2.2 KiB
2.2 KiB
| date | title | description | tags | permalink | |
|---|---|---|---|---|---|
| 2025-02-04 | filebrowser auth | look ma no keycloak |
|
/blog/23/ |
{{ description }}
I FINALLY GOT IT WORKING
docker-compose.yml
services:
filebrowser:
image: "filebrowser/filebrowser:s6"
container_name: "filebrowser"
environment:
# filebrowser will run as this user, you may want to create a new one
- "PUID=1000"
- "PGID=1000"
restart: "unless-stopped"
volumes:
- "/data/filebrowser/srv:/srv"
- "/data/filebrowser/database:/database"
- "/data/filebrowser/config:/config"
ports:
- "8200:80"
sudo docker-compose up -d
log into filebrowser as admin and do your setup, then:
sudo docker-compose down
sudo docker-compose run --entrypoint /bin/bash filebrowser
filebrowser config set --auth.method=proxy --auth.header=X-Remote-User
exit
sudo docker-compose up -d
filebrowser is now expecting to get a header with the authenticated username. We can give it that! install the pwauth authenticator:
apt-get install libapache2-mod-authnz-external pwauth
a2enmod authnz_external
and configure it like this:
<VirtualHost *:443>
ServerName fb.hatspace.net
DefineExternalAuth pwauth pipe /usr/sbin/pwauth
<Proxy *>
Order deny,allow
Allow from all
AuthType Basic
AuthName "Login"
AuthBasicProvider external
AuthExternal pwauth
Require valid-user
RequestHeader set X-Remote-User %{REMOTE_USER}s
</Proxy>
<Location />
# filebrowser
ProxyPass http://localhost:8200/ nocanon
</Location>
</VirtualHost>
That %{REMOTE_USER}s is not a typo, the s is important! I think it stands for "ssl" or "secure" or something? You need it or the var will be null.
and viola! the server will now allow you to log in with your linux username and password, and filebrowser will show the correct files when you do!
References: