Storage Azure

Cloudreve on Ubuntu 24.04 on Azure User Guide

| Product: Cloudreve on Ubuntu 24.04 LTS on Azure

Overview

Cloudreve is a popular open source, self hosted cloud storage and file sharing platform, a personal cloud drive you run entirely inside your own network. From an ordinary browser you can upload, organise, preview and share files through a clean web interface, with multi user accounts, secure public share links and pluggable storage backends. The cloudimg image serves Cloudreve 4.18.0 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The Cloudreve server is a single self contained Go binary that also embeds its own SQLite datastore, so there is no separate database or runtime interpreter to manage. The server listens only on the loopback interface (127.0.0.1:5212) and nginx serves it on port 80. Cloudreve has no default account: the first account you register on a fresh VM automatically becomes the administrator, and the cloudimg image drives that registration on first boot with a unique per VM administrator password written to a root only file, so no shared or default login ever ships in the image. Backed by 24/7 cloudimg support.

What is included:

  • Cloudreve 4.18.0 served behind nginx, managed by systemd
  • The Cloudreve web interface on :80, with the first registered account elevated to administrator
  • A per VM administrator account generated on first boot and recorded in a root only file
  • A fresh per instance session signing secret, generated with the configuration on first boot, so sessions cannot be forged across deployments
  • The Cloudreve server bound to 127.0.0.1:5212 only, never exposed directly to the network
  • A dedicated Azure data disk at /var/lib/cloudreve for the configuration, the SQLite database and every uploaded file
  • cloudreve.service and nginx.service as enabled systemd units
  • An open /api/v4/site/ping endpoint for Azure Load Balancer health probes
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for heavier concurrent transfer loads. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web interface. Cloudreve serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The Cloudreve server is never exposed directly: it listens on 127.0.0.1:5212 only, so port 5212 stays off the network.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Cloudreve by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name cloudreve \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

Then open port 80 to the web interface:

az vm open-port --resource-group <your-rg> --name cloudreve --port 80

Step 3 - Confirm the services are running

SSH in as azureuser and confirm Cloudreve and nginx are active. Note that the Cloudreve server listens only on 127.0.0.1:5212 while nginx serves the web interface on port 80.

systemctl is-active cloudreve nginx cloudreve-firstboot
ss -tlnp | grep -E ':80 |:5212 ' | awk '{print $1, $4}'

The cloudreve, nginx and cloudreve-firstboot services active, with nginx on port 80 and the Cloudreve server bound to loopback 127.0.0.1:5212

Step 4 - Retrieve the per VM administrator account

Cloudreve has no built in default account. On the first boot of every VM, the cloudimg image registers a single administrator with a unique password and writes the login e mail, password and site URL to a root only credentials file. Read it with sudo:

sudo cat /root/cloudreve-credentials.txt

You sign in to Cloudreve with the cloudreve.admin.user e mail and the cloudreve.admin.pass value from this file. You can prove the login works from the command line by requesting an access token with those credentials:

EMAIL=$(sudo grep '^cloudreve.admin.user=' /root/cloudreve-credentials.txt | cut -d= -f2-); PASS=$(sudo grep '^cloudreve.admin.pass=' /root/cloudreve-credentials.txt | cut -d= -f2-); curl -s -o /dev/null -w 'login HTTP %{http_code}\n' -m 20 -H 'Content-Type: application/json' -d "{\"email\":\"$EMAIL\",\"password\":\"$PASS\"}" http://127.0.0.1/api/v4/session/token

Step 5 - Sign in to Cloudreve

Browse to http://<vm-public-ip>/. Cloudreve opens on its sign in screen. Enter the administrator e mail from Step 4, select Next, then enter the password.

The Cloudreve sign in page, where the per VM administrator e mail is entered first

Once signed in you land on My Files, your personal storage. From the left you can browse Photos, Videos, Music and Documents views, see what has been shared with you, and open the trash. The New button and drag and drop let you add content.

The Cloudreve My Files view after sign in, showing uploaded files and the left navigation

Step 6 - Upload files

Use the New button then Upload files, or simply drag files onto the window, to add content. Cloudreve uploads in the background and shows the progress of each file in an upload tasks panel. Everything you upload is stored under the browsed files root on the dedicated data disk.

The Cloudreve upload tasks panel reporting three files uploaded into My Files

Step 7 - Create a secure share link

Right click any file and choose Share to generate a public share link that lets an external collaborator open or download that specific file without an account. You can optionally protect the link with a password, set an automatic expiry, or expire it after a single download.

The Cloudreve create share link dialog showing a generated share URL for a file

Step 8 - Verify the stack

Confirm that the services are enabled and check the health endpoint that Azure Load Balancer probes. The ping endpoint returns the running Cloudreve version:

systemctl is-enabled cloudreve nginx
curl -s http://127.0.0.1/api/v4/site/ping

The per VM credentials file is root only (0600), so its value never leaves the VM:

ls -l /root/cloudreve-credentials.txt

The enabled cloudreve and nginx units, the site ping endpoint returning version 4.18.0, and the root only 0600 credentials file

Step 9 - Where your data lives

The configuration, the SQLite database and every uploaded file all live on a dedicated Azure data disk mounted at /var/lib/cloudreve, separate from the OS disk. This disk is captured into the image and re provisioned on every VM. Confirm the mount and the filesystem:

df -h /var/lib/cloudreve | tail -1
findmnt -no SOURCE,TARGET,FSTYPE /var/lib/cloudreve

The dedicated Azure data disk mounted at /var/lib/cloudreve holding the configuration, the SQLite database and the uploads directory

Security notes

  • Cloudreve serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks.
  • The Cloudreve server listens on 127.0.0.1:5212 only and is never exposed directly; only nginx on port 80 faces the network.
  • Cloudreve has no default login. The first registered account becomes the administrator, and the cloudimg image registers it on first boot with a unique per VM password held in /root/cloudreve-credentials.txt, readable only by root. Sign in and change it from your account settings if you wish, and keep a copy somewhere safe.
  • Create additional, least privilege user accounts for team members rather than sharing the administrator login.
  • Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.

Support

cloudimg images come with 24/7 support. If you have any questions about this Cloudreve image or need help with your deployment, contact us through the cloudimg website.

Cloudreve is a trademark of its respective owners. cloudimg is not affiliated with or endorsed by the Cloudreve project; the name is used only to identify the software that runs on this image.