser is used for web based access from browser
NGINX is used as WebDAV server.
Background
From users point of view, the common area will be managed by user filebrowser which is designed to run as group users with an umask 550 so that any files uploaded via web browser will be accessible to the normal users.
Of course, each user will need to be part of the users group as well.
You will need a common “archive” folder under /data/archive to store some needed stuff. This folder will need to contain:
- common subfolder, where the common area files will be stored (created in the filebrowser instructions)
- temp/uploads subfolder, required by WebDAV to upload files
- temp/pids subfolder, to store NGINX pids
- temp/tmp subfolder, to store NGINX run files
- logs subfolder, to store NGINX log files
- conf subfolder, where you will store custom NGINX config files for the private areas (and common area too)
Create the folders:
> mkdir /data/archive > mkdir /data/archive/logs > mkdir /data/archive/common > mkdir /data/archive/temp > mkdir /data/archive/temp/pids > mkdir /data/archive/temp/tmp > mkdir /data/archive/conf > chown filebrowser:users -R /data/archive
NGINX WebDAV approach
No need to use third party WebDAV server since NGINX has a pretty solid implementation of it already. Follow the nginx instructions to set NGINX up with WebDAV and PAM auth support.
Now, there is a nasty catch here which stems from using NGINX as WebDAV server… You need to run NGINX as filebrowser user to ensure that the access trough WebDAV will not incur in access permissions errors. Running NGINX as standalone user requires the creation of a specific nginx.conf with some specifics in it.
For consistency, this NGINX config file will be /data/archive/conf/nginx_common.conf:
- /data/archive/conf/nginx_common.conf
worker_processes 1; pid /data/archive/temp/pids/nginx_common.pid; error_log /data/archive/logs/common_error_log info; events { worker_connections 100; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; # These folder MUST be redirected to avoid usage of system wide ones: client_body_temp_path /data/archive/temp/tmp; proxy_temp_path /data/archive/temp/tmp; fastcgi_temp_path /data/archive/temp/tmp; uwsgi_temp_path /data/archive/temp/tmp; scgi_temp_path /data/archive/temp/tmp; disable_symlinks off; keepalive_timeout 75 20; server { server_name 127.0.0.1; access_log /data/archive/logs/common_access_log; location / { root /data/archive/common/; dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; dav_access user:rw group:rw all:r; client_max_body_size 0; create_full_put_path on; client_body_temp_path /data/archive/uploads; } listen 10000; } }
This NGINX server will listen on 127.0.0.1:10000, and you will need to setup a reverse proxy from the main NGINX, by creating the following config file /etc/nginx/folders/webdav.conf:
and including it into the main NGINX server.
Now, edit the /data/daemons/filebrowser/filebrowser.sh file and add the following line:
nginx -c /deposito/archive/conf/nginx_common.conf -e /deposito/archive/logs/common_error_log
like this:
- filebrowser.sh
#!/bin/bash cd /data/daemons/filebrowser && nginx -c /data/archive/conf/nginx_common.conf -e /data/archive/logs/common_error_log ./filebrowser -r /data/archive/common -p 3002 -b /archive/common 2>&1 > filebrowser.log
and restart filebrwoser and the main NGINX.
At this point, your common area will be ready and working both on WebDAV and directly via web browser.