FileCloud in AWS

FileCloud is powerful software, delivering a secure, enterprise-grade self-hosted file sharing and content collaboration platform that can be integrated with Amazon Web Services (AWS).

This article outlines the deployment of FileCloud using AWS infrastructure, specifically withn Amazon EC2 and using Amazon S3 for stroage. It discusses typical deployment scenarios, the necessary prerequisites, architecture illustrations, planning recommendations, security protocols, cost analysis, and operational procedures. To successfully implement FileCloud, understanding its architecture and how it interacts with AWS services is essential.

The community edition provides an annual licence for 5 full accounts, with 10 external accounts. Community edition can be self-hosted on your Windows or Linux servers or in your own account in a supported Infrastructure as a Service (IaaS) provider. For our review we installed it in Amazon EC2, using Amazon S3 for storage, using the FileCloud provided Amazon Machine Image (AMI) which is avaliable from AWS Marketplace.

The enterprise edition is the same software with a licence key unlocking more functionality. It has a variety of subscription tiers and hosting options and provides more advanced governance, Single Sign-On, Support for Duo or text based authentication and third party integration support for example for SalesForce.

You need to have a good knowledge of AWS, Linux, virtual machines and web applications to get FileCloud running and need to carefully consider, document and work through the prerequisites, security measures, operational guidance, updates, security and backup procedures.

TL:DR: FileCloud runs in AWS using encrypted Amazon S3. FileCloud Community Edition is free to use with some limitations, but a thorough understanding of AWS, Linux, and the potential cost is vital for a successful implementation.

Introduction to FileCloud on AWS
Pros and Cons of FileCloud on AWS
Licensing
Community Edition
Typical deployment scenario for FileCloud on AWS
Prerequisites for deployment
Instance Type
Region
SSH
FileCloud architecture overview
Security considerations
Cost and sizing considerations
Deployment guidance
Launching the FileCloud AMI
AWS Marketplace
Configuring Security Groups
Key Pair
Elastic IP Allocation
Running the instance and login with SSH
S3 VPC endpoint
Configuration of FileCloud
SSL
Initial Admin of your Filecloud system
Install the Licence
Email Settings
Setting FileCloud to use S3
Configure S3 settings in Filecloud admin
Checking your system is properly set up
Operational guidance
Backup and recovery procedures
Routine maintenance and emergency procedures
Reference materials for further exploration
Conclusion
Notable issues
Discovering the FileCloud Admin URL
Encrypted PHP app

Introduction to FileCloud on AWS

FileCloud is an enterprise-grade, self-hosted file sharing and synchronization platform. Unlike generic cloud storage solutions, FileCloud allows for on-premise or hybrid deployments while utilising AWS for infrastructure scalability and reliability. This setup aligns with compliant data governance requirements across various industries.

FileCloud provide Amazon Machine Images (AMI's) specifically prepared for both Ubuntu and Windows Server, with a Bring Your Own License (BYOL) model enabling organizations to deploy FileCloud on AWS EC2 with complete control over configuration, licensing, and compliance. Pairing this setup with Amazon S3 as the backend for storage offers scalability, durability, and separation of compute from storage a modern pattern for cloud-native platforms.

Upon initiating a deployment, users should note the need for adequate AWS knowledge to utilise the various services, particularly EC2 and S3. The AMIs available can be obtained through the AWS Marketplace.

This article only refers to the FileCloud provided Ubuntu Linux BYOL AMI. Other AWS AMI's are available.

Pros and Cons of FileCloud on AWS

Pros

Deploy a hyper-secure content collaboration platform so you can access files, photos, and videos anywhere from any device.
FileCloud provide an Amazon machine image (AMI) which you can apply your license to.
FileCloud supports AWS S3 for storage.
Gain complete data ownership and control.
Access files remotely through a virtual drive or offline with FileCloud’s sync app.
Trusted by 1000’s of enterprises around the globe.

Cons

The recommended AWS instance type has an associated cost.
FileCloud doesnt work adequately on a lower than recommended instance type.
Setting up external shared storage on Amazon S3 is hard.
Let's Encrypt works well but isn't really supported, You'll need to install Certbox (on Linux) yourself.
Upgrades to the AMI and its underlying OS are a concern.
License expiry is a concern. It's all your data!
The FileCloud software does not play nicely with other virtual hosts. It expects to 'own' the lamp stack and the rest of the software on the machine.

Licensing

Community Edition

You can get a one-year free license for FileCloud Community Edition and Self-host FileCloud Community Edition on your Windows or Linux servers or preferred IaaS provider (AWS, Azure) You can swap this out for a paid licence if you need to once everything is working as intended.

Typical deployment scenario for FileCloud on AWS

The typical customer deployment for FileCloud on AWS varies based on organisational size and specific operational needs. Smaller organisations may choose to store files on volumes directly attached to the instance on EC2 or within Elastic Block Store (EBS), while larger enterprises benefit significantly from utilizing AWS S3 for enhanced scalability and reliability. S3 is a preferred solution for medium to large deployments owing to its cost-effectiveness and elastically scalable architecture, but it requires more complex setup.

An architecture diagram depicting a simplified setup shows the service is securely available only via HTTPS through the Elastic IP address and how the EC2 instance accesses S3 through a gateway endpont, keeping traffic inside AWS. It is good practice to create your own deployment diagrams as a reference.

Prerequisites for deployment

Before beginning, an AWS account with administrative access is required. The deployment process touches multiple services — EC2, S3, IAM, and potentially Route 53, your VPC and an Elastic IP — so permissions need to be expansive or specifically tailored. Familiarity with S3’s object storage model and Amazon EC2 is recommended.

Instance Type

FileCloud recommend an instance that is not eligible for the free tier and will be subject to AWS Billing. Change the instance type to t2.micro you want to try FileCloud out in the free tier but be aware that this is below the minimum instance type recommended and takes a long old time to start up and become available - up to 30 minutes, and may have performance or lack of responsiveness issues.

For best performance FileCloud recommends using an 'M' series instance type with a minimum requirement of m5.large. If you selected an Instance Type of t2.medium or t3.medium, then FileCloud recommend enabling T2/T3 unlimited which is an optional billing feature for burstable performance for EC2 instance types 'T2' and 'T3', allowing them to burst CPU usage beyond their baseline for as long as needed without being throttled — but with potential extra charges. t2.micro does not support this burstable performance.

Region

Region selection has both technical and regulatory implications. Lower latency for users, data sovereignty laws, and AWS service availability should guide your choice. FileCloud S3 buckets should reside in the same region as the FileCloud EC2 instance to reduce latency and avoid inter-region data transfer costs provided you set up gateway connectivity correctly.

We use eu-west-2 (London) for everything possible. However, some AWS services like IAM can't be set to a specific region and the AWS console has a bad habit of setting itseld back to the US region despite your preferences. Awlays check you are in the right region.

SSH

Prior experience with SSH is essential for establishing a secure connection to the EC2 linux instances running FileCloud. These remote access protocols ensure that administrators can configure systems without physical access to servers using a key pair.

FileCloud architecture overview

The underlying architecture of FileCloud on AWS fundamentally revolves around its reliance on multiple AWS services, notably EC2 and S3. FileCloud AMIs come with the FileCloud app, written in PHP and Apache Web Server and MongoDB pre-installed, ensuring that user data is organised efficiently along with file metadata. This database layer is essential for the application to function correctly, as data operations depend on this structure.

A significant advantage of the architecture is the option for businesses to configure document preview and full-text search capabilities right out of the box, which enhances user experience and access. Notably, once deployed, switching storage types is not advisable, making it essential to plan storage requirements based on future growth expectations right from the start.

Security considerations

Security is a concern within the deployment of any cloud application, and FileCloud ensures that protective measures are in place. Critical security features include encryption at rest, where sensitive data is safeguarded through various encryption techniques. AWS key management systems can facilitate this process, ensuring that access is tightly controlled.

IAM policies are another focal point, especially concerning S3 storage access. Correctly configuring these policies will determine which users have permission to read, write, or delete files within the specified S3 bucket. This aspect reinforces the importance of role-based access control, ensuring users interact with data in compliance with organisational policies and user permissions.

Cost and sizing considerations

Establishing a budget for deploying FileCloud on AWS involves understanding the associated costs with EC2 instances, EBS, and S3 services. Costs can fluctuate based on the instance types selected, the number of instances running, and the storage solution utilised. FileCloud provides guidelines for estimating necessary resources, ensuring that users can anticipate their expenses.

Organisations must consider both capital expenditure for provisioning resources and operational costs for ongoing usage. Initiating smaller instances can provide an excellent entry point, allowing businesses to scale their infrastructure in line with evolving needs while managing costs effectively. This flexibility can be particularly beneficial for growing organisations.

Deployment guidance

To launch a FileCloud deployment on AWS, users can follow a series of straightforward steps. Initially, after logging into the AWS Console, the user would navigate to the EC2 section and locate the instances that are available to create using the FileCloud AMI. After launching the instance, configuring the appropriate security groups and ensuring ports are correctly set is vital for enabling access.

Next, setting up an S3 bucket for external storage requires configuring bucket policies and IAM user roles. Security measures must extend beyond the initial setup, ensuring that access controls are rigorously applied.

Launching the FileCloud AMI

AWS Marketplace

Search for the official FileCloud AMI from the AWS Marketplace or directly via the EC2 launch wizard. You can find it by looking for "FileCloud" and checking the details. There are several AMI's available.

Delivery method: Amazon Machine Image (AMI)
Delivery option: 64-bit (x86) Amazon Machine Image (AMI)
Latest version: 23.242.0.29412
Operating system:Ubuntu 22.04

Configuring Security Groups

Security groups act as the instance’s virtual firewall. The AWS Marketplace will allow you to create a Security Group with the recommended ports open. Create it and select it as the Security Group for your installation. This will allow inbound access on ports 80 (HTTP), 443 (HTTPS), 22 (SSH). Outbound traffic should be unrestricted unless specific compliance restrictions require further filtering beyond the scope of this article.

Key Pair

You'll need to set up or use an existing Key Pair in EC2 to access the instance after launch.

Elastic IP Allocation

An Elastic IP address is a static IPv4 address designed for cloud computing. A persistent public IP simplifies DNS configuration and avoids IP drift on reboots. You can allocate an Elastic IP from the AWS console and associate it with the FileCloud instance immediately after launch to lock it in.

AWS charges $0.005 per hour for each public IPv4 address, including Elastic IP (EIP) addresses, regardless of whether they are associated with a running EC2 instance or not. This equates to approximately $3.60 per month per IP address (assuming 720 hours in a 30-day month). However, AWS offers 750 hours of free public IPv4 address usage per month under the AWS Free Tier. This means that if your usage stays within this limit, you won't incur charges for the public IP addresses. Usage beyond 750 hours per month will be billed at the standard rate.

Running the instance and login with SSH

Once the Security Group is set up, a Key Pair is assigned and it can be launched.

Once launched it should change state to 'Running'. You can ensure system health in the AWS console. Use SSH key pair to connect to the instance via the terminal. Default user is ubuntu. Be patient.

Smaller instances can take 15-30 minutes to finish startup and allow the admin pages to load and ssh to become available.

S3 VPC endpoint

FileCloud need to be able to connect to S3. You can access Amazon S3 from your VPC using gateway VPC endpoints. There is no additional charge from AWS for using gateway endpoints. After you create the gateway endpoint, you can add it as a target in your route table for traffic destined from your VPC to Amazon S3.

Configuration of FileCloud

FileCloud is flexible, but some installation choices are easier than others. An obvious choice in AWS is to use AWS S3 for storage but this is tricky to set up effectively.

SSL

SSH into your FileCloud instance and get an SSL certificate. I used Let's Encrypt with the Ubuntu BYOL AMI in AWS Marketplace.

Install Certbot, the tool for getting a Let's Encrypt SSL certificate. Run this command on the command line on the machine to install Certbot. sudo snap install --classic certbot
Get your certificate using Certbot sudo certbot --apache this assumes your external IP address is verifiable by your domain provider.
Certbot uses a systemd timer that will renew your certificates automatically before they expire. You can see it here systemctl list-timers You will not need to run Certbot again, unless you change your configuration.

Let's Encrypt certificates work well for FileCloud and adds 000-default-le-ssl.confand modifies 000-default.conf in sites enabled in Apache2. These changes are not quite in the form expected by the FileCloud AMI so you may notice some warnings when you update FileCloud in the future.

I'd like to suggest that FileCloud developers embrace Let's Encrypt as a supported part of the AMI in the future.

Initial Admin of your Filecloud system

Once SSL is working you can turn to administration of the FileCloud plaform using a web browser. Initially in the AMI HTTP is enabled to allow you to get to the instance before completing SSL setup. In FileCloud this is set through a configuration file in /var/www/html/config (Linux). Edit the file cloudconfig.php and change TONIDOCLOUD_SECURE_COOKIE from "0" which enables login during setup using HTTP. If you've correctly configured SSL you'll be able to log in to the Administrator site using HTTPS and you should set TONIDOCLOUD_SECURE_COOKIE to "1" in cloudconfig.php to prevent login with HTTP.

Lots of people seem to have trouble finding the Admin link to their FileCloud AMI, and wrongly concluse that its broken. It is more a documentation problem. Look for the URL ending in /ui/admin2/index.html Inside your VPC you could use the internal IP address, outside your VPC the External IP address or more likely an Elastic IP address associated with your domain. Anyhow the crucial part of the documentation thats incorrect is the 2 in the URL. You're welcome!

The username is admin and the password is the instance ID from EC2

Admin URL is in the form https://yourexternaldomainname.com/ui/admin2/index.html

Install the Licence

From the Admin interface Install the FileCloud License you created earlier
Next, set the Server URL for FileCloud to something other than localhost that is resolvable on your network

Email Settings

Now on to email. Unfortunately setting up XOAUTH2 is extraordinarily complicated.
However, if you have simple domain based email just follow the instructions in the usual way in your service providers email system.

Setting FileCloud to use S3

This is slightly odd in that the main S3 settings config file needs to be moved into place manually from the command line via SSH. I guess that this is justified as a one-time only operation on initial setup but its still a little bit odd since there is a whole Admin UI for Storage.

Change the Storage Type - edit /var/www/html/config/cloudconfig.php find define("TONIDOCLOUD_STORAGE_IMPLEMENTATION", "local"); and change it to define("TONIDOCLOUD_STORAGE_IMPLEMENTATION", "amazons3");
Rename /var/www/html/config/amazons3storageconfig-sample.php to /var/www/html/config/amazons3storageconfig.php.

Enable optimised upload in AWS by adding a CORS policy to the bucket and your FileCloud URL to the .htaccess file.

Find the name of your FileCloud bucket at https://console.aws.amazon.com/s3/ .

Choose Permissions, and then choose CORS configuration.
In the CORS configuration editor text box, add a CORS configuration like this:

[
    {
        "AllowedHeaders": [
            "*"
        ],
        "AllowedMethods": [
            "GET",
            "PUT",
            "POST",
            "DELETE"
        ],
        "AllowedOrigins": [
            "https://yourfileclouddomainnamehere.com"
        ],
        "ExposeHeaders": [
            "ETag"
        ],
        "MaxAgeSeconds": 3000
    }
]

Click Save

Edit the FileCloud Server .htaccess file which is /var/www/.htaccess contains the line connect-src 'self' *.amazonaws.com
Restart the FileCloud server.

I'd like to suggest that FileCloud developers make the S3 settings configurable from the Admin Web UI out of the box rather than by the editing of config files in a terminal. Even better if the AMI was pre-configured for S3 storage and had some automagic setup using AWS CloudFormation which could easily automate the infrastructure deployment to avoid all this manual setup and console editing complexity.

Configure S3 settings in Filecloud admin

The S3 storage settings will magically appear now in Storage Settings.

Add your S3 Key and ddd your S3 secret. You'll need to set up a User with a Secret and grant access to S3 in IAM.
Add the s3 region, we chose eu-west-2, it should be the same region as your own FileCloud instance.
Populate any of thee other optional fields.
Optionally set S3 Managed Storage Encryption to protect data at rest. Its probably best to do this now before you have data in storage.

Checking your system is properly set up

Run the check in the Admin UI and fix any reported issues.

Operational guidance

Operational guidance consists of routine checks to ensure system integrity. Administrators should routinely monitor system performance, troubleshoot common issues, and maintain regular backups. Educating teams on best practices for file sharing and data management within the FileCloud environment enhances overall productivity and reduces potential mishaps associated with data governance.

Conducting regular health check-ups on the AWS infrastructure is also recommended. This process can ensure optimal performance levels by observing resource metrics, identifying bottlenecks, and ensuring no components are experiencing failure. Employment of AWS CloudWatch can assist in automating many monitoring functions which further enhances efficiency.

Backup and recovery procedures

Data loss can have severe implications for any business, making comprehensive backup and recovery procedures necessary. Scheduled backups of file systems ensure that up-to-date versions of files are consistently available for recovery.

The FileCloud backup approach is best managed by snapshots of the EC2 instance Utilising automated scripts can streamline these processes, minimising human error and ensuring that backups run according to predetermined schedules.

You can also connect to your FileCloud instance via ssh and make separate backups of the database to S3.

cd /var/lib/mongodb
sudo service mongod stop
sudo aws s3 sync . s3://my-bucket/backuk_of_filecloud_mongdb_dir/
sudo service mongod start

You can restore this database to a newly created FileCloud AMI if all else has failed! It is worth testing this a few times before going into production.

Routine maintenance and emergency procedures

Routine maintenance includes essential activities such as updates to both the FileCloud application and the underlying infrastructure. Applying these updates is vital for addressing vulnerabilities and ensuring that systems are equipped with the latest features and improvements. Planning for downtime during these updates should also be communicated to users.

In terms of emergency maintenance, having a recovery plan that details steps to restore functionality is critical. This could involve switching over to a backup instance in the event of an outage or service disruption, ensuring continuity of operations. Regularly reviewing this plan will help ensure its effectiveness and readiness during actual emergencies.

Reference materials for further exploration

Utilising all available resources for further information is key to optimising user experience with FileCloud. Several resources are available for setup assistance, such as the FileCloud Site Setup Guide and FileCloud End User Guide, which provide comprehensive approaches to installation and user management.

Conclusion

In summary, deploying FileCloud on AWS would be a strategic decision for an organisation enabling enhanced file management and collaboration underpinned by strong governance and security protocols. there are some key takeaways:

By leveraging AWS's robust infrastructure, organisations can tailor their deployment according to specific file sharing and collaboration needs while ensuring alignment with compliance mandates.
A proactive approach toward security and operational management would allow for improved efficiency while safeguarding sensitive data.
Engaging with support material and community resources is necessary to bolster user knowledge and application of FileCloud capabilities.
Organisations interested in leveraging FileCloud on AWS should commence by reviewing their requirements and utilising the available resources to facilitate a seamless deployment process.
Deployment of FileCloud is moderately difficult.
Deploying it on AWS is made more difficult because the vendor provided AMI's are complex and require quite large EC2 instance types.
The software really doesn't function effectively on the free tier eligible AWS EC2 instance types, but it can be made to work for demonstrations of proof of concept.
The documenation for using FileCloud on AWS is limited.

For further reading and guidance on implementing FileCloud effectively, consult the documentation and AWS resources to ensure a robust, reliable tailored deployment that meets your business needs.

Notable issues

Discovering the FileCloud Admin URL

The FileCloud documentation is not really aimed at the AWS AMI user and the admin URL in the documentation is wrong for AWS. This can cause new users to assume the server is not responsive. Tied to the time it takes for the service to become available it can appear that the AMI doesn't work, when in fact it does, it just takes its own sweet time to come up to readiness and can be hard to get into.

Encrypted PHP app

The publishers have encrypted their PHP code using SourceGuardian. I'm not a big fan of this, but this is proprietary software and not open source software so here we are. In order to use it, you'll need use the supplied machine images or ensure that your Apache Server is set to use PHP 8.2 and that it loads the SourceGuardian extension.

Details: Last Updated: 07 May 2025

Amazon Web Services (AWS): A Cloud Computing Solution

Log in