Sharing folders/files over internet

    • OMV 4.x
    • gderf wrote:

      Frepke wrote:

      gderf wrote:

      If you know what sftp is, tell me how it does not meet your needs.
      Hello gderf,Sorry, I don't have that knowledge :(
      I believe SFTP is safe for the transfered files, but I want protect my nas to be accessible for everyone on the internet. I hoped there was a simple solution for this. But you guys, have that much knowledge and asking questions I can't answer. It's clear to me now that the "simple" question I thought I asked has a much more complicated answer as I hoped for.

      kr.,
      Patrick
      A little friendly advice, if you'll take it. You shouldn't dismiss things that you know nothing about, especially things that are very straight forward and meet your needs exactly.
      I have been running a chroot'd (jailed) sftp server continuously here on Linux since 2001. There's even an OMV plugin for it. As for the users who need to access your files, all they need is Filezilla, but there are other choices.
      gderf,

      Of course I'll take advice from you and other forum members. That's why I asked the question, for advice and help.
      I am grateful to everyone who has taken the time to give me advice.

      So I've 2 options now.
      1 is the vpn option
      2 is the SFTP option.

      I think I'm gonna try them both and see what's the best option for me.

      kr.,
      Patrick
    • sftp is a core capability within OMV, no plugin needed. However if you want chroot'd sftp you have to either hand configure for that or use the plugin.

      I don't use the plugin myself as I have a chroot'd sftp hand configuration I have been using for many years.
      OMV 4.x - ASRock Rack C2550D4I - 16GB ECC - Silverstone DS380
    • Mr.Grape wrote:

      @Frepke


      mr-grape.8w4.ovh/Frepke/
      login: Patrick
      password: Demo


      And here you have a very simple example of how this might look like for your friend if you based this solution on a web server.
      I'm not trying to convince you for this solution. This is just a simple example. :)
      Hello Mr.Grape,

      Thanks for the demo setup.
      This is a nice solution and looks very simple and easy to use.
      Have to figure out how to create this, but I gonna try.


      Thanks,
      Patrick
    • One more suggestion - giving VPN credentials to third parties will essentially give them POTENTIAL access to all your systems, drives, data. Yes, I'm aware, that you can password protect everything, but let's skip that for a while. I strongly suggest for you to try first with SFTP solution - it's quick and easy way to set up limited access to SELECTED shares only. Then all you have to do, is forward port in your router to match internal port of SFTP service on OMV. I think it could be easiest for you for start.
    • Mr.Grape wrote:

      It is also worth trying to learn new things. Especially when we have real reason and motivation. "You have a specific goal to achieve and you need it". This is the best opportunity to learn something new. imho ;)
      Personally, I like to learn a new stuff and I'm always eager to find some new solution.
      That's why I had ditched my properly functioning NAS to get custom machine and install OMV.
      That's why I have converted my laptop to Linux.
      Six month ago, I just knew, that Linux exists. Now, every day I feel more and more familiar with it.

      But generally, I pressume (from my personal experience), that most people rather want fish over a fishing rod.
    • Hi @Mr.Grape, based on your advice, I have built something similar in nginx. I now have a functioning webpage with basic auth and SSL that I can use to do some simple external file sharing 8)
      I built it as an extra page using the nginx plugin. I didn't touch my admin portal config.

      Maybe I should start a new topic for this, but I was wondering if you could point me in the right direction with this question:

      Lets say my website listens to mysite.com. Currently, mysite.com hosts the OMV admin portal, and mysite.com:8080/downloads hosts the sharing page.
      What would be beter (imo), is something like: mysite.com/admin and mysite.com/downloads.
      I noticed your demo has something similar (/Frepke).
    • First I struggled

      Mr.Grape wrote:

      raven66 wrote:

      Sure, but IMO it's a lot easier just to setup SFTP than fiddle with all the details of properly configured VPN.
      Yes, from this perspective sftp is a lot easier setup. :)
      Although we should always remember that what is "simple" depends on the specific person and its knowledge.
      Here we have already discussed probably the majority of solutions. ftps sftp https smb nfs and vpn.


      It is also worth trying to learn new things. Especially when we have real reason and motivation. "You have a specific goal to achieve and you need it". This is the best opportunity to learn something new. imho ;)
      I tried some different solutions that you guys mentioned.

      But my first problem is that my HC1 is connected to the internet trough a vpn tunnel (the openvpn client runs on my router).
      The devices are connected to the vpn by IP.

      Letsencrypt doesn't generate any certificate, connection to the HC1 from the WAN site doesn't work and some problems more (even with a bunch of ports forwarded in the router). OMV and all my docker containers sharing the same local IP-address. After a little searching I find a solution for this problem. I configured some docker containers with MACVLAN to get them their unique IP address. Now I choose what goes trough the vpn and what not.

      Now it's possible to connect to my HC1 from the WAN and Letsencrypt generate certificates :)

      I've tried the SFTP setup, but it doesn't what I want because my setup isn't right :(
      WebDAV is the easiest and quickest way for now to solve my problem.

      I'll look into the SFTP setup because it can't be that difficult, afterwards I'll learn something about the webserver.


      kr.,
      Patrick
    • I have moved my OMV admin panel port to a different port than 80/443, but I can't figure out how to replace the port numbers with an URL like:

      mysite.com/downloads instead of mysite.com:8080/downloads
      mysite.com/admin instead of mysite.com:12345

      This is my nginx configfile for the downloads site:

      Source Code

      1. server {
      2. listen 8080 ssl;
      3. listen [::]:8080 ssl;
      4. ssl_certificate /etc/ssl/certs/openmediavault-***.crt;
      5. ssl_certificate_key /etc/ssl/private/openmediavault-***.key;
      6. access_log /var/log/nginx/***-access.log;
      7. error_log /var/log/nginx/***-error.log;
      8. location /downloads {
      9. rewrite ^/downloads(.*) /$1 break;
      10. proxy_pass https://127.0.0.1:8080/;
      11. auth_basic "Restricted Access";
      12. auth_basic_user_file /etc/nginx/.htpasswd;
      13. alias /sharedfolders/downloads;
      14. autoindex_exact_size off;
      15. autoindex_localtime on;
      16. autoindex on;
      17. }
      18. large_client_header_buffers 4 8k;
      19. }
      Display All
      Would you mind having a look and telling me what I am doing wrong?
    • Mr.Grape wrote:

      "download" should listen on 80 for http or 443 if it has to be https. Change 8080 to 443 and / or 80.

      Then you will have mysite.com/download without having to enter the port.
      As for the second case, it is not possible. Because you operate on ports that are not default for the protocol and can not be automatically done.

      If you really want to have mysite.com/admin then you have to keep it on 80/443 as an additional server blocks/virtual host.
      Or create an "admin" symlink in /home/user/public_html/ pointing to /var/www/openmediavault/

      Maybe it will work ...
      Thanks again for your reply. I'll look into the options.
    • Thanks @Mr.Grape, In the end, I decided to have my "sharing portal" on 443, and the OMV admin portal just accessible internally on 444. Whenever I want to use the admin portal, I set up a VPN connection.
      This reduces the attack surface which is most important for me.

      I still need to look into hardening the "sharing portal", possibly by setting up fail2ban. That is going to be the next project :)
    • Users Online 1

      1 Guest