Pydio File Manager on Arch Linux

Pydio Arch Linux logo

Pydio is a file-sharing and synchronisation application that can be freely installed on multiple platforms. It requires a web server such as Apache, PHP and MySQL / MariaDB to be installed. It is similar to cloud file storage software like ownCloud but has more features in some departments and is geared more towards local network file storage.

 

Install Pydio File Manager

Install from AUR with packer.

packer -S pydio

 

Configure Pydio

Change ownership of the installation directory.

sudo chown -R root:http /usr/share/webapps/pydio

By default the ownership is set to root user and group. This prevents apache web server from accessing the files. For security reasons the directory and files contained within should be owned by root. Access to apache server should be granted via group permissions, in Arch Linux it is http user.

 

Modify installation directory and file permissions.

sudo find /usr/share/webapps/pydio -type d -exec chmod 750 '{}' \;
sudo find /usr/share/webapps/pydio -type f -exec chmod 640 '{}' \;

The first command finds and sets the permissions on only directories within the specified while the second sets it on files. Minimal permissions are set for security reasons.

 

Modify data directory and file permissions.

sudo find /usr/share/webapps/pydio/data -type d -exec chmod 770 '{}' \;
sudo find /usr/share/webapps/pydio/data -type f -exec chmod 660 '{}' \;

Slightly more permissive permissions are set on the data directory and the files within than on the rest of the installation directory.

 

Secure permissions on .htaccess files.

sudo find /var/lib/pydio -name .htaccess -exec chmod 640 '{}' \;

 

Configure Apache

Install Apache Web Server

 

Open the supplemental virtual hosts configuration file.

sudo nano /etc/httpd/conf/extra/httpd-vhosts.conf

 

Add the virtual host configuration and save the file.

<VirtualHost *:443>
    DocumentRoot "/usr/share/webapps/pydio"
    Alias "/pydio" "/usr/share/webapps/pydio"
    ServerName dominicm.com
    ServerAlias www.dominicm.com
    <Directory "/usr/share/webapps/pydio">
      Options FollowSymLinks
      AllowOverride All
      Order allow,deny
      Allow from all
      Require all granted
      Satisfy Any
    </Directory>
    ErrorLog "/var/log/httpd/pydio-error_log"
    CustomLog "/var/log/httpd/pydio-access_log" common
    SSLEngine on
    SSLCertificateFile "/etc/httpd/conf/dominicm.com.crt"
    SSLCertificateKeyFile "/etc/httpd/conf/dominicm.com.key"
</VirtualHost>

Replace port 443 with 80 and set SSLEngine to off if not using SSL/TLS. It is also advisable to add the first virtual host as default which will be used when no other host matches.

 

Enable SSL/TLS

There are a couple of options when it comes to SSL certificates. Self-signed certificates can be generated with no external entities however it has significant drawbacks. Firstly self-signed certificates will always generate browser warnings which can be annoying to the admin and confusing to other users. Another option is to obtain it from a Certificate Authority such as Let’s Encrypt. This is the recommended option and can be setup with a domain you own or a sub-domain received free from a DDNS provider for example.

 

Open apache configuration file.

sudo nano /etc/httpd/conf/httpd.conf

 

Uncomment or add the following lines.

Listen 443
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-vhosts.conf

First 3 lines can be omitted when not using SSL.

 

Optionally add directives to redirect all HTTP requests to HTTPS.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This can also be done for individual domains with directives for virtual hosts.

 

Create a file and copy the certificate.

sudo nano /etc/httpd/conf/domain.com.crt

 

Create a file and copy the certificate key.

sudo nano /etc/httpd/conf/domain.com.key

 

Test the configuration for syntax errors.

apachectl configtest

 

Restart the server to apply the changes.

sudo systemctl restart httpd

 

Configure PHP

Install PHP

 

Open the PHP configuration file.

sudo nano /etc/php/php.ini

 

Enable various required and recommended extensions by uncommenting the lines below.

extension=exif.so
extension=gd.so
extension=mcrypt.so
extension=iconv.so
extension=mysqli.so
zend_extension=opcache.so
extension=intl.so
extension=zip.so

In php.ini configuration file the comment is marked by ; instead of the more common #. Most commonly used MySQL extension is mysqli.so while mysql.so is depreciated and should be left commented out.

 

Uncomment, modify or add file upload and other parameters as below.

file_uploads = On
post_max_size = 20G
upload_max_filesize = 20G
max_file_uploads = 20000
output_buffering = off

It can be useful to allow large uploads such as 20G in case it’s needed later. For performance improvement output_buffering is set to off.

 

Setup MySQL / MariaDB Database

Install MySQL / MariaDB before proceeding to setting up the database and user from the command line. An alternative to using command line is to install phpMyAdmin to administer MySQL / MariaDB databases from a web interface.

 

Invoke the command line tool.

sudo mysql -u root -p

The username is specified with -u option follower by the username which is root by default. The password is specified with the -p option followed by the password without a space in between or the password can be omitted in which case MariaDB will prompt for one.

Create a new database.

CREATE DATABASE pydio;

 

Create a new user with a password.

CREATE USER pydio@localhost IDENTIFIED BY '**************';

 

Grant the user permissions to the database.

GRANT ALL ON pydio.* TO pydio@localhost;

 

Apply the new permissions.

FLUSH PRIVILEGES;

 

Exit the database command line tool.

exit

 

Use Pydio

Access Pydio on the IP address Apache server is running on for example 192.168.100/pydio or via the domain name set in the virtual host directive. Login via the web interface with administrator credentials set previously.

dom