File Browser on Ubuntu 24.04 on Azure User Guide
Overview
File Browser is a popular open source, self hosted web file manager. From an ordinary browser you can browse, upload, download, edit, preview and share the files in a directory through a clean, fast web interface, with no desktop client to install. It is a lightweight alternative to hosted file managers that you run entirely inside your own network. The cloudimg image serves File Browser 2.63.14 behind an nginx reverse proxy on a hardened, fully patched Ubuntu 24.04 LTS base. The File Browser server is a single self contained Go binary that also embeds its own SQLite datastore, so there is no separate database or runtime interpreter to manage. The server listens only on the loopback interface (127.0.0.1:8080) and nginx serves it on port 80. A unique administrator password is generated on the first boot of every VM and written to a root only file, so no shared or default login ever ships in the image. Backed by 24/7 cloudimg support.
What is included:
- File Browser 2.63.14 served behind nginx, managed by systemd
- The File Browser web interface on
:80with JSON authentication required from the first request - A per VM administrator password generated on first boot and recorded in a root only file
- A fresh per instance session signing key, recreated with the database on first boot, so sessions cannot be forged across deployments
- The File Browser server bound to
127.0.0.1:8080only, never exposed directly to the network - A dedicated Azure data disk at
/var/lib/filebrowserfor the SQLite database and the browsed files filebrowser.serviceandnginx.serviceas enabled systemd units- An open
/healthendpoint for Azure Load Balancer health probes - 24/7 cloudimg support
Prerequisites
An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for heavier concurrent transfer loads. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web interface. File Browser serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The File Browser server is never exposed directly: it listens on 127.0.0.1:8080 only, so port 8080 stays off the network.
Step 1 - Deploy from the Azure Marketplace
Sign in to the Azure Portal, choose Create a resource, search the Marketplace for File Browser by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group <your-rg> \
--name file-browser \
--image <marketplace-image-urn> \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
Then open port 80 to the web interface:
az vm open-port --resource-group <your-rg> --name file-browser --port 80
Step 3 - Confirm the services are running
SSH in as azureuser and confirm File Browser and nginx are active. Note that the File Browser server listens only on 127.0.0.1:8080 while nginx serves the web interface on port 80.
systemctl is-active filebrowser nginx filebrowser-firstboot
ss -tlnp | grep -E ':80 |:8080 ' | sed 's/ */ /g'

Step 4 - Retrieve the per VM administrator password
Every VM generates its own administrator password on first boot and writes it, along with the login user and URL, to a root only credentials file. Read it with sudo:
sudo cat /root/filebrowser-credentials.txt

You sign in to File Browser with username admin and the filebrowser.admin.pass value from this file. You can prove the login works from the command line by requesting an API token with those credentials:
PASS=$(sudo grep '^filebrowser.admin.pass=' /root/filebrowser-credentials.txt | cut -d= -f2-); curl -s -o /dev/null -w 'login HTTP %{http_code}\n' -m 20 -H 'Content-Type: application/json' -d "{\"username\":\"admin\",\"password\":\"$PASS\"}" http://127.0.0.1/api/login
Step 5 - Sign in to File Browser
Browse to http://<vm-public-ip>/. File Browser opens on its sign in screen. Enter username admin and the password from Step 4.

Once signed in you land on the file listing for the browsed files root. From here you can navigate folders, preview files, and use the toolbar to upload, create, rename, move and download items.

Step 6 - Upload, download and share files
Use the upload button in the toolbar to add files or whole folders by drag and drop. Select any item to preview it, download it, or generate a share link that lets an external collaborator download that specific file without an account. The files you manage all live under the browsed files root on the dedicated data disk.
sudo ls -la /var/lib/filebrowser/files | head
Step 7 - Add scoped user accounts
Open Settings then User Management to create additional accounts. Each user can be given its own scope (a subdirectory they are limited to) and a permission set, so teams can share one instance while keeping their directories isolated.

Step 8 - Verify the stack
Confirm the File Browser version, that the services are enabled, and the health endpoint that Azure Load Balancer probes:
/usr/local/bin/filebrowser version | head -1
systemctl is-enabled filebrowser nginx
curl -sI http://127.0.0.1/health | head -1

Step 9 - Where your data lives
The SQLite database and the browsed files both live on a dedicated Azure data disk mounted at /var/lib/filebrowser, separate from the OS disk. This disk is captured into the image and re provisioned on every VM. Confirm the mount and the filesystem:
df -h /var/lib/filebrowser | tail -1
findmnt -no SOURCE,TARGET,FSTYPE /var/lib/filebrowser
Security notes
- File Browser serves plain HTTP on port 80. For production, put it behind your own TLS terminating reverse proxy or an Azure Application Gateway with a certificate for your domain, and restrict port 80 in the NSG to trusted networks.
- The File Browser server listens on
127.0.0.1:8080only and is never exposed directly; only nginx on port 80 faces the network. - Authentication is required from the first request. The per VM administrator password lives in
/root/filebrowser-credentials.txt, readable only by root. Sign in and change it from Settings if you wish, and keep a copy somewhere safe. - Create scoped, least privilege user accounts for team members rather than sharing the administrator login.
- Keep the VM patched. The image ships fully patched with unattended security upgrades enabled.
Support
cloudimg images come with 24/7 support. If you have any questions about this File Browser image or need help with your deployment, contact us through the cloudimg website.