nycki/nycki.net
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

blog: filebrowser auth
All checks were successful
/ build (push) Successful in 34s
Details

Browse source
This commit is contained in:
Nycki 2025-03-16 21:50:57 -07:00
parent a50d4f2666
commit a80c0490b7
2 changed files with 88 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

86
content/blog/23-filebrowser-auth.md Normal file
View file

@ -0,0 +1,86 @@
---
date: 2025-02-04
title: filebrowser auth
description: look ma no keycloak
tags:
- programming
permalink: /blog/23/
---
_{{ description }}_
I FINALLY GOT IT WORKING
docker-compose.yml
```yaml
services:
filebrowser:
image: "filebrowser/filebrowser:s6"
container_name: "filebrowser"
environment:
# filebrowser will run as this user, you may want to create a new one
- "PUID=1000"
- "PGID=1000"
restart: "unless-stopped"
volumes:
- "/data/filebrowser/srv:/srv"
- "/data/filebrowser/database:/database"
- "/data/filebrowser/config:/config"
ports:
- "8200:80"
```
```bash
sudo docker-compose up -d
```
log into filebrowser as admin and do your setup, then:
```bash
sudo docker-compose down
sudo docker-compose run --entrypoint /bin/bash filebrowser
filebrowser config set --auth.method=proxy --auth.header=X-Remote-User
exit
sudo docker-compose up -d
```
filebrowser is now expecting to get a header with the authenticated username. We can give it that! install the pwauth authenticator:
```bash
apt-get install libapache2-mod-authnz-external pwauth
a2enmod authnz_external
```
and configure it like this:
```xml
<VirtualHost *:443>
ServerName fb.hatspace.net
DefineExternalAuth pwauth pipe /usr/sbin/pwauth
<Proxy *>
Order deny,allow
Allow from all
AuthType Basic
AuthName "Login"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
RequestHeader set X-Remote-User %{REMOTE_USER}s
</Proxy>
<Location />
# filebrowser
ProxyPass http://localhost:8200/ nocanon
</Location>
</VirtualHost>
```
That `%{REMOTE_USER}s` is not a typo, the s is important! I think it stands for "ssl" or "secure" or something? You need it or the var will be null.
and viola! the server will now allow you to log in with your linux username and password, and filebrowser will show the correct files when you do!
References:
- <https://filebrowser.org/installation>
- <https://stackoverflow.com/questions/724599/setting-up-an-apache-proxy-with-authentication>
- <https://serverfault.com/questions/45278/authenticate-in-apache-via-system-account>
- <https://serverfault.com/questions/207301/get-the-authenticated-user-under-apache>

3
static/slimequest/style.css
View file

@ -18,6 +18,7 @@ main {
}
.post img {
max-width: 100%;
display: block;
margin: 0 auto;
}
@ -51,4 +52,4 @@ h2 {
.next {
font-size: xx-large;
}
}