diff --git a/filebrowser/config.json b/filebrowser/config.json index f0babc987..ee39caf63 100644 --- a/filebrowser/config.json +++ b/filebrowser/config.json @@ -6,15 +6,10 @@ "description": "filebrowser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit your files", "url": "https://github.com/alexbelgium/hassio-addons", "startup": "services", - "ingress": false, + "ingress": true, "ingress_port": 8099, "panel_icon": "mdi:file-search", - "arch": [ - "aarch64", - "amd64", - "armv7", - "armhf" - ], + "arch": ["aarch64", "amd64", "armv7", "armhf"], "ports": { "8080/tcp": 8087 }, @@ -22,19 +17,9 @@ "8080/tcp": "Web UI port" }, "apparmor": true, - "privileged": [ - "SYS_ADMIN", - "DAC_READ_SEARCH" - ], + "privileged": ["SYS_ADMIN", "DAC_READ_SEARCH"], "full_access": true, - "map": [ - "media:rw", - "config:rw", - "addons:rw", - "backup:rw", - "share:rw", - "ssl" - ], + "map": ["media:rw", "config:rw", "addons:rw", "backup:rw", "share:rw", "ssl"], "webui": "[PROTO:ssl]://[HOST]:[PORT:8080]", "environment": { "FB_BASEURL": "/filebrowser" diff --git a/filebrowser/rootfs/etc/nginx/includes/mime.types b/filebrowser/rootfs/etc/nginx/includes/mime.types new file mode 100644 index 000000000..7c7cdef2d --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/includes/mime.types @@ -0,0 +1,96 @@ +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/filebrowser/rootfs/etc/nginx/includes/proxy_params.conf b/filebrowser/rootfs/etc/nginx/includes/proxy_params.conf new file mode 100644 index 000000000..924ba949e --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/includes/proxy_params.conf @@ -0,0 +1,16 @@ +proxy_http_version 1.1; +proxy_ignore_client_abort off; +proxy_read_timeout 86400s; +proxy_redirect off; +proxy_send_timeout 86400s; +proxy_max_temp_file_size 0; + +proxy_hide_header X-Frame-Options; +proxy_set_header Accept-Encoding ""; +proxy_set_header Connection $connection_upgrade; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Host $http_host; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-NginX-Proxy true; +proxy_set_header X-Real-IP $remote_addr; diff --git a/filebrowser/rootfs/etc/nginx/includes/resolver.conf b/filebrowser/rootfs/etc/nginx/includes/resolver.conf new file mode 100644 index 000000000..6485af141 --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/includes/resolver.conf @@ -0,0 +1 @@ +resolver 127.0.0.11; diff --git a/filebrowser/rootfs/etc/nginx/includes/server_params.conf b/filebrowser/rootfs/etc/nginx/includes/server_params.conf new file mode 100644 index 000000000..09c06543e --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/includes/server_params.conf @@ -0,0 +1,6 @@ +root /dev/null; +server_name $hostname; + +add_header X-Content-Type-Options nosniff; +add_header X-XSS-Protection "1; mode=block"; +add_header X-Robots-Tag none; diff --git a/filebrowser/rootfs/etc/nginx/includes/ssl_params.conf b/filebrowser/rootfs/etc/nginx/includes/ssl_params.conf new file mode 100644 index 000000000..6f1500599 --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/includes/ssl_params.conf @@ -0,0 +1,9 @@ +ssl_protocols TLSv1.2; +ssl_prefer_server_ciphers on; +ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA; +ssl_ecdh_curve secp384r1; +ssl_session_timeout 10m; +ssl_session_cache shared:SSL:10m; +ssl_session_tickets off; +ssl_stapling on; +ssl_stapling_verify on; diff --git a/filebrowser/rootfs/etc/nginx/includes/upstream.conf b/filebrowser/rootfs/etc/nginx/includes/upstream.conf new file mode 100644 index 000000000..61ecbf251 --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/includes/upstream.conf @@ -0,0 +1,3 @@ +upstream backend { + server 127.0.0.1:8080; +} diff --git a/filebrowser/rootfs/etc/nginx/nginx.conf b/filebrowser/rootfs/etc/nginx/nginx.conf new file mode 100644 index 000000000..3648d92a2 --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/nginx.conf @@ -0,0 +1,56 @@ +# Run nginx in foreground. +daemon off; + +# This is run inside Docker. +user root; + +# Pid storage location. +pid /var/run/nginx.pid; + +# Set number of worker processes. +worker_processes 1; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Write error log to Hass.io add-on log. +error_log /proc/1/fd/1 error; + +# Load allowed environment vars +env HASSIO_TOKEN; + +# Load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Max num of simultaneous connections by a worker process. +events { + worker_connections 512; +} + +http { + include /etc/nginx/includes/mime.types; + + log_format hassio '[$time_local] $status ' + '$http_x_forwarded_for($remote_addr) ' + '$request ($http_user_agent)'; + + access_log /proc/1/fd/1 hassio; + client_max_body_size 4G; + default_type application/octet-stream; + gzip on; + keepalive_timeout 65; + sendfile on; + server_tokens off; + tcp_nodelay on; + tcp_nopush on; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + include /etc/nginx/includes/resolver.conf; + include /etc/nginx/includes/upstream.conf; + + include /etc/nginx/servers/*.conf; +} diff --git a/filebrowser/rootfs/etc/nginx/servers/ingress.conf b/filebrowser/rootfs/etc/nginx/servers/ingress.conf new file mode 100644 index 000000000..2349b5bde --- /dev/null +++ b/filebrowser/rootfs/etc/nginx/servers/ingress.conf @@ -0,0 +1,17 @@ +server { + listen %%interface%%:%%port%% default_server; + + include /etc/nginx/includes/server_params.conf; + include /etc/nginx/includes/proxy_params.conf; + + client_max_body_size 0; + + location / { + add_header Access-Control-Allow-Origin *; + proxy_connect_timeout 30m; + proxy_send_timeout 30m; + proxy_read_timeout 30m; + proxy_pass http://backend%%subpath%%; + } + +} diff --git a/filebrowser/rootfs/run.sh b/filebrowser/rootfs/run.sh index 2525aaef8..d6f841a34 100644 --- a/filebrowser/rootfs/run.sh +++ b/filebrowser/rootfs/run.sh @@ -5,38 +5,38 @@ ########## if bashio::supervisor.ping; then - bashio::log.blue \ - '-----------------------------------------------------------' - bashio::log.blue " Add-on: $(bashio::addon.name)" - bashio::log.blue " $(bashio::addon.description)" - bashio::log.blue \ - '-----------------------------------------------------------' + bashio::log.blue \ + '-----------------------------------------------------------' + bashio::log.blue " Add-on: $(bashio::addon.name)" + bashio::log.blue " $(bashio::addon.description)" + bashio::log.blue \ + '-----------------------------------------------------------' - bashio::log.blue " Add-on version: $(bashio::addon.version)" - if bashio::var.true "$(bashio::addon.update_available)"; then - bashio::log.magenta ' There is an update available for this add-on!' - bashio::log.magenta \ - " Latest add-on version: $(bashio::addon.version_latest)" - bashio::log.magenta ' Please consider upgrading as soon as possible.' - else - bashio::log.green ' You are running the latest version of this add-on.' - fi + bashio::log.blue " Add-on version: $(bashio::addon.version)" + if bashio::var.true "$(bashio::addon.update_available)"; then + bashio::log.magenta ' There is an update available for this add-on!' + bashio::log.magenta \ + " Latest add-on version: $(bashio::addon.version_latest)" + bashio::log.magenta ' Please consider upgrading as soon as possible.' + else + bashio::log.green ' You are running the latest version of this add-on.' + fi - bashio::log.blue " System: $(bashio::info.operating_system)" \ - " ($(bashio::info.arch) / $(bashio::info.machine))" - bashio::log.blue " Home Assistant Core: $(bashio::info.homeassistant)" - bashio::log.blue " Home Assistant Supervisor: $(bashio::info.supervisor)" + bashio::log.blue " System: $(bashio::info.operating_system)" \ + " ($(bashio::info.arch) / $(bashio::info.machine))" + bashio::log.blue " Home Assistant Core: $(bashio::info.homeassistant)" + bashio::log.blue " Home Assistant Supervisor: $(bashio::info.supervisor)" - bashio::log.blue \ - '-----------------------------------------------------------' - bashio::log.blue \ - ' Please, share the above information when looking for help' - bashio::log.blue \ - ' or support in, e.g., GitHub, forums or the Discord chat.' - bashio::log.green \ - ' https://github.com/alexbelgium/hassio-addons' - bashio::log.blue \ - '-----------------------------------------------------------' + bashio::log.blue \ + '-----------------------------------------------------------' + bashio::log.blue \ + ' Please, share the above information when looking for help' + bashio::log.blue \ + ' or support in, e.g., GitHub, forums or the Discord chat.' + bashio::log.green \ + ' https://github.com/alexbelgium/hassio-addons' + bashio::log.blue \ + '-----------------------------------------------------------' fi ###################### @@ -45,84 +45,80 @@ fi # Mount local Share if configured and if Protection Mode is active if bashio::config.has_value 'localdisks'; then - bashio::log.info 'Mounting local hdd...' - bashio::require.unprotected - MOREDISKS=$(bashio::config 'localdisks') - bashio::log.info "Local Disks mounting.. ${MOREDISKS}" && \ - for disk in ${MOREDISKS//,/ } # Separate comma separated values - do - bashio::log.info "Mount ${disk}" - mkdir -p /share/$disk && \ - if [ ! -d /share/$disk ]; then - echo "Creating /share/$disk" - mkdir -p /share/$disk - chown -R abc:abc /share/$disk - fi - mount /dev/$disk /share/$disk && \ - bashio::log.info "Success!" - done || \ - bashio::log.warning "Protection mode is ON. Unable to mount local drives!" + bashio::log.info 'Mounting local hdd...' + bashio::require.unprotected + MOREDISKS=$(bashio::config 'localdisks') + bashio::log.info "Local Disks mounting.. ${MOREDISKS}" && \ + for disk in ${MOREDISKS//,/ }; do # Separate comma separated values + bashio::log.info "Mount ${disk}" + mkdir -p /share/$disk && \ + if [ ! -d /share/$disk ]; then + echo "Creating /share/$disk" + mkdir -p /share/$disk + chown -R abc:abc /share/$disk + fi + mount /dev/$disk /share/$disk && \ + bashio::log.info "Success!" + done || \ + bashio::log.warning "Protection mode is ON. Unable to mount local drives!" fi || true #################### # MOUNT SMB SHARES # #################### if bashio::config.has_value 'networkdisks'; then - # Mount CIFS Share if configured and if Protection Mode is active - bashio::log.info 'Mounting smb share(s)...' + # Mount CIFS Share if configured and if Protection Mode is active + bashio::log.info 'Mounting smb share(s)...' - # Define variables - MOREDISKS=$(bashio::config 'networkdisks') - CIFS_USERNAME=$(bashio::config 'cifsusername') - CIFS_PASSWORD=$(bashio::config 'cifspassword') - MOUNTED=false - SMBVERS="" - SECVERS="" + # Define variables + MOREDISKS=$(bashio::config 'networkdisks') + CIFS_USERNAME=$(bashio::config 'cifsusername') + CIFS_PASSWORD=$(bashio::config 'cifspassword') + MOUNTED=false + SMBVERS="" + SECVERS="" - if bashio::config.has_value 'cifsdomain'; then - DOMAIN=",domain=$(bashio::config 'cifsdomain')" - else - DOMAIN="" - fi - - # Mounting disks - for disk in ${MOREDISKS//,/ } # Separate comma separated values - do - # Clean name of network share - disk=$(echo $disk | sed "s,/$,,") # Remove / at end of name - diskname=${disk//\\//} #replace \ with / - diskname=${diskname##*/} # Get only last part of the name - # Prepare mount point - mkdir -p /mnt/$diskname - chown -R root:root /mnt/$diskname - - #Tries to mount with default options - mount -t cifs -o rw,username=$CIFS_USERNAME,password=${CIFS_PASSWORD}$DOMAIN $disk /mnt/$diskname 2>ERRORCODE && MOUNTED=true || MOUNTED=false - - # if Fail test different smb and sec versions - if [ $MOUNTED = false ]; then - for SMBVERS in ",vers=3" ",vers=1.0" ",vers=2.1" ",vers=3.0" ",nodfs" ",uid=0,gid=0,forceuid,forcegid" ",noforceuid,noforcegid" ",${DOMAIN}" - do - mount -t cifs -o rw,iocharset=utf8,file_mode=0777,dir_mode=0777,username=$CIFS_USERNAME,password=${CIFS_PASSWORD}$SMBVERS $disk /mnt/$diskname 2>/dev/null && MOUNTED=true && break || MOUNTED=false - for SECVERS in ",sec=ntlmi" ",sec=ntlmv2" ",sec=ntlmv2i" ",sec=ntlmssp" ",sec=ntlmsspi" ",sec=ntlm" ",sec=krb5i" ",sec=krb5" - do - mount -t cifs -o rw,iocharset=utf8,file_mode=0777,dir_mode=0777,username=$CIFS_USERNAME,password=${CIFS_PASSWORD}$SMBVERS$SECVERS $disk /mnt/$disk name 2>/dev/null && MOUNTED=true && break 2 && break || MOUNTED=false - done + if bashio::config.has_value 'cifsdomain'; then + DOMAIN=",domain=$(bashio::config 'cifsdomain')" + else + DOMAIN="" + fi + + # Mounting disks + for disk in ${MOREDISKS//,/ }; do # Separate comma separated values + # Clean name of network share + disk=$(echo $disk | sed "s,/$,,") # Remove / at end of name + diskname=${disk//\\//} #replace \ with / + diskname=${diskname##*/} # Get only last part of the name + # Prepare mount point + mkdir -p /mnt/$diskname + chown -R root:root /mnt/$diskname + + #Tries to mount with default options + mount -t cifs -o rw,username=$CIFS_USERNAME,password=${CIFS_PASSWORD}$DOMAIN $disk /mnt/$diskname 2>ERRORCODE && MOUNTED=true || MOUNTED=false + + # if Fail test different smb and sec versions + if [ $MOUNTED = false ]; then + for SMBVERS in ",vers=3" ",vers=1.0" ",vers=2.1" ",vers=3.0" ",nodfs" ",uid=0,gid=0,forceuid,forcegid" ",noforceuid,noforcegid" ",${DOMAIN}"; do + mount -t cifs -o rw,iocharset=utf8,file_mode=0777,dir_mode=0777,username=$CIFS_USERNAME,password=${CIFS_PASSWORD}$SMBVERS $disk /mnt/$diskname 2>/dev/null && MOUNTED=true && break || MOUNTED=false + for SECVERS in ",sec=ntlmi" ",sec=ntlmv2" ",sec=ntlmv2i" ",sec=ntlmssp" ",sec=ntlmsspi" ",sec=ntlm" ",sec=krb5i" ",sec=krb5"; do + mount -t cifs -o rw,iocharset=utf8,file_mode=0777,dir_mode=0777,username=$CIFS_USERNAME,password=${CIFS_PASSWORD}$SMBVERS$SECVERS $disk /mnt/$disk name 2>/dev/null && MOUNTED=true && break 2 && break || MOUNTED=false done - fi + done + fi - # Messages - if [ $MOUNTED = true ]; then - #Test write permissions - touch /mnt/$diskname/testaze && rm /mnt/$diskname/testaze && bashio::log.info "... $disk successfully mounted to /mnt/$diskname with options $SMBVERS$SECVERS" || bashio::log.fatal "Disk is mounted, however unable to write in the shared disk. Please check UID/GID for permissions, and if the share is rw" - else - # message if still fail - bashio::log.fatal "Unable to mount $disk to /mnt/$diskname with username $CIFS_USERNAME, $CIFS_PASSWORD. Please check your remote share path, username, password, domain, try putting 0 in UID and GID" # Mount share - bashio::log.fatal "Error read : $( /dev/null || true - rm /config/filebrowser/filebrowser.dB &> /dev/null || true + rm /data/auth &>/dev/null || true + rm /config/filebrowser/filebrowser.dB &>/dev/null || true touch /data/noauth NOAUTH="--noauth" bashio::log.warning "Auth method change, database reset" @@ -166,14 +181,17 @@ if bashio::config.true 'NoAuth'; then bashio::log.info "NoAuth option selected" else if ! bashio::fs.file_exists "/data/auth"; then - rm /data/noauth &> /dev/null || true - rm /config/filebrowser/filebrowser.dB &> /dev/null || true + rm /data/noauth &>/dev/null || true + rm /config/filebrowser/filebrowser.dB &>/dev/null || true touch /data/auth bashio::log.warning "Auth method change, database reset" fi bashio::log.info "Default username/password : admin/admin" fi -bashio::log.info "Please wait 1 or 2 minutes to allow the server to load" +bashio::log.info "Starting..." -/./filebrowser $CERTFILE $KEYFILE --root=/ --address=0.0.0.0 --database=/config/filebrowser/filebrowser.dB $NOAUTH +/./filebrowser "$CERTFILE $KEYFILE --root=/ --address=0.0.0.0 --database=/config/filebrowser/filebrowser.dB $NOAUTH" & +bashio::net.wait_for 8080 localhost 900 || true +bashio::log.info "Started !" +exec nginx