Filerun - Self-Hosted File Sync and Sharing
-
Damn, this app is fast, even as a web app....
-
@necrevistonnezr Yes, I noticed the same. Very snappy and a joy to use compared to similar interfaces.
I wondered if the dev used some neat tricks more devs could learn to use too.
-
@robi Compared to other similar apps, I've always appreciated that I could easily install this one* because it is basically just a php app run on Apache. So many others have extra steps or software, like RoR for Redbooth (or whatever it was before), weird installs like using Dazzle with Sparkleshare, Pydio and it's own executables, NodeJS or Java apps which I could never get to run, or even a few whose names I forget that use Python (about which I would always, of course, forget about activating the env). The day I discovered FileRun, gave it a try, and it installed and ran was one of the happiest days of my life, superceded only when I discovered Cloudron.
(*That said, I also like ResourceSpace though it's slower than FileRun.)
-
I'm seriously considering the switch from Nextcloud to Filerun. I'm trying to find more info on the security side of things. From what I can gather from the documentation and the Changelog
In general,
- 2FA is supported out of the box,
- each WebDAV App gets a separate password that can be revoked,
- except for the
superuser
account, all accounts are protected against brute force attack
https://filerun.com/changelog lists a
Security audit by Christian Poeschl and Tobias Braeutigam, from "syntegris information solutions GmbH".
but it wasn't published, it seems.
From the documentation: https://docs.filerun.com/doku.php?id=secure&rev=1641578988
Securing the FileRun installation
Once you have FileRun running, it is strongly recommended to follow these steps in order to secure it:- The default user account, superuser, is the only account not protected against brute force login attacks, so it is very important that you set a password that cannot be guessed by a computer. Set a long password, containing also uppercase letters, digits and symbols.
- Accessing the FileRun installation via SSL|SSL/HTTPS, instead of plain HTTP will strongly increases your data security. Get a free SSL certificate for your server here: https://letsencrypt.org
- Make sure
session.cookie_httponly
is set to On, in your server's PHP configuration file, for increased security against cross-site-scripting attacks. - Update the configured MySQL user account and remove the ALTER and DROP privileges. (You might need to add these back before installing any FileRun update.)
- If you are on a shared hosting service, make sure the permissions of the FileRun application files do not allow PHP (or any other web server application) to make changes to them. Make an exception for the system/data folder and its contents, where FileRun needs to be able to make changes.
- Make sure
display_errors
is set to Off, in your server's PHP configuration file. - Register your FileRun installation, from the control panel, under Software licensing, to be able to keep the installation secure and up to date!
-
@necrevistonnezr It's been working very well for me thus far. Security seems decent - 2fa definitely helps with that. WebDAV is nice too as nextcloud apps can sync with that. It's also much faster since it doesn't have many apps/plugins installed from the get-go.
-
-
BTW if you had non-critical errors displayed by the Nextcloud desktop client, see https://feedback.filerun.com/en/communities/1/topics/1501-nextcloud-macos-client-sync-errors-a-different-e-tag-to-proceed-was-received
-
-
-
The only problem is that there is no more Free version: https://filerun.com/pricing. At least here if you already have it installed you are grandathered into the Free one: https://docs.filerun.com/filerun_install_guide. But 99eur is not too bad, I guess.