[QUESTION(s)] Accessing file sharing server from different networks
Hello everyone,
I am very new to self-hosting. I just set up a file sharing server with raspberry pi and samba. Now I'm sure this is asked quite a bit but searching for it I couldn't find the answers I'm looking for most of the time or the answers are confusing.
I need to be able to access the raspberry pi from different networks than the ones it is connected to. Specifically in 2 ways:
I need to access it via ssh to manage it remotely. I know you can do this by port-forwarding port 22 but that doesn't seem safe looking at a recent post here. I heard about tailscale but I'm not sure how it works too well rn and while I am willing to learn I want to ask what other options are out there and which ones do you guys prefer usually.
I need to be able to access the files in the server while following the samba configurations I set up. For me it is fine to use the file explorer normally used with samba, especially if that works with tailscale or whatever solution for point 1, but I plan to share some directories with some close friends who are not tech savvy at all and I know the idea of typing an ip adress in the file manager every time may scare them already, let alone having to install something like tailscale or anything. So I wanted to try and make something easier to access, like a self-hosted website or a web ui (I tried the one recommended in this guide, and therefore the relevant instructions in this github page, but it wouldn't install for a bunch of problems that make no sense). Doesn't need to be anything fancy, just an address to type in the browser and it will show the files (according to the samba configs so directories not public require a log-in), download them and upload some. The main point is that it needs to be very easy for the end-user who wants to download/upload files from anywhere, ease to set up is ok but not necessary. Do you guys know any good resources for stuff like this or program I can use without having to make a website from scratch (I will do it if necessary but I'd rather avoid that)?
I would suggest using Tailscale. It’s an app that runs on your local and remote computers. You log in with your google account, get a special up address that starts with 100.x.x.x. Then you use the special IP address to connect through ssh or mount a volume through samba.
thanks but that still doesn't solve problem 2 as to my understanding it requires everyone to install it and access through my google account to access the files in the server.
Installation is fairly painless. It’s set and forget for the most part.
People don’t need to log in using your google account. Anyone with an account (can be several other types of authentication, not just google) can have access to any of your servers, you just have to share it with them.
as an alternative to tailscale, you can set up a Cloudflare Zero Trust Tunnel and create user identities for your friends so they log in using their email (one-time PIN), Google, etc. It's what I use to access my home lab from anywhere.
If there is a web service running on this server (e.g. at localhost:8080), I don't think your friends will need to install anything. You'll then create a zero trust application that maps this localhost port to a subdomain (e.g. files.example.com), make sure the application requires authentication.
In the server, you can run a web UI file sharing, like SFTPGo, exposed to that port 8080:
docker run --name some-sftpgo -p 8080:8080 -p 2022:2022 -d "docker.io/drakkan/sftpgo:latest"
Then try accessing your files.example.com by logging in.
WebDAV? Native clients baked into every desktop OS, can set it up to use usernames/passwords, doesn't need any special network setup - just runs over HTTPS