File Browser
  • Welcome
  • Features
  • Installation
  • Upgrade from 1.x
  • Command Line Interface
    • filebrowser
    • filebrowser cmds
    • filebrowser cmds add
    • filebrowser cmds ls
    • filebrowser cmds rm
    • filebrowser config
    • filebrowser config cat
    • filebrowser config export
    • filebrowser config import
    • filebrowser config init
    • filebrowser config set
    • filebrowser hash
    • filebrowser rules
    • filebrowser rules add
    • filebrowser rules ls
    • filebrowser rules rm
    • filebrowser upgrade
    • filebrowser users
    • filebrowser users add
    • filebrowser users export
    • filebrowser users find
    • filebrowser users import
    • filebrowser users ls
    • filebrowser users rm
    • filebrowser users update
    • filebrowser version
  • Configuration
    • Custom Branding
    • Authentication Method
    • Command Runner
  • Contributing
    • Authentication Provider
    • Translations
    • CI and Releases
    • Code of Conduct
Powered by GitBook
On this page
  • JSON Auth (default)
  • Proxy Header
  • No Authentication

Was this helpful?

  1. Configuration

Authentication Method

PreviousCustom BrandingNextCommand Runner

Last updated 3 years ago

Was this helpful?

Right now, there are three possible authentication methods. Each one of them has its own capabilities and specification. If you are interested in contributing with one more authentication method, please .

JSON Auth (default)

We call it JSON Authentication but it is just the default authentication method and the one that is provided by default if you don't make any changes. It is set by default, but if you've made changes before you can revert to using JSON auth:

filebrowser config set --auth.method=json

This method can also be extended with reCAPTCHA verification during login:

filebrowser config set --auth.method=json \
    --recaptcha.key site-key \
    --recaptcha.secret private-key

By default, we use service. If you live in China, or want to use other provider, you can change the host with the following command:

filebrowser config set --recaptcha.host https://recaptcha.net

Where https://recaptcha.net is any provider you want.

Note that you always need to set the --auth.method flag when changing authentication configurations and that it will completely overwrite your current settings.

Proxy Header

If you have a reverse proxy you want to use to login your users, you do it via our proxy authentication method. To configure this method, your proxy must send an HTTP header containing the username of the logged in user:

filebrowser config set --auth.method=proxy --auth.header=X-My-Header

Where X-My-Header is the HTTP header provided by your proxy with the username.

File Browser will blindly trust the provided header. If the proxy can be bypassed, an attacker could simply attach the header and get admin access.

No Authentication

We also provide a no authentication mechanism for users that want to use File Browser privately such in a home network. By setting this authentication method, the user with id 1 will be used as the default users. Creating more users won't have any effect.

filebrowser config set --auth.method=noauth
check the guidelines
Google's reCAPTCHA
This is a known issue.