© 2022 Martin Kirilov.

High speed file system in the browser FileBrowser + Nignx + raspberry pi 5

  • 2024-03-19 21:01:41.918818
  • Linux
  • 443 Hits

What we want to achieve by using filebrowser and nginx is to have a lighting speed local file system that is accessible from within our local netword, it's easy to maintain and setup!

Requirements a bit of Linux knowledge and some free time I will include all the steps and settings used to make it work!

First of all create a user with it's own directory in home

useradd -m fs -s /bin/bash

then add password to that user

passwd fs

login as that user

su fs then download the latest Filebrowser latest build (you could visit the following link https://github.com/filebrowser/filebrowser/releases right click & copy link to have the latest build)

wget https://github.com/filebrowser/filebrowser/releases/download/v2.26.0/linux-arm64-filebrowser.tar.gz

unzip the build:

tar -xzf linux-arm64-filebrowser.tar.gz

go one back 

cd /home/fs

then chown to change the owner 

chown fs:fs /fs -R 

perfect now we have almost made it 

run this command to test if filebrowser is running correctly

 ./filebrowser

 should look something like this

2024/01/14 18:43:44 No config file used
2024/01/14 18:43:44 Listening on 127.0.0.1:8080
2024/01/14 18:43:46 Caught signal interrupt: shutting down.
2024/01/14 18:43:46 accept tcp 127.0.0.1:8080: use of closed network connection

now lets install nginx so our filesystem can be accessible through the http protocol

apt install nginx

if you type your local raspberry pi IP now you should see the default nginx page

copy the address from the following command and paste it in your own browser:

hostname -I | awk '{print $1}'

you should see the default nginx welcome page.

Let's change that and edit the default nginx configuration

nano /etc/nginx/sites-available/default

open the file and selected everything in it and delete 

paste the following (Based on the default port Filebrowser is running put that in the proxy pass in my case was 8080)


Listening on 127.0.0.1:8080

server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

server_name _;


  location / {
    client_max_body_size          2048m;
    #proxy_set_header            X-Forwarded-Host $host;
    #proxy_set_header            X-Forwarded-Server $host;
    #proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    #proxy_http_version           1.1;
    #proxy_set_header            Upgrade $http_upgrade;
    #proxy_set_header            Connection "upgrade";
    proxy_pass               http://127.0.0.1:8080;
  }
}

save the file and then run 

sudo /etc/init.d/nginx reload

if nginx reloads correctly you should see the following

'Reloading nginx configuration (via systemctl): nginx.service.'

now if you start again the filebrowser like so

 ./filebrowser 

do again

hostname -I | awk '{print $1}'

then get the ip and paste it in your browser

you should see the default Filebrowser installation

now lets create a service so that Filebrowser starts every time Linux is restarted

cd /etc/systemd/system

create a file called filebrowser.service

nano filebrowser.service

paste the following:

[Unit]
Description=Filebrowser service
After=network.target

[Service]
ExecStart=/bin/bash -c './home/fs/filebrowser'

[Install]
WantedBy=multi-user.target

and now simply do the following

with the following command you make sure systemctl will start your service on startup

systemctl enable filebrowser.service

and then to start it 

systemctl start filebrowser.service

you should be good to go!



Securing Filebrowser:


To improve you're security it's a good practice to install openssl to encrypt the traffic to your own web file system,

someone sniffing your local traffic might be able to view your kinky photos to prevent that let's get self singed


 apt install openssl



sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt



openssl dhparam -out /etc/nginx/dhparam.pem 4096   



nano /etc/nginx/snippets/self-signed.conf  

Add the following:

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

 

sudo nano /etc/nginx/snippets/ssl-params.conf    


Add the following :

ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";



nano /etc/nginx/sites-available/default


Add the following:

server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

server_name _;

return 302 https://$server_name$request_uri;

}


server {
  listen 443 ssl;
  listen [::]:443 ssl;
  include snippets/self-signed.conf;
  include snippets/ssl-params.conf;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

server_name _;


location / {
    client_max_body_size          2048m;
    proxy_set_header            X-Forwarded-Host $host;
    proxy_set_header            X-Forwarded-Server $host;
    proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version           1.1;
    proxy_set_header            Upgrade $http_upgrade;
    proxy_set_header            Connection "upgrade";
    proxy_pass               http://127.0.0.1:8080;
  }
}


Then reload again nginx: 

/etc/init.d/nginx reload


now you're also ssl signed!