remote web file manager for freenas

September 11th, 2011 by nebhead

Another geeky freenas related post today.  All those not interested in reading through techy garbage, please feel free to leave early.  For those of you here to learn about said techy garbage, please open your text books to page 204 and follow along.

For some time now, I have been aware of the rather handy feature that Windows Home Server boasts with a web based file manager (I believe they call it Remote Web Access or some such generic name).  Being a stalwart FreeNAS guy, I was impressed, but didn’t let my jealousy shine through.  How cool is it that you can log into your NAS from outside the network and upload/download any file that is there via a spiffy web interface?  Very cool.  Want.

Sure, you can setup an FTP server, but I really don’t like exposing an FTP to the outside world.  Too many security issues with FTP.  Yes,  I know you can setup an SSH tunnel and do FTP, but that’s kinda boring and not everyone has the patience to setup their own SSH client, etc. Plus I wanted an easy way to allow my friends and/or family to log into the server to grab things like photos or videos or even upload their own files.  I’m certainly not going to get 99% of these folks to setup a secure FTP session via SSH.

Recently, I came across this LifeHacker article about setting up FreeNAS to run SickBeard and SABnzbd to do a sort of Internet PVR.  After reading this, and seeing the techniques they used to get this up and running I was suddenly inspired to work on the above project.  I knew there had to be a way to shoehorn something in.  So I began to look at my options.  I finally stumbled upon a slick PHP/Ajax based Web File Manager front end with decent security that would work for me and decided to give it a shot.  (Ajaxplorer)

If you want to be the master of your domain, and show your Windows Home Server friends up, then this setup is for you.  Enough background, let’s get started.

Get the Necessary Pieces:

  • Step 1: Go to the Ajaxplorer website and download the latest zip (http://ajaxplorer.info).  As of the publication of this post, I downloaded Ajaxplorer v3.2.4 and I should also mention that I am using FreeNAS 0.7 in my configuration.  (sorry FreeNAS 8 folks, but I’m guessing these steps will work equally well on your server?)
  • Step 2: No step two?  Alright, on with it!

Configure FreeNAS:

  • Step 1: Open the admin web interface and navigate to the “Services” tab.
  • Step 2: Open “Webserver”
  • Step 3: Check the box to “Enable” your LightHTTPd webserver in the upper right hand corner (this doesn’t actually instantly enable anything, just allows you to start configuring)
  • Step 4: Choose HTTP from the protocol drop down (at least initially – we’ll talk about securing this before we poke a hole in your router and expose the NAS to the internet)
  • Step 5:  Select a port number (i.e. 1234).  (don’t select port 80, try not to conflict with other ports on the server and of course something between 0-64999)
  • Step 6: Choose webserver base directory (or document root).  I put mine on my mounted drives, rather than installing directly on the flash drive (OS drive).  For example:  \mnt\sharename\www\ (of course you will need to go and create this directory on your drive first)
  • Step 7: Leave Authentication and Directory Listing un-checked.
  • Step 8: Click the “Save and Restart” button.  You should get message stating: “The changes have been applied successfully” after a few tense seconds.

Install Ajaxplorer

  • Step 1: Unpack the ajaxplorer-3.x.x.zip into a directory off of your webserver base.  For example “. \www\ajxp”.  Confirm that all of the directories and files were created properly and that permissions were set properly (see this page for more details: http://www.ajaxplorer.info/wordpress/documentation-3/chapter-basics/ ).
  • Step 2: Point your browser to your FreeNAS IP and new webserver port (i.e. http://192.168.1.101:1234/ajxp) to get started.   A diagnostic tool will be ran once to check that your configuration is ok.  On FreeNAS you’ll get some warnings letting you know that you won’t have image previews due to the lack of PHP5, etc.  Despite these warnings you should have a mostly functional web file manager installed.
  • Step 3: Click continue and you should see a warning telling you that the user « admin » has been created with the password « admin » : log in with this id/password, and go the the « Settings » panel to change the admin password.
  • Step 4: Configure your users and repositories.  (http://www.ajaxplorer.info/wordpress/documentation-3/chapter-features/gui-overview/ )

Additional Security Concerns

I’m not much of a security expert, however it was absolutely essential to me that this be a decently secure solution.   I really don’t want people hacking around in my NAS from the outside.

In this configuration there are at least 3 caveats with regards to security:

  1. When using this interface over the internet, the traffic is unencrypted (as is your login and password).  You’ll want to setup a secure connection to your FreeNAS box and the easiest way to do this is to configure HTTPS on your box.  (http://www.freenaskb.info/kb/?View=entry&EntryID=284 ).  You’ll be self-signing your certificate, which means that your credentials will not be recognized by any reputable certificate authority – and that your browser will likely throw up all kinds of alarm bells when accessing your site.  But since you know you’re trustworthy, you can just ignore those warnings.  Do this step first such that you can generate the credentials, and the configuration file for your webserver – in the next step we’re going to use the newly created configuration as a base for a new webserver.  Just read on…
  2. FreeNAS’s LightHTPPd does not support .htaccess files (which are for Apache), which means that you’ll need to go and lock down any sensitive directories (i.e. .\server\conf, etc. ) manually.  Although it seems it may not be necessary after poking around a bit more, better safe than sorry.  More information can be found here: http://redmine.lighttpd.net/wiki/1/Docs:ModAccess.  I found that there are two configuration files under FreeNAS.  One for the WebUI and one for the web server that you just enabled.  You’ll want to edit the configuration file found here: \var\etc\websrv.conf.  Add something like this to the end of the file:

    $HTTP[“url”] =~ “^/ajxp/server/conf” {
    url.access-deny = (“”)
    }

    Now, to my surprise, if you disable and re-enable the webserver via the web UI or reboot the system you’ll completely blow away any changes you made to the config file (http://sourceforge.net/apps/phpbb/freenas/viewtopic.php?f=86&t=1941). This is apparently how FreeNAS is designed. So, here’s how I got around things. I made a copy of the websrv.conf file named mywebsrv.conf and instead of launching the default web server, launched my own via a config script. Do this by adding the following to System > Advanced > Command Scripts:

    /usr/local/sbin/lighttpd -D -f /var/etc/mywebsrv.conf -m /usr/local/lib/lighttpd

    Make this a post-init script meaning it runs after the system boots and initializes.  Ensure to add all of the directories that you would like to deny access to into the configuration file.  After you’re done with this step, make sure you disable the other default webserver via the web gui before you reboot the system. This should do the trick and forbid access to your sensitive directories.

  3. Ajaxplorer comes with a standard Admin account creatively named ‘admin’ so you’ll probably want to change that to avoid dictionary attacks.  I created a new account with admin privileges and a strong password and then deleted the admin account.

If you’re reading this and can think of more, please do let me know so that I can plug those holes too.

Poke a Hole in your Router

Because everyone has a different type of router at home, I won’t even attempt to begin to tell you how to do this.  However, you’ll want to make sure that you port-forward whatever port you defined in your LightHTTPd configuration above.  You can use a different outside port if you desire, but I like to keep it simple and use the same port number.

Now you can access your stuff anywhere you have an Internet connection.  If you have a Dynamic DNS service to help you remember your IP, even better!

Final Thoughts

While I’m pretty happy with the results, I’m sure there are improvements that can be made to the installation etc.  Others have used Ajaxplorer in place of the Quixplorer that is currently running on FreeNAS (which can be used on the internal network).  Ajaxplorer can be a bit sluggish, and it doesn’t integrate perfectly with FreeNAS, but it gets the job done.  If you have any suggestions, tweaks or improvements let me know and I’ll include them here!  I hope this helps anyone that has been thinking of doing this.  It’s certainly been a learning experience for me.

8 Responses to “remote web file manager for freenas”

  1. Gravatar dave Says:

    Step 1: Install WHS.
    Step 2. There is no step two.

    Win.

  2. Gravatar nebhead Says:

    You forgot the real step 1: Go to Best Buy and purchase WHS for $100.

  3. Gravatar MrEd Says:

    1) The FREE in FreeNAS is pretty much the point.

    2) FreeNAS is NOT Windows…thank god.

    Thanks for the how to, it gave me a new option
    to play with.

  4. Gravatar gotch Says:

    It seems that this tutorial broke my Nas4Free webGui interface… Do you know how to fix it ? thx

  5. Gravatar nebhead Says:

    Yikes! I’m sorry, I don’t since NAS4Free is an entirely new piece of software which is much different than the FreeNAS7 project – anything could have gone wrong. I hope figure it out! Best of luck.

  6. Gravatar Matthew Says:

    This article is exactly what I have been looking for; though as I go through the “Setting Up FreeNAS” section; I am perplexed about the enable web server instructions you mention. I am new to FreeNAS, and it seems a lot has changed lately in the WebGUI. It would seem the options you are specifying may either no longer be there; or are disguised as different terms in the newest release. Any help you could give would be greatly appreciated. This is otherwise the most complete guide to get me going on what I would like to accomplish with my new FreeNAS system.

  7. Gravatar nebhead Says:

    Hey Matthew – I really wish I could help out, but I’ve moved off of the FreeNAS server and onto Ubuntu Server instead. I’m sure that the new FreeNAS could run the web file manager (Ajaxplorer) as well, but you may still have to play games with setting up the webserver. I found that it potentially conflicts with the WebGUI, so I didn’t want to break that functionality. Anyway, good luck – I hope it works out for you.

  8. Gravatar Rina Says:

    Thanks for the tutorial! I tried using it on FreeNAS 8, but was having trouble setting up a web server, since they did away with the built-in one in this version. I did, however, get it to work on Nas4Free. This was a big help!

Leave a Reply