Amazon.co.uk Widgets
Image by d3images on Freepik
Image by d3images on Freepik

Secure File Sharing with FileCloud

FileCloud is powerful software, delivering a secure, enterprise-grade file sharing and content collaboration platform. The community edition provides an annual licence for 5 full accounts, with 10 external accounts. Community edition is self-hosted on your Windows or Linux servers or in your own account in a supported Infrastructure as a Service (IaaS) provider. For our review we installed it in Amazon EC2, using Amazon S3 for storage, as well as on a local Linux server, using local storage, and on a local virtual machine, on an Intel based Mac, running VMware Fusion, with the Filecloud provided Ubuntu 22,04 virtual machine. You need to have a good knowledge of Linux, virtual machines and web applications to get Filecloud running well. 

Why might you install Filecloud Community Edition?

There are probably more but here are five reasons why you might take the time to install FileCloud Community Edition?:

  1. Deploy a hyper-secure content collaboration platform so you can access files, photos, and videos anywhere from any device.
  2. Set up On-Premises FileCloud Community Edition Server for personal or home labs.
  3. Run on Windows 10, Linux, or any cloud VM.
  4. Gain complete data ownership and control
  5. Access files remotely through a virtual drive or offline with FileCloud’s sync app.
  6. Trusted by 1000’s of enterprises around the globe.

Why might you not install Filecloud Community Edition?

There are some issue with this software which you may not be prepared to work through as they represent a significant amount of work.

  1. The Linux virtual machine images are incomplete, and outdated. Cron is required but not an installed dependency, for example. These are basic issues which should not exist in mature software.
  2. Setting up external shared storage in a virtual machine is moderately hard, and on Amazon S3 is very hard.
  3. Let's Encrypt isn't really supported, and is painful to integrate despite it fully supporting complex Apache environments for years now.
  4. The version of Filecloud pre-built in the virtual machines is out of date.
  5. The Filecloud software does not play nicely with other virtual hosts. It expects to 'own' the lamp stack on the machine
  6. It would be difficult to install in a shared hosting environment.

Setup choices

Filecloud is flexible, but some installation choices are easier than others, and in particular, deployment on shared infrastructure is challenging and not really supported by the vendor. The software assumes you have a dedicated machine for Filecloud and that it can do as it pleases with major components which would be unlikely to be the case on a shared hosting platform. 

  • Installation choices - Virtual machine on a local server, Amazon Machine Image in AWS, Dedicated Linux server, Dedicated Windows Server
  • Storage choices - Virtual machine Disk, Virtual machine Dedicated External Drive, Dedicated Linux server, AWS S3

Functionality

Functionality only matters if the technology you choose matches your appetite for risk and meets or exceeds the requirements of your information security policy. You might consider reviewing your File Sharing choices against commin information security policy criteria and theres another article here on this site designed to help you with Evaluating secure file sharing against an information security policy framework.

Once you've satisfied yourself that Filecloud reaches the bar your organisation has set then you can think about the functionality and how best to deploy the technology.

  • Ease of use – There should be a fully featured web App, Windows, Mac desktop drive/volume level support is desirable, folder level support acceptable. iOS and Android Apps are highly desirable.
  • Functionality – Web Portal, SSL support, Custom URL, Shared Files and Folders, (password protection, public, time limited), Unlimited storage. Comprehensive email notifications. 

TL:DR: FileCloud meets the requirements of our information security policy and can be run locally on Windows or Linux or a virtual machine or in the cloud securely for example in Amazon EC2 using encrypted Amazon S3 storage. FileCloud Community Edition is good for small business needs and free to use with some limitations (five internal and ten external users) and an annual licence which is subject to change. The enterprise edition which is the same software with a licence key unlocking more functionality, has a variety of subscription tiers and hosting options and provides more advanced governance, Single Sign-On, Support for Duo or text based authentication and third party integration support for example for SalesForce. It is however, moderately difficult to set up effectively.

 FileCloud has great information security and ease of use with a free licence for the community edition

What's not in the community edition:

  • Open Source. This product is proprietary although it has underpinnings and dependencies which are open source.
  • More than Five users
  • Data Governance (including Smart DLP, Smart Classification, Retention Policies, and the Governance Dashboard)
  • Single Sign-On (SSO)
  • Content Search via OCR
  • ServerSync
  • Third-party integrations (AV, SalesForce, SIEM, etc.)
  • Text message or DUO based authentication
  • Multi-tenancy
  • Zero-trust File Sharingsm

You can trial the full product for thirty days. Despite the complexity I like it and am running the community edition in my tech lab.

Setting up FileCloud Community Edition

  1. Register at https://ce.filecloud.com/. You are signing up for a 1 year licence with 5 full user accounts, Mobile and desktop apps – Sync and Drive, and Community Support.
  2. Verify your email address with the code.
  3. Go ahead and click the button
FileCloud Community Edition Registration at https://ce.filecloud.com/
FileCloud Community Edition Registration verification at https://ce.filecloud.com/
FileCloud Portal showing Community Edition Download at https://portal.getfilecloud.com/

The Community Edition supports:

  •  Windows Server 2016, Windows Server 2019, Windows Server 2022
  •  Ubuntu Linux 22.04 with PHP 8.2
  •  Virtual Machine e.g. VMware Fusion, VirtualBox
  •  Amazon AWS Marketplace

 Ubuntu Linux 22.04, locally hosted

Installation processes vary dependent on your choices, but are well documented. Windows has an installer, Ubuntu Linux is a set of command line scripts, Virtual machines are a zipped VirtualBox or VMware image, The cloud virtual machines for AWS installs an AMI from the marketplace. Choose the one you are most familiar with, or that fits best with your technology choices.

 Encrypted PHP Requires PHP 8.2 and SourceGuardian

The publishers have encrypted their PHP code. I'm not a big fan of this, but this is proprietary software and not open source software so here we are. In order to use it, you'll need use the supplied machine images or ensure that your Apache Server is set to use PHP 8.2 and that it loads the SourceGuardian extension which should have been installed as part of the command line installation of the software if you installed it on your own supported Linux machine.

PHP Version 8.2.15 Info, showing SecureGuardian extension loaded
SourceGuardian Loader check page indicating all ok
FileCloud Community Edition initial load screen on first run

Installing the Filecloud VMware virtual machine

  • Download the VM from the link on the community edition download page and open it in your chose VM host. I'm using VMware Fusion on an 2018 Mac Mini, the last of the Intel Mac's, Filecloud requires an Intel based computer.
  • You'll want to tune your DNS on your network to resolve externally, so as to be able to get Let's Encrypt SSL working. It is helpful to make it work internally to your network too, so as to make sure you can resolve Filecloud from your Local network, as well as from the Internet. This is not exactly trivial. You'll need to point port 80 and port 443 directly to your Virtual machine. It would make sense to set up a static map for the IP address based on the MAC address of the network interface, so that the configuration and the routing via the Internet survives a reboot.
  • Install Certbot, the tool for getting a Let's Encrypt SSL certificate. Run this command on the command line on the machine to install Certbot. sudo snap install --classic certbot
  • Make sure port 80, and 443 are pointing at your server IP address from your Internet DNS provider.
  • After testing by following How to set up secure virtual hosts using Let's Encrypt with Apache2 on Ubuntu 22.04.1 LTS run sudo certbot --apache -d filecloud.yourdomainname.co.uk to get an SSL certificate
  • Edit your Apache conf file to add the Lets Encrypt SSL certificate details.
    	SSLCertificateFile /etc/letsencrypt/live/filecloud.yourdomanname.co.uk/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/filecloud.yourdomainname.co.uk/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
  • Upgrade Filecloud using the information from their support documentation upgrade-filecloud-on-linux-from-version-23-1-to-the-latest-filecloud-version
  • If you see console drm:drm_crtc_commit_wait CRTC:38 errors in your console, then you'll need to upgrade your Ubuntu Kernel to a later version of the upstream kernel than the one in the virtual machine sudo apt install linux-generic-hwe-22.04
  • Install Open VM tools sudo apt install open-vm-tools
  • Set up a shared folder sudo mkdir /mnt/shared
    sudo /usr/bin/vmhgfs-fuse .host:/ /mnt/shared -o subtype=vmhgfs-fuse,allow_other
    Add an entry to fstab to make the mount persist over a reboot.
    vmhgfs-fuse /mnt/shared fuse defaults,allow_other 0 0
  • Install cron. It is missing from this Virtual machine image, and should be a dependency of the installation. You can 'unminimize' the virtual machine image and then add a cron entry to run the cron script 10 * * * * /usr/local/bin/php -f /var/www/html/src/Scripts/cron.php

Post Installation setup

  • Verify Your Installation by running the installation verification tool at https://yourdomainname/install. Pay attention to any issues noted before continuing.
FileCloud Installation verification - Basic Checks
FileCloud Installation verification - Basic Checks
FileCloud Installation verification - Extended Checks
FileCloud Installation verification - Extended Checks

 

First system administration steps for FileCloud, security and passwords

  • Run the Admin interface by navigating to https://yourdomainname/admin
  • From the Admin interface Install the FileCloud License you created earlier
    • Firstly, change the password from the default right away, it needs to be 14 characters or more 
    • Next, set the Server URL for FileCloud to something other than localhost that is resolvable on your network
    • Enable Secure Cookie, as we only want HTTPS, and have already configured SSL certificates with Let's Encrypt. Edit set cloudconfig.php to set TONIDOCLOUD_SECURE_COOKIE to "1" to prevent login with HTTP.FileCloud will show you a list of tasks you need to complete. Work your way through them, each time you login the remaining tasks will show a notification
FileCloud Admin First Run, Choose your licence
FileCloud Admin First Run, Choose your licence
FileCloud Admin First Run, Community Edition Licenced
FileCloud Admin First Run, Community Edition Licenced
FileCloud Admin First Run, Community Edition Admin Password Changed!
FileCloud Admin First Run, Community Edition Admin Password Changed!

Email Settings for FileCloud 

Now on to email. Unfortunately this is extraordinarily complicated. I use Google Workspace. Google workspace is soon to disallow 'less secure' apps to login and send email. "Starting in Fall of 2024, less secure apps, third-party apps, or devices that have you sign in with only your username and password will no longer be supported for Google Workspace accounts." For now however, you can ignore all the ludicrous complexity of setting up XOAUTH2 apps and set up a dedicated Google Workspace Gmail account, providing it with an App Password. This is by far the easiest way to get FileCloud email working.

  • Set up a Google Workspace Gmail account for a new user 
  • Sign in to it at least once in a web browser to accept the terms of use.
  • Make sure your Google Workspace is set to allow Less Secure Apps in Gmail Settings for your organisation
  • Go to https://myaccount.google.com/apppasswords with your new Google Workspace Gmail Account
  • Create an App Password for your FileCloud Server
  • Go to FileCloud Admin and set the Email From Address to your new email address
  • Set Email From Name to something sensible
  • Set 
  • Set 
  • Check "The admin Reply To name and email set above will be used for all communications including user shares"
  • Select 
  • Enter 
  • Enter 
  • Check 
  • Set SMTP connection auth type to basic
  • Set SMTP auth user name to your new email address
  • Set the password to your newly created App Password
  • Save
  • Test your settings - you should get an email in yout new Google Worlspace Gmail Account

 Share Team Folders

Each folder or file has extensive individual permissions in Team Folders.

Filecloud Invite users to a team folder
Filecloud Invite users to a team folder
Filecloud Team Folder User permissions and sharing options
Filecloud Team Folder User permissions and sharing options

Setting up your users

Filecloud has three different user Access levels, Full (a licenced account with storage), Guest (a licenced account with no storage) and External (a free account with no storage).

Filecloud User Admin - Create a user
Filecloud User Admin - Create a user
Filecloud User Admin - Add user
Filecloud User Admin - Add user

I've set up two full access users and an external user. Optionally you can choose to send the user an account creation confirmation email.

Filecloud User Admin - Manage users
Filecloud User Admin - Manage users
Filecloud Account confirmation email
Filecloud Account confirmation email

FileCloud apps

Filecloud has great mobile app support which works fine with the community edition so go ahead and download the apps from your app store.

Filecloud mobile app for iOS - Navigation Drawer
Filecloud mobile app for iOS - Navigation Drawer
Filecloud mobile app for iOS - Team Folder
Filecloud mobile app for iOS - Team Folder
Filecloud mobile app for iOS - File Viewer
Filecloud mobile app for iOS - File Viewer
Filecloud mobile app for Android - Navigation Drawer
Filecloud mobile app for Android - Navigation Drawer
Filecloud mobile app for Android - Team Folder
Filecloud mobile app for Android - Team Folder
Filecloud mobile app for Android - File viewer
Filecloud mobile app for Android - File viewer

See also


https://www.filecloud.com/supportdocs/fcdoc/latest/server/filecloud-community-edition/filecloud-community-edition-registration-and-installation