What we want to achieve by using filebrowser and nginx is to have a lighting speed local file system that is accessible from within our local netword, it's easy to maintain and setup!
Requirements a bit of Linux knowledge and some free time I will include all the steps and settings used to make it work!
First of all create a user with it's own directory in home
useradd -m fs -s /bin/bash
then add password to that user
passwd fs
login as that user
su fs then download the latest Filebrowser latest build (you could visit the following link https://github.com/filebrowser/filebrowser/releases right click & copy link to have the latest build)
wget https://github.com/filebrowser/filebrowser/releases/download/v2.26.0/linux-arm64-filebrowser.tar.gz
unzip the build:
tar -xzf linux-arm64-filebrowser.tar.gz
go one back
cd /home/fs
then chown to change the owner
chown fs:fs /fs -R
perfect now we have almost made it
run this command to test if filebrowser is running correctly
./filebrowser
should look something like this
2024/01/14 18:43:44 No config file used 2024/01/14 18:43:44 Listening on 127.0.0.1:8080 2024/01/14 18:43:46 Caught signal interrupt: shutting down. 2024/01/14 18:43:46 accept tcp 127.0.0.1:8080: use of closed network connection
now lets install nginx so our filesystem can be accessible through the http protocol
apt install nginx
if you type your local raspberry pi IP now you should see the default nginx page
copy the address from the following command and paste it in your own browser:
hostname -I | awk '{print $1}'
you should see the default nginx welcome page.
Let's change that and edit the default nginx configuration
nano /etc/nginx/sites-available/default
open the file and selected everything in it and delete
paste the following (Based on the default port Filebrowser is running put that in the proxy pass in my case was 8080)
Listening on 127.0.0.1:8080
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
client_max_body_size 2048m;
#proxy_set_header X-Forwarded-Host $host;
#proxy_set_header X-Forwarded-Server $host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_http_version 1.1;
#proxy_set_header Upgrade $http_upgrade;
#proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080;
}
}
save the file and then run
sudo /etc/init.d/nginx reload
if nginx reloads correctly you should see the following
'Reloading nginx configuration (via systemctl): nginx.service.'
now if you start again the filebrowser like so
./filebrowser
do again
hostname -I | awk '{print $1}'
then get the ip and paste it in your browser
you should see the default Filebrowser installation
now lets create a service so that Filebrowser starts every time Linux is restarted
cd /etc/systemd/system
create a file called filebrowser.service
nano filebrowser.service
paste the following:
[Unit] Description=Filebrowser service After=network.target [Service] ExecStart=/bin/bash -c './home/fs/filebrowser' [Install] WantedBy=multi-user.target
and now simply do the following
with the following command you make sure systemctl will start your service on startup
systemctl enable filebrowser.service
and then to start it
systemctl start filebrowser.service
you should be good to go!
Securing Filebrowser:
To improve you're security it's a good practice to install openssl to encrypt the traffic to your own web file system,
someone sniffing your local traffic might be able to view your kinky photos to prevent that let's get self singed
apt install openssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
openssl dhparam -out /etc/nginx/dhparam.pem 4096
nano /etc/nginx/snippets/self-signed.conf
Add the following:
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
sudo nano /etc/nginx/snippets/ssl-params.conf
Add the following :
ssl_protocols TLSv1.3; ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable strict transport security for now. You can uncomment the following # line if you understand the implications. #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block";
nano /etc/nginx/sites-available/default
Add the following:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
return 302 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
client_max_body_size 2048m;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:8080;
}
}
Then reload again nginx:
/etc/init.d/nginx reload
now you're also ssl signed!