AList
AList is a nice tool to make your shares accessible online.
Overall documentation can be reached here, somehow the direct link is a bit hidden in the overall mix of Chinese and English.
The funny thing is that this is a Chinese devleoped open source app. You can see it by the quality of the translations, somehow this make it more interesting to me, as non-English Open Source community needs to be helped and supported as much as possible for a richer and more diverse ecosystem. I am not bothered by security since i trust China not less nor more than the US (or whatever other country…).
I admire how AList guys are trying hard to provide english documentation, and it's another positive point toward the project, which is also actively maintained.
Installation
Very simple to host without containers, the porject releases binary packages on GitHub. Download your preferred release here, grab the appropriate binary (linux, amd64, or whatever your self hosting architecture is).
The AList will need to be installed as user fileserver and group users, see this page for more details.
The daemon itself will be stored under /dada/daemons/fileserver, while it's data will be split between:
- /data/shares/alist_data: config file and SQLite database
- /var/log/alist: logs (autorotated)
- /tmp/alist_data: temp files and such
So:
useradd -m -d /data/daemons/fileserver -g users fileserver mkdir /var/log/alist chown fileserver:users /var/log/alist mkdir /data/shares/alist_data chown fileserver /data/shares/alist_data su - fileserver wget https://github.com/AlistGo/alist/releases/download/<< version >>/alist-linux-amd64.tar.gz mkdir bin cd bin tar xvf ../alist-linux-amd64.tar.gz
AList config file and support data will be located under /data/shares/alist_data.
Initial offline configuration
Run AList once to generate admin password, then replace it with one of you choice:
/data/daemons/fileserver/bin/alist --data /data/shares/alist_data admin INFO[2025-03-19 09:34:53] reading config file: /data/shares/alist_data/config.json INFO[2025-03-19 09:34:53] config file not exists, creating default config file INFO[2025-03-19 09:34:53] load config from env with prefix: ALIST_ INFO[2025-03-19 09:34:53] init logrus... INFO[2025-03-19 09:34:53] Successfully created the admin user and the initial password is: oierjfeD INFO[2025-03-19 09:34:53] Admin user s username: admin INFO[2025-03-19 09:34:53] The password can only be output at the first startup, and then stored as a hash value, which cannot be reversed INFO[2025-03-19 09:34:53] You can reset the password with a random string by running [alist admin random] INFO[2025-03-19 09:34:53] You can also set a new password by running [alist admin set NEW_PASSWORD] fileserver@casa ~/bin $ ./alist --data /data/shares/alist_data admin set new_password INFO[2025-03-19 09:35:35] reading config file: /data/shares/alist_data/config.json INFO[2025-03-19 09:35:35] load config from env with prefix: ALIST_ INFO[2025-03-19 09:35:35] init logrus... INFO[2025-03-19 09:35:35] admin user has been updated: INFO[2025-03-19 09:35:35] username: admin INFO[2025-03-19 09:35:35] password: new_password
Now edit the configuration file /data/shares/alist_data/config.json and at leat change the following values:
"site_url": "https://drive.mydomain.com",
"scheme": {
"address": "127.0.0.1",
"http_port": 5244,
"log": {
"enable": true,
"name": "/var/log/alist/alist.log",
"database": {
"db_file": "/data/shares/alist_data/data.db",
"temp_dir": "/tmp/alist_data/temp",
"bleve_dir": "/tmp/alist_data/bleve",
I have only reported the basic lines to edit, feel free to adapt it to your needs.
Reverse Proxy
Following my reverse proxy concept guidelines, use this configuration file:
server {
server_name drive.mydomain.com;
listen 443 ssl;
listen 8443 ssl;
http2 on;
access_log /var/log/nginx/drive.mydomain.com_access_log main;
error_log /var/log/nginx/drive.mydomain.com_error_log info;
proxy_cache off;
proxy_max_temp_file_size 0;
location / {
proxy_pass http://127.0.0.1:5244;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Range $http_range;
proxy_set_header If-Range $http_if_range;
proxy_redirect off;
client_max_body_size 20000m;
}
include com.mydomain/certbot.conf;
}
and restart your NGINX.
Initial online configuration
Now start is manually once, or follow the autostart instruction below.
/data/daemons/fileserver/bin/alist --data /data/shares/alist_data server
Point your browser to drive.mydomain.com and login as admin with the password you changed above.
You need to go to the settings page and adapt the settings to your liking.
General
From Manage go to Settings. The following settings can be interesting to edit.
Under site settings:
- title: title of your web page
- Announcement: write your announcement message or URL here
- Pagination type: i suggest you enable pagination and set it to a resonable value to avoid too long loading times for huge folders
- Allow indexed / Allow mounted: so far, it's unclear to me what they are for.
Under style settings:
- Replace Logo URL with a locally distributed file (recomended)
- Replace favicon URL with a locally distributed file (recomended)
- Adapt the other options to your liking
Under preview settings:
- Disable audio and video autoplay to prevent bandwidth usage
Under global settings:
- Add your own header and footer customization, that's HTML printed on top and bottom of everything.
Under other settings:
- Aria2: empty URL to disable. Aria2 is a downloader that AList can use to download files
- qBitTorrent: empty URL to disable. It's a downloader that AList can use to download files
- Transmission: empty URL to disable. It's a downloader that AList can use to download files
These are all downloaders. If you don't use them, don't need them linked to AList, but enpty URLs.
The other settings (LDAP, SSO, S3..) are for various authentications approaches. Only SSO (with Authelia) will be discossed below.
Locl users
Local users can be added individually under the users tab in manage.
I recomend to link to the SSO, as described below instead.
Storages
From Manage go to storages. Add all the storages you like. A few notes for local storage at least:
- Mount point is what will appear inside AList
- Root folder path is the shared path on local storage
- Make sure to edit the mkdir folder permissions to something sane like 775 or 770 or even 750.
Sharing files
You can add a guest user, one is available but disabled by default, or you can create meta links with specific sharing password. See here for more details.
Indexing
AList support indexing with many different backends. The easiest one is to enable indexing inside the SQLite database.
According to this page, there are some caveats and in general it can lead to a fairly big SQLite database file, while MySQL has issues. At the same time, my usage is limited, so i don't want to spin up a dedicated indexing external service.
In other words, i leave indexing to none. YMMV.
WebDAV
WebDAV is enabled and can be reached with the same credentials adding dav to the URL, so:
https://drive.mydomain.com <- standard browser login https://drive.mydomain.com/dav/ <- WebDAV client login
Plugins
AList support plugins, a list can be found here. Good luck! :)
SSO
Note: so far i failed at setting up Authelia in AList. The following notes are as far as i got, but currently there seems to be no communication between Authelia and AList itself.
If you have setup your SSO backend, like i describe in this page, go to management → settings → Single Sign ON to enable the link to your Authelia.
The official documentation here is very detailed, hoping you can read Chinese (i cannot)… Otherwise, follow the indications below.
Authelia configuration section, to be added to /home/authelia/configuration.yml:
clients:
- client_id: '<< generate a custom client id, see below >>'
client_secret: '<< generate a custom client secret, see below, the digest goes here >>'
client_name: 'alist'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- https://drive.mydomain.com/api/auth/sso_callback\?method=sso_get_token
- https://drive.mydomain.com/api/auth/sso_callback\?method=get_sso_id
scopes:
- 'openid'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
To generate a ClientID:
authelia crypto rand --length 72 --charset rfc3986
To generate a Client Secret:
authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
Please note both the digest and the password itself!
In AList use the following information:
- Platform: OIDC
- Client ID: use the one generated above
- Client secret: use the one generated above, the password, not the digest
- Sso oidc username key: preferred_username
- Sso organization name: user
- Sso application name: user
- Sso extra scopes: openid email profile
- SSO endpoint name: https://login.mydomain.com/.well-known/openid-configuration
- SSO auto register: create AList users from SSO users
- SSO default permission: a sum of all the extra permissions. Use 768 for WebDAV access and editing.
Backups
While AList has a backup function included, i strongly suggest to ignore it and follow my backup approach with rest / backrest.
You will need to backup the /data/shares/alist_data folder.
Autostart
Create the following file as /etc/init.d/alist:
- alist
#!/sbin/openrc-run # Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 description="AList file browser" pidfile="/run/alist.pid" command_background=true command="/data/daemons/fileserver/bin/alist" command_args="--data /data/shares/alist_data server" command_user="fileserver:users" depend() { need net }
Make it executable, and enable on boot:
chmod +x /etc/init.d/alist rc-update add alist default /etc/init.d/alist start