Haack's Wiki

User Tools

Site Tools

Trace: filebrowser
computing:filebrowser

This is an old revision of the document!

1. Install File Browser (latest) 

 ```bash
 curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
 ```

2. Create system user 

 ```bash
 sudo adduser --system --group --no-create-home filebrowser
 ```

3. Install ACL tools 

 ```bash
 sudo apt install acl
 ```

4. Systemd unit (final working version) 

 `/etc/systemd/system/filebrowser.service`
 ```ini
 [Unit]
 Description=File Browser
 After=network.target
 [Service]
 User=filebrowser
 Group=filebrowser
 WorkingDirectory=/var/lib/filebrowser
 ExecStart=/usr/local/bin/filebrowser \
   --address 127.0.0.1 \
   --port 8080 \
   --root /opt/navidrome/music \
   --database /var/lib/filebrowser/filebrowser.db
 Restart=always
 RestartSec=5
 [Install]
 WantedBy=multi-user.target
 ```
 ```bash
 sudo systemctl daemon-reload
 sudo systemctl enable --now filebrowser
 ```

5. Give File Browser permanent write access to the existing Navidrome library 

 ```bash
 sudo setfacl -R -m u:filebrowser:rwx /opt/navidrome/music
 sudo setfacl -R -m d:u:filebrowser:rwx /opt/navidrome/music
 ```

6. Apache reverse-proxy vhosts (already present) 

 HTTP → HTTPS redirect  
 `nano /etc/apache2/sites-available/upload.gnulinux.studio.conf`
 ```apache
 <VirtualHost *:80>
     ServerName upload.gnulinux.studio
     RewriteEngine On
     RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]
 </VirtualHost>
 ```
 HTTPS reverse proxy  
 `nano /etc/apache2/sites-available/upload.gnulinux.studio-le-ssl.conf`
 ```apache
 <VirtualHost *:443>
     ServerName upload.gnulinux.studio
     SSLEngine on
     SSLCertificateFile      /etc/letsencrypt/live/upload.gnulinux.studio/fullchain.pem
     SSLCertificateKeyFile   /etc/letsencrypt/live/upload.gnulinux.studio/privkey.pem
     ProxyPreserveHost On
     ProxyPass / http://127.0.0.1:8080/
     ProxyPassReverse / http://127.0.0.1:8080/
     RewriteEngine On
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
     RewriteRule ^/?(.*) ws://127.0.0.1:8080/$1 [P,L]
 </VirtualHost>
 ```

Done. https://upload.gnulinux.studio now writes straight into the real, live Navidrome music tree at `/opt/navidrome/music`. Everything appears and plays instantly.

### One-page note to yourself (for the other Navidrome thread)

This entire setup lives on the exact same VM `gnulinux.studio` that already runs Navidrome on the main domain.

- Navidrome is reachable at https://gnulinux.studio (primary vhost) - File Browser is reachable at https://upload.gnulinux.studio (separate Apache vhost, same Let’s Encrypt cert) - File Browser’s `–root` points directly at `/opt/navidrome/music` (Navidrome’s real library – no symlinks, no extra folder) - Write access for the `filebrowser` system user is granted exclusively by two ACL commands: 

```bash
setfacl -R -m u:filebrowser:rwx /opt/navidrome/music
setfacl -R -m d:u:filebrowser:rwx /opt/navidrome/music
```
No group membership, no setgid, no cron required for functionality.

- Navidrome continues to own most files and always has group `navidrome`, so it reads everything perfectly. - File Browser creates files as `filebrowser:navidrome` (group inheritance) → Navidrome plays them instantly.

oemb1905 2025/12/09 03:07

computing/filebrowser.1765249690.txt.gz · Last modified: by oemb1905

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki