Host files read-only with filebrowser web interface
If you want to share files on a local network permanently, a web interface is probably the easiest for other uses to use.
https://filebrowser.xyz/ project died is a web interface to files, allowing you to do most things with files: upload, download, edit, etc.
This blogpost will go through the steps of allowing none of those options and allowing only read-only anonymous access to a directory using the filebrowser web interface.
Start your own Dockerfile
The filebrowser project has a docker image, with their binary copied into it. We need to do almost the same, but make it work without authentication and run as a normal user instead of
root (bad practice).
In a file called
Dockerfile we start by using the full alpine image (easier to work with than scratch) and copying the
filebrowser binary from the
filebrowser/filebrowser docker image:
FROM filebrowser/filebrowser as fb FROM alpine:latest COPY --from=fb /filebrowser /opt/app/filebrowser
We don't want the process to run as
root, so we create a new user and update the SSL certificates:
RUN apk --update add ca-certificates bash \ && adduser -h /opt/app -D app
Now for the entrypoint script: the thing that will start
filebrowser. In essence we could use a json file to configure filebrowser when it starts, but I opted to use commands as I also need to add a user to allow for the
noauth approach to work (see issue 700):
#!/bin/bash ./filebrowser config init --port 4000 --address "" --baseurl "" --log "stdout" --root="/srv" --auth.method='noauth' --commands "" --lockPassword --perm.admin=false --perm.create=false --perm.delete=false --perm.execute=false --perm.modify=false --perm.rename=false --signup=false ./filebrowser users add anonymous "anonymous" exec ./filebrowser
These lines configure filebrowser, create a user and then start filebrowser itself.
We can now finish the last pieces of the
COPY entrypoint /opt/app/entrypoint RUN chmod a+x /opt/app/entrypoint VOLUME /srv EXPOSE 4000 USER app WORKDIR /opt/app ENTRYPOINT [ "/opt/app/entrypoint" ]
The app user lives at
/opt/app and the
filebrowser application will now host everything in
/srv on port
4000. To run this in docker, we build and run it. Next to the docker file we run:
docker build --tag hostfiles . docker run -it -p 80:4000 --volume /tmp:/srv:ro hostfiles
This temporary call will host your
/tmp folder on your machine on port
80 using the filebrowser docker we just created.
First test the path you want to host with the run command, and if you are done, you can enable it making sure it starts after boot.
docker run --detach -p 80:4000 --restart=always --volume /srv/files:/srv:ro hostfiles