Developers Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Flexshare

A Flexshare is a flexible and secure collaboration utility which integrates three of the most common methods of accessing files or content:

  • Web (HTTP/HTTPS)
  • FTP (FTP/FTPS)
  • File Shares (Samba)

It is an extremely powerful and versatile tool that has many uses. The example below (a hypothetical engineering consulting firm Eng-123 and its client OEM-XYZ) describes a Flexshare and a typical working environment. A Flexshare might be defined on a server owned by Eng-123 after successfully bidding on an engineering project for OEM-XYZ. CAD files (engineering drawings) associated with the project's design are centrally located on the server and should be accessed only by the users included in Eng-12's engineering group. The file-sharing (Samba) Flexshare definition is used to allow restricted access to this directory from the Local Area Network (LAN) or over Virtual Private Network (VPN) tunnels in the event engineers work remotely.

By adding Flexshare's FTPS (secure FTP) access and configured to require a username/password for read-only permission, the project manager of OEM-XYZ can have access to the drawings at any time from anywhere on the Internet. The increase in productivity by allowing real-time access to the CAD drawings keeps the project on track and negates having to e-mail CAD files which are often large and not ideal for e-mail transfers.

Nearing the completion of the project, OEM-XYZ's sales/marketing team make a request to have an assortment of images created from the CAD software's rendering engine from 3D wire-frame. Flexshare's web access, set-up with unrestricted access, gives the sales team the images they need to begin pre-selling - with just a browser and a URL provided.

The above illustrates just one possible use of Flexshares. Much simpler Flexshare's can be created for every-day tasks common to any small business such as hosting and updating a website or creating user-restricted file shares.

Installation

If your system does not have this app available, you can install it via the Marketplace.

You will also need to install one or more of the following apps to enable file share functionality:

Configuration

Share Overview

When you click on the Flexshare configuration page, you will be presented with the Flexshare Overview.

The summary lists the shares you have currently defined, allowing you to quickly view which access methods are enabled in addition to overall flexshare status. You can Edit or Delete each Flexshare using the Action links in the right hand column. Of course, if no Flexshares are defined, the Action links will not be visible.

Creating a New Flexshare

To define a new Flexshare, fill out the Share Name, Description and Group fields. A Flexshare template will be created and at this point the share is disabled and no access is yet defined. The Editing a Flexshare form will be displayed, allowing you to customize the share options and enable access options.

Group

Choose the group the who has access to the flexshare

Third Party App Access

This makes the share readable by other apps

Editing a Flexshare

You can make edits/changes to any defined Flexshare at any time. A newly created Flexshare will have no access points enabled, so you will want to install and configure at least one service (Web, FTP, Filesharing) to take advantage of the share you have created.

To begin editing a Flexshare, you'll need to select which access point you want to modify.

Select the appropriate configuration and use the help sections below to guide you through each type of access point and the options that are available.

Changes will take place immediately upon clicking either the Update or Enable/Disable links for the access point you are configuring.

Windows File Share

Configuring Flexshare's File access (Samba) enables public or authorized users only (or both) to connect via file sharing in order to move files from desktop to the server and vice-versa.

Status

Indicates the current status of the File Access for a Flexshare. Note, even though the File Access point is enabled, the overall Flexshare must also be Enabled in order to work.

Permissions

The Permissions field determines what type of access group members have to files on the share.

Server URL

The Windows/CIFS Network Share URL used to access the share. This parameter is locked to the Server Name/Share Name field defined in the basic share configuration.

Recycle Bin

If you would like to add recycle (trash) bin support to the Flexshare, please enable this feature.

Currently the recycle bin grows indefintely. If you want to prune it regularly, you can add a cron.daily job to do something like “tmpwatch 30d –all -m -q /var/flexshare/shares/*/.trash/” to prune all files over 30 days old

Audit Log

Access to all files can be logged using this feature. This may be a compliance requirement in many jurisdictions.

Audit logging can slow down file transfers and produce large log files. Only enable this if you really want or need it.

FTP

Configuring Flexshare's FTP access allows authorized users to use an FTP-client to connect via File Transfer Protocol in order to upload and/or download files to the server. The FTP protocol is still a prominent service today and is particularly useful for handling large files.

One of the downsides of the FTP protocol is that it uses separate ports to control dataflow and transmit payload data which causes conflicts with firewalls (both server and client side).

For those upgrading from ClearOS 5.x, the default FTP ports for Flexshares are 21 (FTP) and 990 (FTPS). Port 2121 is now used to FTP into home directories.

Status

Indicates the current status of the FTP Access for a Flexshare. Note, even though the FTP Access point is enabled, the overall Flexshare must also be Enabled in order to work. Use the Enabled/Disabled link at the bottom of the form to toggle the status.

Permissions

Read/Write or Read Only.

Server URL

The FTP URL (or domain name) used to access the service. This parameter is locked to the Server Name field defined in the FTP Server configuration.

Group Greeting

A greeting that is displayed once when a user authenticates and has access to the FTP Flexshare.

Ports

All the following options are for information only:
FTPS Port
FTP and FTPES Port
Allow Unencrypted FTP
Passive Mode
Passive Mode From Port
Passive Mode To Port

Web

Configuring Flexshare's Web access enables anyone (or authorized users only) to use a web-browser to navigate to a website in order to view content, interact with a dynamic web page (for example - a PHP or CGI enabled online store) or download files from an index listing.

The rest of this section will describe the different settings that will modify the behavior of a Web accessible Flexshare.

Enabled

Indicates the current status of the Web Access for a Flexshare. Note, even though the Web Access point is enabled, the overall Flexshare must also be Enabled.

Server URL/Alternative Server URL

The server name (domain name) that will be used to access this Flexshare. This parameter is locked to the Server Name field defined in the Web Server configuration.

Accessibility

Accessibility allow you to restrict which interfaces incoming requests to the share are allowed from. Setting this field to LAN Only essentially makes your Flexshare accessible from your Intranet only.

Firewall Configuration | If set to All, make sure you have added the appropriate incoming firewall rule if the server is the gateway, or forwarded the appropriate port on your firewall.

Require Authentication

If enabled, a user will be prompted with a login dialog pop-up where they can enter their username/password. Before gaining access to the Flexshare, the username/password will be confirmed as a valid account on the server. In addition, the user must belong to the group that has been given access to the share.

Require SSL/HTTPS

Determines the protocol to use - HTTP or HTTPS. If you have enabled authentication, you are advised to enable this feature (use HTTPS) since users will be required to provide their username/passwords to authenticate to the server. Using HTTPS ensures this sensitive data is encrypted.

This does not force your browser to switch from port 80 to port 443. It just enables the website on port 443

Digital Certificate

You can select which certificate you'd like to use for the web site. You can choose between the ClearOS Default self-signed certificate, any Let's Encrypt certificate or any External Certificate uploaded through the Certificate Manager.

Show Index

If Show Index is enabled, browsers will display a listing of all files if there is no index page (for example, index.html, index.php etc.). This is normally only desirable if using the Flexshare as a file access service (similar to FTP). If you are running a website, this option should be disabled.

Unless support for symbolic links is required, this feature should be disabled.

Allow Server Side Includes

If you are installing a web application into your Flexshare, check to see if server side includes are required. In most circumstances, this feature is not required.

Allow [.htaccess] Override

If you are installing a web application into your Flexshare, you will likely need to enable this feature.

Enable CGI

Similar to the PHP field above, but pertaining to CGI script. CGI script, however, is isolated to the /cgi-bin sub-directory (for example, http://example.com/flexshare/sales/cgi-bin/store).

Enable PHP

Enables the execution of PHP script on the server. Any file with a .php/php4/php5 extension will be parsed by the PHP engine rather than by Apache directly.

PHP Engine

If you have the PHP Engines app installed from the Marketplace, this is where you choose the version you want for the web site.

Override Default Port

In some cases (for example, an ISP that blocks port 80), you may want to run the server on a non-standard port. In this case, enable this feature and supply a valid port for the web server.

Deleting a Flexshare

Deleting a Flexshare that is currently defined can be done from the Overview page. Click on the Delete link next to the share you wish to delete. A form will be displayed requesting you to confirm your intention to delete the share.

Deleting a Flexshare does not delete the contents, just the Flexshare definition. To delete the files manually, you'll need to delete the relevant folder from /var/flexshare/shares

Use the Disable share function instead of Delete in the event you want to remove share access temporarily but not lose all your configuration settings.

Fixing Permissions on a Flexshare after Transferring Data with Rsync, WinSCP, or SCP as 'root'

Run the following commands from command line; remember to replace '[share_name]' and '[group_name]' with the correct information.

Restore the ownership to flexshare built-in user for [share_name]:

chown -R flexshare /var/flexshare/shares/[share_name]/*

Restore the group name to [group_name] for [share_name]:

chgrp -R [group_name] /var/flexshare/shares/[share_name]/*

Restore permissions so that the group assigned has rights to all files in the [share_name]:

chmod -R g+rwx /var/flexshare/shares/[share_name]/*

Troubleshooting

Firewall

Remember to open up appropriate ports on your firewall if your intention is to allow access from outside your network.

Accessing Home Directories via FTP

If access to home directories is desired, please use port 2121 instead of the default FTP ports.

Help

content/en_us/7_ug_flexshare.txt · Last modified: 2018/06/05 01:35 by nickh

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3A7_ug_flexshare&1710828163