I edited the post while you replied:
Can you post the YML sample you're using?
Thanks
I'm getting ready for shift exchange, I'll post it when I get home.
I edited the post while you replied:
Can you post the YML sample you're using?
Thanks
I'm getting ready for shift exchange, I'll post it when I get home.
If you decide for Filebrowser, adding SWAG after with duckdns is a simple task.
The only thing I don't like too much about this is that access is limited to a username and password. I haven't looked into it, but I'm guessing there's some way to implement double authenticated access.
It would be the only point in my case to abandon Nextcloud and switch to Filebrowser. I actually use very few Nextcloud features and Filebrowser would cover them all.
The only thing I don't like too much about this is that access is limited to a username and password. I haven't looked into it, but I'm guessing there's some way to implement double authenticated access.
Maybe the translation wasn't the best.
The access would be USER:PASSWORD like you access Nextcloud.
If you have 10 USERs, you will have 10 different access.
Unless you mean something else with implement double authenticated access.???
I think that with this I answer myself. Google's reCAPTCHA service could be a good solution.
https://filebrowser.org/configuration/authentication-method
I'll have to look at it in more detail when I have time. Or maybe someone can add something on this.
Unless you mean something else with implement double authenticated access.???
Yes, that's what I meant. Two-factor authentication (2FA). It was me who translated it wrong
The access with username and password seems weak to me, even more so if we are giving access to personal information.
Sorry, I trust the automatic translator too much and sometimes I don't check the translation, I copy and paste without looking...
I think that with this I answer myself. Google's reCAPTCHA service could be a good solution.
https://filebrowser.org/configuration/authentication-method
I'll have to look at it in more detail when I have time. Or maybe someone can add something on this.
OK, you want a (kind of) 2FA access?
The github page shows that but (IIRC) you need to run it on CLI (it doesn't even show if BASHED to the container or HOST)
Authentication Method - File Browser
It doesn't show any docker flag/environment that can be adapted on the YML. Not saying it isn't possible.
but (IIRC) you need to run it on CLI
Exact. That is what needs to be studied in detail.
Exact. That is what needs to be studied in detail.
I'll be home next week.
Can try a few things then, to see what happens.
A base YML would be (using the docker run sample from their page):
#docker run \
# -v /path/to/root:/srv \
# -v /path/to/filebrowser.db:/database/filebrowser.db \
# -v /path/to/settings.json:/config/settings.json \
# -e PUID=$(id -u) \
# -e PGID=$(id -g) \
# -p 8080:80 \
# filebrowser/filebrowser:s6
#
---
version: "2.1"
services:
filebrowser:
image: filebrowser/filebrowser:s6 #Linuxserver IMG. If ALPINE wanted: delete :s6
container_name: filebrowser
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Lisbon
volumes:
- /path_to_appdata/filebrowser/config:/config
# - /path/to/filebrowser/database/filebrowser.db:/database/filebrowser.db #OPTIONAL to have DB in !=path
# - /path/to/filebrowser/config/settings.json:/config/settings.json #OPTIONAL to have in !=path
- /path_to_data/filebrowser/root:/srv #OR any other container PATH. I prefer /media
ports:
- 8080:80
restart: unless-stopped
Display More
Now, all it's needed is to figure out how to make the different auth method on the settings.json
This is a WIP.
I edited the post while you replied:
Can you post the YML sample you're using?
Thanks
version: '2'
services:
filebrowser:
image: filebrowser/filebrowser
container_name: filebrowser
#network_mode: swag_default
environment:
- PUID=1000
- PGID=100
ports:
- 5436:80
volumes:
- /NAS/Media:/srv/Media
- /NAS/Data:/srv/Data
- /NAS/AppData/filebrowser/db:/database
- /NAS/AppData/filebrowser/settings:/config/
restart: unless-stopped
Display More
It's pretty straightforward.
I do agree 2fa would be a good feature.
mariadb:
I think you missed this.
Now, all it's needed is to figure out how to make the different auth method on the settings.json
If you succeed you can make a tutorial
I think you missed this.
Ups... Edited
It's pretty straightforward.
I do agree 2fa would be a good feature.
Yeah, I figured that much.
Although I need to ask you: why only have the settings.json binded and not the whole config folder?
Well, I'll answer it myself:
I can see why since all it take's is to edit that file to make changes to the SETTINGS.
No need for the whole folder.
As for the reCAPTCHA, maybe the json can be edited to include it on deploy time?!?
Need to read on it.
If you succeed you can make a tutorial
I'm really NOT documentation creator material,
I'm a good reader, though,
I'm really NOT documentation creator material,
You're good at posting instructions on the forum. That would be more than enough.
I'm really NOT documentation creator material,
I'm a good reader, though,
One thing that has always bothered me about the filebrowser container (and I face this no matter what). If you ever use Watchtower to update your containers, .. if watchtower updates filebrowser.. It will reset the admin password to default. (admin). Obviously this is a significant problem if the container updates and you don't know, and it resets your password to default. This is one reason I generally don't recommend reverse proxying it. When I brought this up on their github a while ago, I didn't really get a clear answer as to why this happens.
filebrowser:
image: filebrowser/filebrowser:latest
container_name: filebrowser
labels:
- com.centurylinklabs.watchtower.enable=false
#network_mode: swag_default
The other option, is to set watchtower to skip filebrowser, and just manually redeploy the stack/compose file every so often to update.. then manually set your password again (note, it will also erase users). I'm assuming if I looked more into using mariadb or something this could be easily resolved.
The better solution IMO, it's not as pretty... but cloudcmd is every bit as effective.
If you ever use Watchtower to update your containers, .. if watchtower updates filebrowser.. It will reset the admin password to default. (admin).
This is strange!!!
If the config is persistent, it shouldn't reset it.
Have you tried to volume BIND the whole config folder instead of just the json and run watchtower?
Maybe the password for admin is saved in a different file.
This is strange!!!
If the config is persistent, it shouldn't reset it.
Have you tried to volume BIND the whole config folder instead of just the json and run watchtower?
Maybe the password for admin is saved in a different file.
Yes. I tried that way based on a devs recommendation. I gotta get some sleep, but it's been a couple years since I brought it up on GH
Information about the 2FA status in Filebrowser -> No progress... https://github.com/filebrowser/filebrowser/issues/1827
As for the reCAPTCHA, maybe the json can be edited to include it on deploy time?!?
Need to read on it.
By the time you read about it, the plugin's json file is in /var/lib/filebrowser/filebrowser.json next to the database and a Caddyfile
This is the configuration it shows.
By the time you read about it, the plugin's json file is in /var/lib/filebrowser/filebrowser.json next to the database and a Caddyfile
Podman deployment is a bit different than docker.
And I seem to get over my head on this one.
This is only running on DOCKER and with this YML used:
---
version: "2.1"
services:
filebrowser:
image: filebrowser/filebrowser:s6
container_name: filebrowser
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Lisbon
volumes:
- /appdata/filebrowser/config:/config
- /appdata/filebrowser/database:/database
# - /appdata/filebrowser/config/settings.json:/config/settings.json #File need to exist PRIOR or it will make a directory instead of a file.
- /data/filebrowser/root:/srv #/SRV is hardcoded. Need to use it
- /data/filebrowser/root/other:/srv/other # If we need extra BINDs
ports:
- 8080:80
restart: unless-stopped
Display More
The container doesn't "act" like (standard) other's.
I've tried to BIND the whole config folder but the only file that live's there is the settings.json that is exactly equal to that filebrowser.json.
It doesn't seem to override anything although I didn't try to edit anything on it.
I also realized that there's no point in trying to use the "old habits" from other containers.
The root volume for example is hardcoded to container /srv.
As KM0201 has on his YML, you need to use container side /srv/other_path if you want more BINDED volumes
This needs more coder expertise than I have.
I can come back to this once I rotate home just for fun but I think I won't spend much more time on it.
I think I prefer to keep with Nextcloud even if it's overkill for a basic use.
The container doesn't "act" like (standard) other's.
I've tried to BIND the whole config folder but the only file that live's there is the settings.json that is exactly equal to that filebrowser.json.
It doesn't seem to override anything although I didn't try to edit anything on it.
This container is much simpler than others you have used.
Filebrowser is a single binary file. When it is executed it generates a database where the configurations and users are stored. There is nothing else.
The json file, if I'm not mistaken, is solely for access id purposes.
Therefore there is no config folder because there are no configuration files. Just those two files.
If you install Filebrowser directly in the operating system you have access to the configuration commands, the problem is that from the container there is no access shell, therefore you can't access the container and you can't access those commands.
These commands are the ones that allow you to customize security options, etc. Therefore, without access to those commands nothing can be done.
In order to run the container with these two "visible" files, it is necessary to create them first, otherwise it gives an error. The json file must contain the standard configuration (or the one you want) and the database is enough that it is an empty file. If you do that and give them the proper permissions it boots up and works. And you have both files controlled. If you make a backup copy of the database you will no longer lose the configurations or users.
What surprises me is that Linuxserver doesn't have its own version of Filebrowser. I thought there would be a version with shell access but it doesn't exist.
Don’t have an account yet? Register yourself now and be a part of our community!