Cloudreve on Ubuntu 24.04 on Azure User Guide
Overview
Cloudreve is a popular open source, self hosted cloud storage and file sharing platform, a personal cloud drive you run entirely inside your own network. From an ordinary browser you can upload, organise, preview and share files through a clean web interface, with multi user accounts, secure public share links and pluggable storage backends. The cloudimg image serves Cloudreve 4.18.0 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The Cloudreve server is a single self contained Go binary that also embeds its own SQLite datastore, so there is no separate database or runtime interpreter to manage. The server listens only on the loopback interface (127.0.0.1:5212) and nginx serves it on port 80. Cloudreve has no default account: the first account you register on a fresh VM automatically becomes the administrator, and the cloudimg image drives that registration on first boot with a unique per VM administrator password written to a root only file, so no shared or default login ever ships in the image. Backed by 24/7 cloudimg support.
What is included:
- Cloudreve 4.18.0 served behind nginx, managed by systemd
- The Cloudreve web interface on
:80, with the first registered account elevated to administrator - A per VM administrator account generated on first boot and recorded in a root only file
- A fresh per instance session signing secret, generated with the configuration on first boot, so sessions cannot be forged across deployments
- The Cloudreve server bound to
127.0.0.1:5212only, never exposed directly to the network - A dedicated Azure data disk at
/var/lib/cloudrevefor the configuration, the SQLite database and every uploaded file cloudreve.serviceandnginx.serviceas enabled systemd units- An open
/api/v4/site/pingendpoint for Azure Load Balancer health probes - 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for heavier concurrent transfer loads. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web interface. Cloudreve serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The Cloudreve server is never exposed directly: it listens on 127.0.0.1:5212 only, so port 5212 stays off the network.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Cloudreve by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name cloudreve \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Then open port 80 to the web interface:
az vm open-port --resource-group <your-rg> --name cloudreve --port 80
Step 3 - Confirm the services are running
SSH in as azureuser and confirm Cloudreve and nginx are active. Note that the Cloudreve server listens only on 127.0.0.1:5212 while nginx serves the web interface on port 80.
systemctl is-active cloudreve nginx cloudreve-firstboot
ss -tlnp | grep -E ':80 |:5212 ' | awk '{print $1, $4}'

Step 4 - Retrieve the per VM administrator account
Cloudreve has no built in default account. On the first boot of every VM, the cloudimg image registers a single administrator with a unique password and writes the login e mail, password and site URL to a root only credentials file. Read it with sudo:
sudo cat /root/cloudreve-credentials.txt
You sign in to Cloudreve with the cloudreve.admin.user e mail and the cloudreve.admin.pass value from this file. You can prove the login works from the command line by requesting an access token with those credentials:
EMAIL=$(sudo grep '^cloudreve.admin.user=' /root/cloudreve-credentials.txt | cut -d= -f2-); PASS=$(sudo grep '^cloudreve.admin.pass=' /root/cloudreve-credentials.txt | cut -d= -f2-); curl -s -o /dev/null -w 'login HTTP %{http_code}\n' -m 20 -H 'Content-Type: application/json' -d "{\"email\":\"$EMAIL\",\"password\":\"$PASS\"}" http://127.0.0.1/api/v4/session/token
Step 5 - Sign in to Cloudreve
Browse to http://<vm-public-ip>/. Cloudreve opens on its sign in screen. Enter the administrator e mail from Step 4, select Next, then enter the password.

Once signed in you land on My Files, your personal storage. From the left you can browse Photos, Videos, Music and Documents views, see what has been shared with you, and open the trash. The New button and drag and drop let you add content.

Step 6 - Upload files
Use the New button then Upload files, or simply drag files onto the window, to add content. Cloudreve uploads in the background and shows the progress of each file in an upload tasks panel. Everything you upload is stored under the browsed files root on the dedicated data disk.

Step 7 - Create a secure share link
Right click any file and choose Share to generate a public share link that lets an external collaborator open or download that specific file without an account. You can optionally protect the link with a password, set an automatic expiry, or expire it after a single download.

Step 8 - Verify the stack
Confirm that the services are enabled and check the health endpoint that Azure Load Balancer probes. The ping endpoint returns the running Cloudreve version:
systemctl is-enabled cloudreve nginx
curl -s http://127.0.0.1/api/v4/site/ping
The per VM credentials file is root only (0600), so its value never leaves the VM:
ls -l /root/cloudreve-credentials.txt

Step 9 - Where your data lives
The configuration, the SQLite database and every uploaded file all live on a dedicated Azure data disk mounted at /var/lib/cloudreve, separate from the OS disk. This disk is captured into the image and re provisioned on every VM. Confirm the mount and the filesystem:
df -h /var/lib/cloudreve | tail -1
findmnt -no SOURCE,TARGET,FSTYPE /var/lib/cloudreve

Security notes
- Cloudreve serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks.
- The Cloudreve server listens on
127.0.0.1:5212only and is never exposed directly; only nginx on port 80 faces the network. - Cloudreve has no default login. The first registered account becomes the administrator, and the cloudimg image registers it on first boot with a unique per VM password held in
/root/cloudreve-credentials.txt, readable only by root. Sign in and change it from your account settings if you wish, and keep a copy somewhere safe. - Create additional, least privilege user accounts for team members rather than sharing the administrator login.
- Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.
Support
cloudimg images come with 24/7 support. If you have any questions about this Cloudreve image or need help with your deployment, contact us through the cloudimg website.
Cloudreve is a trademark of its respective owners. cloudimg is not affiliated with or endorsed by the Cloudreve project; the name is used only to identify the software that runs on this image.