Storage Azure

Sharry 1.16 Secure File Sharing on Ubuntu 24.04 on Azure User Guide

| Product: Sharry 1.16 Secure File Sharing on Ubuntu 24.04 LTS on Azure

Overview

This guide covers the deployment and configuration of Sharry 1.16 Secure File Sharing on Ubuntu 24.04 on Azure using cloudimg Azure Marketplace images. Sharry is a self hosted file sharing application: you sign in, upload one or many files, and share them through public links that can be password protected and time limited. You can also request files from other people by sending them an upload link, so recipients send data to you without needing an account. Sharry is a Scala and JVM application and is released under the GNU General Public License v3.0.

The image installs the official Sharry rest server distribution (version 1.16.0 at build time) to /opt/sharry, running under OpenJDK 21. The Sharry HTTP listener is bound to loopback only and fronted by nginx on port 80, so the only public surface is a single standard HTTP port. Sharry stores its data in PostgreSQL with file blobs on the filesystem, both on a dedicated Azure data disk mounted at /var/lib/sharry, independent of the OS disk. At first boot, sharry-firstboot.service generates a unique per VM admin password (there is no default login baked into the image), rotates the token signing secret and database password, starts the server, proves an authenticated round trip, and writes the admin password to /root/sharry-credentials.txt (mode 0600, root only).

What is included:

  • Sharry 1.16 rest server (full distribution and web UI) from the official GitHub release, pinned and sha256 verified

  • OpenJDK 21 JRE headless (Sharry requires Java 17 or newer)

  • PostgreSQL 16, with its cluster relocated onto the dedicated data disk

  • sharry.service systemd unit running the server as the unprivileged sharry user

  • sharry-firstboot.service systemd oneshot that generates the per VM admin password, rotates the token secret and database password, starts the server and writes /root/sharry-credentials.txt

  • nginx on port 80 reverse proxying to the loopback bound Sharry HTTP listener, with an unauthenticated /healthz for load balancer probes

  • Sharry web UI, the file sharing workbench, reachable at http://<vm-ip>/

  • PostgreSQL data and uploaded file blobs on a dedicated 30 GiB data disk mounted at /var/lib/sharry, captured into the image so every VM is provisioned with it

  • Ubuntu 24.04 LTS base with the latest security patches

  • Azure Linux Agent for seamless cloud integration and SSH key injection

  • 24/7 cloudimg support with guaranteed 24 hour response SLA

Prerequisites

  • An active Azure subscription, SSH public key, VNet plus subnet in the target region

  • A subscription to the Sharry 1.16 on Ubuntu 24.04 listing on Azure Marketplace

Recommended virtual machine size: Standard_B2s (2 vCPU, 4 GB RAM) for evaluation and small teams. For heavier usage and larger uploads use Standard_D2s_v5 (2 vCPU, 8 GB RAM) or larger, raise the JVM heap in /etc/default/sharry, and resize the data disk to fit your file volumes.

Step 1: Deploy from the Azure Portal

Search Sharry in Marketplace, select the cloudimg publisher entry, then click Create.

NSG rules: allow TCP 22 from your management IP and TCP 80 from your client IPs. The Sharry HTTP listener is bound to loopback, so only nginx on port 80 is exposed. Do not expose port 80 to the public internet without a TLS terminating reverse proxy in front, since file shares travel over this port.

Step 2: Deploy from the Azure CLI

RG="sharry-prod"; LOCATION="eastus"; VM_NAME="sharry-01"
GALLERY_IMAGE_ID="/subscriptions/<sub-id>/resourceGroups/azure-cloudimg/providers/Microsoft.Compute/galleries/cloudimgGallery/images/sharry-ubuntu-24-04/versions/<version>"
SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
az group create --name "$RG" --location "$LOCATION"
az network vnet create -g "$RG" --name sh-vnet --address-prefix 10.80.0.0/16 --subnet-name sh-subnet --subnet-prefix 10.80.1.0/24
az network nsg create -g "$RG" --name sh-nsg
az network nsg rule create -g "$RG" --nsg-name sh-nsg --name allow-ssh --priority 100 \
  --source-address-prefixes "<your-mgmt-cidr>" --destination-port-ranges 22 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name sh-nsg --name allow-http --priority 110 \
  --source-address-prefixes "<your-client-cidr>" --destination-port-ranges 80 --access Allow --protocol Tcp
az vm create -g "$RG" --name "$VM_NAME" --image "$GALLERY_IMAGE_ID" \
  --size Standard_B2s --storage-sku StandardSSD_LRS \
  --admin-username azureuser --ssh-key-values "$SSH_KEY" \
  --vnet-name sh-vnet --subnet sh-subnet --nsg sh-nsg --public-ip-sku Standard

Step 3: Connect via SSH

ssh azureuser@<vm-ip>

sharry.service, nginx.service and postgresql.service are all started automatically once sharry-firstboot.service has generated the per VM admin password on the first boot.

Step 4: Verify the Sharry Service

sudo systemctl is-active sharry.service nginx.service postgresql.service
sudo test -f /var/lib/cloudimg/sharry-firstboot.done && echo FIRSTBOOT_DONE
sudo systemctl status sharry.service --no-pager | head -8

All three services should report active, and the first boot sentinel should be present.

Sharry, nginx and PostgreSQL services active, first boot complete, and systemctl status showing the Sharry Secure File Sharing Server running

Step 5: Inspect the Listeners

The Sharry HTTP listener is bound to 127.0.0.1:9090, PostgreSQL to 127.0.0.1:5432, and nginx serves Sharry on port 80. Nothing but nginx listens on a public interface.

sudo ss -tln | grep -E ':9090|:80 |:5432'

ss output confirming the Sharry HTTP listener on loopback 9090, PostgreSQL on loopback 5432, and nginx on port 80, with nothing bound to a public interface

Step 6: Retrieve the Admin Password

The per VM admin password is generated at first boot and stored in a root only file:

sudo cat /root/sharry-credentials.txt

You will see the admin user, the per VM password, and the endpoint URLs:

SHARRY_ADMIN_USER=admin
SHARRY_ADMIN_PASSWORD=<SHARRY_ADMIN_PASSWORD>
SHARRY_URL=http://<vm-ip>/
SHARRY_API_URL=http://<vm-ip>/api/v2/
SHARRY_LOCAL_HTTP=http://127.0.0.1:9090/
SHARRY_SIGNUP_INVITE_PASSWORD=<generated at first boot>

The per VM Sharry credentials file at /root/sharry-credentials.txt (mode 0600 root), the admin password and invite password redacted, showing the admin user and the web UI and HTTP API endpoint URLs

Step 7: Verify the REST API

Sharry exposes a full REST API. Extract the password into a shell variable, obtain an authentication token, and list your shares:

PW=$(sudo grep '^SHARRY_ADMIN_PASSWORD=' /root/sharry-credentials.txt | cut -d= -f2-)
TOKEN=$(curl -s -H 'Content-Type: application/json' -X POST http://127.0.0.1/api/v2/open/auth/login \
  -d "{\"account\":\"admin\",\"password\":\"$PW\"}" | sed -n 's/.*"token":"\([^"]*\)".*/\1/p')
curl -s -H "Sharry-Auth: $TOKEN" 'http://127.0.0.1/api/v2/sec/share/search?q='

The first call authenticates the admin account and returns a token; the second lists the shares owned by that account (an empty items array on a fresh VM until you create your first share).

Authenticated Sharry HTTP API round trip: a login POST for the admin account with the password redacted returning success, then an authenticated share listing returning the created shares

Step 8: Sign in to the Sharry Web UI

Open http://<vm-ip>/ from your workstation (assuming the NSG allows TCP 80). The sign in page asks for a username and password:

Sharry sign in page showing the Sharry logo and the username and password fields

Sign in with user admin and the per VM password from /root/sharry-credentials.txt.

Step 9: Send Files

Choose Create Share, drop files onto the upload area or use Select Files, and add an optional description that supports Markdown. The upload screen shows the queued files and their sizes:

Sharry Send files upload screen with two files queued, their sizes shown, a Submit button and a Markdown description field filled in

Press Submit to create the share and upload the files.

Step 10: Publish and Share the Link

Open a share and select the Share Link tab. Press Publish to make it publicly available, then copy the generated link or scan the QR code. Anyone with the link can download the files until the validity time or maximum view count is reached:

Sharry Share Link tab for a published share showing the public download link, a Copy Link button, a Send E-Mail button and a QR code

Step 11: Manage Your Shares

The Your Shares list shows every share you own, whether each is published, the number of files, the size and the creation time. Use it to open, edit, unpublish or delete a share:

Sharry Your Shares list showing three published shares with their names, published status, file counts, sizes and creation timestamps

Step 12: Server Components

Component Path
Server home /opt/sharry
Start script /opt/sharry/bin/sharry-restserver
Server config /etc/sharry/sharry.conf
Launcher environment /etc/default/sharry
PostgreSQL data directory /var/lib/sharry/pgdata (dedicated data disk)
Uploaded file store /var/lib/sharry/files (dedicated data disk)
Systemd unit /etc/systemd/system/sharry.service
Firstboot script /usr/local/sbin/sharry-firstboot.sh
Firstboot service /etc/systemd/system/sharry-firstboot.service
Credentials file /root/sharry-credentials.txt (mode 0600)
Firstboot sentinel /var/lib/cloudimg/sharry-firstboot.done
nginx site /etc/nginx/sites-available/cloudimg-sharry

Step 13: Managing the Sharry Service

sudo systemctl status sharry.service --no-pager | head -6
sudo journalctl -u sharry.service --no-pager | tail -5

To restart the service after a configuration change, run sudo systemctl restart sharry.service.

Step 14: Security Recommendations

  • Rotate the admin password by editing /etc/default/sharry (the -Dsharry.restserver.backend.auth.fixed.password option) and restarting the service, and store it in your secrets manager

  • Set the base URL to your real hostname in /etc/default/sharry (-Dsharry.restserver.base-url=https://files.example.com) so public share links and the sign in cookie are correct

  • Keep the HTTP listener on loopback as shipped; expose only nginx on port 80, and put TLS in front of it (Azure Application Gateway, or nginx with a real certificate)

  • Restrict the NSG so port 80 only reaches trusted client networks, never the public internet without TLS

  • Choose the signup mode in /etc/default/sharry (invite as shipped, or closed), and control who can create accounts

  • Back up the data disk at /var/lib/sharry (the PostgreSQL cluster and the uploaded files), or take Azure disk snapshots

  • Patch the OS monthly with sudo apt-get update && sudo apt-get upgrade && sudo reboot

Step 15: Support and Licensing

Sharry is licensed under the GNU General Public License v3.0. There are no per node, per CPU, or per GB fees. This image is produced by cloudimg and is not affiliated with, endorsed by, or sponsored by the Sharry project; Sharry is a trademark of its respective owner and is used here only to describe the software included in the image.

cloudimg provides commercial support for this image separately from the upstream project.

  • Email: support@cloudimg.co.uk

  • Website: www.cloudimg.co.uk

  • Support hours: 24/7 with guaranteed 24 hour response SLA

Deploy on Azure

Launch Sharry 1.16 Secure File Sharing on Ubuntu 24.04 with 24/7 support from cloudimg.

View on Marketplace

Need Help?

Our support team is available 24/7.

support@cloudimg.co.uk