Sharing folders/files over internet

  • A little friendly advice, if you'll take it. You shouldn't dismiss things that you know nothing about, especially things that are very straight forward and meet your needs exactly.
    I have been running a chroot'd (jailed) sftp server continuously here on Linux since 2001. There's even an OMV plugin for it. As for the users who need to access your files, all they need is Filezilla, but there are other choices.

    gderf,


    Of course I'll take advice from you and other forum members. That's why I asked the question, for advice and help.
    I am grateful to everyone who has taken the time to give me advice.


    So I've 2 options now.
    1 is the vpn option
    2 is the SFTP option.


    I think I'm gonna try them both and see what's the best option for me.


    kr.,
    Patrick

    HP t630 Thin Cliënt (AMD Embedded G-Series GX-420GI | QuadCore | 8GB)
    7.0.4-2 (Sandworm) | 64 bit | pve-kernel-6.5 | omvextrasorg 7.0

  • sftp is a core capability within OMV, no plugin needed. However if you want chroot'd sftp you have to either hand configure for that or use the plugin.


    I don't use the plugin myself as I have a chroot'd sftp hand configuration I have been using for many years.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Hello Mr.Grape,


    Thanks for the demo setup.
    This is a nice solution and looks very simple and easy to use.
    Have to figure out how to create this, but I gonna try.



    Thanks,
    Patrick

    HP t630 Thin Cliënt (AMD Embedded G-Series GX-420GI | QuadCore | 8GB)
    7.0.4-2 (Sandworm) | 64 bit | pve-kernel-6.5 | omvextrasorg 7.0

  • One more suggestion - giving VPN credentials to third parties will essentially give them POTENTIAL access to all your systems, drives, data. Yes, I'm aware, that you can password protect everything, but let's skip that for a while. I strongly suggest for you to try first with SFTP solution - it's quick and easy way to set up limited access to SELECTED shares only. Then all you have to do, is forward port in your router to match internal port of SFTP service on OMV. I think it could be easiest for you for start.

  • It is also worth trying to learn new things. Especially when we have real reason and motivation. "You have a specific goal to achieve and you need it". This is the best opportunity to learn something new. imho ;)

    Personally, I like to learn a new stuff and I'm always eager to find some new solution.
    That's why I had ditched my properly functioning NAS to get custom machine and install OMV.
    That's why I have converted my laptop to Linux.
    Six month ago, I just knew, that Linux exists. Now, every day I feel more and more familiar with it.


    But generally, I pressume (from my personal experience), that most people rather want fish over a fishing rod.

  • Hi @Mr.Grape, based on your advice, I have built something similar in nginx. I now have a functioning webpage with basic auth and SSL that I can use to do some simple external file sharing 8)
    I built it as an extra page using the nginx plugin. I didn't touch my admin portal config.


    Maybe I should start a new topic for this, but I was wondering if you could point me in the right direction with this question:


    Lets say my website listens to mysite.com. Currently, https://mysite.com hosts the OMV admin portal, and mysite.com:8080/downloads hosts the sharing page.
    What would be beter (imo), is something like: https://mysite.com/admin and https://mysite.com/downloads.
    I noticed your demo has something similar (/Frepke).

  • First I struggled

    Yes, from this perspective sftp is a lot easier setup. :)
    Although we should always remember that what is "simple" depends on the specific person and its knowledge.
    Here we have already discussed probably the majority of solutions. ftps sftp https smb nfs and vpn.



    It is also worth trying to learn new things. Especially when we have real reason and motivation. "You have a specific goal to achieve and you need it". This is the best opportunity to learn something new. imho ;)

    I tried some different solutions that you guys mentioned.


    But my first problem is that my HC1 is connected to the internet trough a vpn tunnel (the openvpn client runs on my router).
    The devices are connected to the vpn by IP.


    Letsencrypt doesn't generate any certificate, connection to the HC1 from the WAN site doesn't work and some problems more (even with a bunch of ports forwarded in the router). OMV and all my docker containers sharing the same local IP-address. After a little searching I find a solution for this problem. I configured some docker containers with MACVLAN to get them their unique IP address. Now I choose what goes trough the vpn and what not.


    Now it's possible to connect to my HC1 from the WAN and Letsencrypt generate certificates :)


    I've tried the SFTP setup, but it doesn't what I want because my setup isn't right :(
    WebDAV is the easiest and quickest way for now to solve my problem.


    I'll look into the SFTP setup because it can't be that difficult, afterwards I'll learn something about the webserver.



    kr.,
    Patrick

    HP t630 Thin Cliënt (AMD Embedded G-Series GX-420GI | QuadCore | 8GB)
    7.0.4-2 (Sandworm) | 64 bit | pve-kernel-6.5 | omvextrasorg 7.0

  • I have moved my OMV admin panel port to a different port than 80/443, but I can't figure out how to replace the port numbers with an URL like:


    mysite.com/downloads instead of mysite.com:8080/downloads
    mysite.com/admin instead of mysite.com:12345


    This is my nginx configfile for the downloads site:


    Would you mind having a look and telling me what I am doing wrong?

  • WebDAV is the easiest and quickest way for now to solve my problem.

    Be aware, that WebDAV is using some strange char encoding by default - I don't know if you can change it, I've never use it extensively - so if you have some diactric (national) characters in filename(s), uploading/dl via WebDAV could mess your filenames.

  • Thanks again for your reply. I'll look into the options.

  • Thanks @Mr.Grape, In the end, I decided to have my "sharing portal" on 443, and the OMV admin portal just accessible internally on 444. Whenever I want to use the admin portal, I set up a VPN connection.
    This reduces the attack surface which is most important for me.


    I still need to look into hardening the "sharing portal", possibly by setting up fail2ban. That is going to be the next project :)

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!