stellarnodegrid3.cfd

Build an Easy File Management Web Server in 15 Minutes

Written by

ge9mHxiUqTAm

in

Secure and Easy File Management Web Server Setup

Managing files over a network should be simple, fast, and secure. This guide walks you through a practical setup that balances ease of use with strong security controls, using widely available open-source tools. It assumes a single Linux server (Ubuntu 22.04+ or similar) with root or sudo access and a registered domain (optional but recommended for TLS).

What you’ll get

  • A lightweight web-based file manager accessible from browsers
  • HTTPS encryption with automatic renewal
  • Simple user authentication and optional per-user isolation
  • Basic hardening steps for a production-ready service

Tools used (recommended)

  • Nginx (reverse proxy / TLS)
  • Caddy (alternative: automatic TLS built-in) — choose one, not both
  • File browser: FileBrowser (https://filebrowser.org) or Pydio/Nextcloud for heavier needs
  • Certbot (for Nginx + Let’s Encrypt) or Caddy’s built-in ACME
  • Optional: systemd service, fail2ban, UFW firewall

Quick architecture

Browser <—HTTPS—> Nginx (or Caddy) <—HTTP—> FileBrowser (running on localhost:8080)

Step-by-step setup (prescriptive)

1) Create a dedicated server user and update system

  1. Update packages:
    • sudo apt update && sudo apt upgrade -y
  2. Create an unprivileged user:
    • sudo adduser fileadmin
    • sudo usermod -aG sudo fileadmin (only if admin sudo needed)

2) Install FileBrowser (lightweight web file manager)

  1. Download and install:
  2. Create a config directory and data directory:
    • sudo mkdir -p /srv/filemanager
    • sudo chown fileadmin:fileadmin /srv/filemanager
  3. Start FileBrowser on localhost (temporary test):
    • sudo -u fileadmin filebrowser -r /srv/filemanager -p 8080
  4. Visit http://your-server-ip:8080 to confirm.

3) Run FileBrowser as a systemd service

  1. Create /etc/systemd/system/filebrowser.service:
    • [Unit] Description=FileBrowser After=network.target [Service] User=fileadmin ExecStart=/usr/local/bin/filebrowser -r /srv/filemanager -p 8080 Restart=on-failure [Install] WantedBy=multi-user.target
  2. Enable and start:
    • sudo systemctl daemon-reload
    • sudo systemctl enable –now filebrowser

4) Install and configure Nginx as reverse proxy with HTTPS

  1. Install Nginx:
    • sudo apt install nginx -y
  2. Create Nginx site config (/etc/nginx/sites-available/filemanager):
    • server { listen 80; server_name your.domain.tld; location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host \(host; proxy_set_header X-Real-IP \)remote_addr; proxy_set_header X-Forwarded-For \(proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto \)scheme; } }
  3. Enable and test:
    • sudo ln -s /etc/nginx/sites-available/filemanager /etc/nginx/sites-enabled/
    • sudo nginx -t && sudo systemctl reload nginx

5) Obtain TLS certificate

Option A — Certbot (Nginx plugin):

  • sudo apt install certbot python3-certbot-nginx -y
  • sudo certbot –nginx -d your.domain.tld Option B — Use Caddy instead of Nginx (auto TLS): install Caddy, configure Caddyfile to reverse proxy to localhost:8080 and it will provision certs automatically.

6) Enable basic access control

  • Use FileBrowser’s internal user management to create admin and limited users.
  • For additional protection, restrict access by IP in Nginx (allow/deny) or enable HTTP basic auth on the proxy (if you want 2-layer auth).

7) Harden the server

  • Firewall: allow only necessary ports:
    • sudo ufw allow OpenSSH
    • sudo ufw allow ‘Nginx Full’ (ports 80,443)
    • sudo ufw enable
  • Fail2ban:
    • sudo apt install fail2ban
    • Add basic jail for nginx and ssh.
  • Keep services unprivileged: run file manager as non-root user.
  • Limit file permissions in /srv/filemanager; avoid storing secrets there.
  • Regularly update packages: set unattended-upgrades or schedule apt updates.

8) Backup and monitoring

  • Back up /srv/filemanager frequently (rsync to remote, or cloud storage).
  • Export FileBrowser config and user DB regularly.
  • Monitor logs: /var/log/nginx/and journalctl -u filebrowser.

9) Optional improvements

  • Enable per-user directories and chroot in FileBrowser to isolate users.
  • Integrate OAuth (Google/GitHub) via a gateway if public sign-on is desired.
  • Add malware scanning for uploads (ClamAV + a scanning hook).
  • Use object storage backend (S3) for large-scale needs.

Security checklist (quick)

  • TLS enabled and auto-renewing
  • Service runs as non-root user
  • Firewall allows only required ports
  • Fail2ban or rate-limiting enabled
  • Regular backups configured
  • File permissions audited

Conclusion

This setup gives you a simple, browser-accessible file manager secured with HTTPS and basic server hardening. For heavier enterprise requirements, consider Nextcloud or a managed storage solution.*

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts