Sharry 1.16 Secure File Sharing on Ubuntu 24.04 on Azure User Guide
Overview
This guide covers the deployment and configuration of Sharry 1.16 Secure File Sharing on Ubuntu 24.04 on Azure using cloudimg Azure Marketplace images. Sharry is a self hosted file sharing application: you sign in, upload one or many files, and share them through public links that can be password protected and time limited. You can also request files from other people by sending them an upload link, so recipients send data to you without needing an account. Sharry is a Scala and JVM application and is released under the GNU General Public License v3.0.
The image installs the official Sharry rest server distribution (version 1.16.0 at build time) to /opt/sharry, running under OpenJDK 21. The Sharry HTTP listener is bound to loopback only and fronted by nginx on port 80, so the only public surface is a single standard HTTP port. Sharry stores its data in PostgreSQL with file blobs on the filesystem, both on a dedicated Azure data disk mounted at /var/lib/sharry, independent of the OS disk. At first boot, sharry-firstboot.service generates a unique per VM admin password (there is no default login baked into the image), rotates the token signing secret and database password, starts the server, proves an authenticated round trip, and writes the admin password to /root/sharry-credentials.txt (mode 0600, root only).
What is included:
-
Sharry 1.16 rest server (full distribution and web UI) from the official GitHub release, pinned and sha256 verified
-
OpenJDK 21 JRE headless (Sharry requires Java 17 or newer)
-
PostgreSQL 16, with its cluster relocated onto the dedicated data disk
-
sharry.servicesystemd unit running the server as the unprivilegedsharryuser -
sharry-firstboot.servicesystemd oneshot that generates the per VM admin password, rotates the token secret and database password, starts the server and writes/root/sharry-credentials.txt -
nginx on port 80 reverse proxying to the loopback bound Sharry HTTP listener, with an unauthenticated
/healthzfor load balancer probes -
Sharry web UI, the file sharing workbench, reachable at
http://<vm-ip>/ -
PostgreSQL data and uploaded file blobs on a dedicated 30 GiB data disk mounted at
/var/lib/sharry, captured into the image so every VM is provisioned with it -
Ubuntu 24.04 LTS base with the latest security patches
-
Azure Linux Agent for seamless cloud integration and SSH key injection
-
24/7 cloudimg support with guaranteed 24 hour response SLA
Prerequisites
-
An active Azure subscription, SSH public key, VNet plus subnet in the target region
-
A subscription to the Sharry 1.16 on Ubuntu 24.04 listing on Azure Marketplace
Recommended virtual machine size: Standard_B2s (2 vCPU, 4 GB RAM) for evaluation and small teams. For heavier usage and larger uploads use Standard_D2s_v5 (2 vCPU, 8 GB RAM) or larger, raise the JVM heap in /etc/default/sharry, and resize the data disk to fit your file volumes.
Step 1: Deploy from the Azure Portal
Search Sharry in Marketplace, select the cloudimg publisher entry, then click Create.
NSG rules: allow TCP 22 from your management IP and TCP 80 from your client IPs. The Sharry HTTP listener is bound to loopback, so only nginx on port 80 is exposed. Do not expose port 80 to the public internet without a TLS terminating reverse proxy in front, since file shares travel over this port.
Step 2: Deploy from the Azure CLI
RG="sharry-prod"; LOCATION="eastus"; VM_NAME="sharry-01"
GALLERY_IMAGE_ID="/subscriptions/<sub-id>/resourceGroups/azure-cloudimg/providers/Microsoft.Compute/galleries/cloudimgGallery/images/sharry-ubuntu-24-04/versions/<version>"
SSH_KEY="$(cat ~/.ssh/id_rsa.pub)"
az group create --name "$RG" --location "$LOCATION"
az network vnet create -g "$RG" --name sh-vnet --address-prefix 10.80.0.0/16 --subnet-name sh-subnet --subnet-prefix 10.80.1.0/24
az network nsg create -g "$RG" --name sh-nsg
az network nsg rule create -g "$RG" --nsg-name sh-nsg --name allow-ssh --priority 100 \
--source-address-prefixes "<your-mgmt-cidr>" --destination-port-ranges 22 --access Allow --protocol Tcp
az network nsg rule create -g "$RG" --nsg-name sh-nsg --name allow-http --priority 110 \
--source-address-prefixes "<your-client-cidr>" --destination-port-ranges 80 --access Allow --protocol Tcp
az vm create -g "$RG" --name "$VM_NAME" --image "$GALLERY_IMAGE_ID" \
--size Standard_B2s --storage-sku StandardSSD_LRS \
--admin-username azureuser --ssh-key-values "$SSH_KEY" \
--vnet-name sh-vnet --subnet sh-subnet --nsg sh-nsg --public-ip-sku Standard
Step 3: Connect via SSH
ssh azureuser@<vm-ip>
sharry.service, nginx.service and postgresql.service are all started automatically once sharry-firstboot.service has generated the per VM admin password on the first boot.
Step 4: Verify the Sharry Service
sudo systemctl is-active sharry.service nginx.service postgresql.service
sudo test -f /var/lib/cloudimg/sharry-firstboot.done && echo FIRSTBOOT_DONE
sudo systemctl status sharry.service --no-pager | head -8
All three services should report active, and the first boot sentinel should be present.

Step 5: Inspect the Listeners
The Sharry HTTP listener is bound to 127.0.0.1:9090, PostgreSQL to 127.0.0.1:5432, and nginx serves Sharry on port 80. Nothing but nginx listens on a public interface.
sudo ss -tln | grep -E ':9090|:80 |:5432'

Step 6: Retrieve the Admin Password
The per VM admin password is generated at first boot and stored in a root only file:
sudo cat /root/sharry-credentials.txt
You will see the admin user, the per VM password, and the endpoint URLs:
SHARRY_ADMIN_USER=admin
SHARRY_ADMIN_PASSWORD=<SHARRY_ADMIN_PASSWORD>
SHARRY_URL=http://<vm-ip>/
SHARRY_API_URL=http://<vm-ip>/api/v2/
SHARRY_LOCAL_HTTP=http://127.0.0.1:9090/
SHARRY_SIGNUP_INVITE_PASSWORD=<generated at first boot>

Step 7: Verify the REST API
Sharry exposes a full REST API. Extract the password into a shell variable, obtain an authentication token, and list your shares:
PW=$(sudo grep '^SHARRY_ADMIN_PASSWORD=' /root/sharry-credentials.txt | cut -d= -f2-)
TOKEN=$(curl -s -H 'Content-Type: application/json' -X POST http://127.0.0.1/api/v2/open/auth/login \
-d "{\"account\":\"admin\",\"password\":\"$PW\"}" | sed -n 's/.*"token":"\([^"]*\)".*/\1/p')
curl -s -H "Sharry-Auth: $TOKEN" 'http://127.0.0.1/api/v2/sec/share/search?q='
The first call authenticates the admin account and returns a token; the second lists the shares owned by that account (an empty items array on a fresh VM until you create your first share).

Step 8: Sign in to the Sharry Web UI
Open http://<vm-ip>/ from your workstation (assuming the NSG allows TCP 80). The sign in page asks for a username and password:

Sign in with user admin and the per VM password from /root/sharry-credentials.txt.
Step 9: Send Files
Choose Create Share, drop files onto the upload area or use Select Files, and add an optional description that supports Markdown. The upload screen shows the queued files and their sizes:

Press Submit to create the share and upload the files.
Step 10: Publish and Share the Link
Open a share and select the Share Link tab. Press Publish to make it publicly available, then copy the generated link or scan the QR code. Anyone with the link can download the files until the validity time or maximum view count is reached:

Step 11: Manage Your Shares
The Your Shares list shows every share you own, whether each is published, the number of files, the size and the creation time. Use it to open, edit, unpublish or delete a share:

Step 12: Server Components
| Component | Path |
|---|---|
| Server home | /opt/sharry |
| Start script | /opt/sharry/bin/sharry-restserver |
| Server config | /etc/sharry/sharry.conf |
| Launcher environment | /etc/default/sharry |
| PostgreSQL data directory | /var/lib/sharry/pgdata (dedicated data disk) |
| Uploaded file store | /var/lib/sharry/files (dedicated data disk) |
| Systemd unit | /etc/systemd/system/sharry.service |
| Firstboot script | /usr/local/sbin/sharry-firstboot.sh |
| Firstboot service | /etc/systemd/system/sharry-firstboot.service |
| Credentials file | /root/sharry-credentials.txt (mode 0600) |
| Firstboot sentinel | /var/lib/cloudimg/sharry-firstboot.done |
| nginx site | /etc/nginx/sites-available/cloudimg-sharry |
Step 13: Managing the Sharry Service
sudo systemctl status sharry.service --no-pager | head -6
sudo journalctl -u sharry.service --no-pager | tail -5
To restart the service after a configuration change, run sudo systemctl restart sharry.service.
Step 14: Security Recommendations
-
Rotate the admin password by editing
/etc/default/sharry(the-Dsharry.restserver.backend.auth.fixed.passwordoption) and restarting the service, and store it in your secrets manager -
Set the base URL to your real hostname in
/etc/default/sharry(-Dsharry.restserver.base-url=https://files.example.com) so public share links and the sign in cookie are correct -
Keep the HTTP listener on loopback as shipped; expose only nginx on port 80, and put TLS in front of it (Azure Application Gateway, or nginx with a real certificate)
-
Restrict the NSG so port 80 only reaches trusted client networks, never the public internet without TLS
-
Choose the signup mode in
/etc/default/sharry(inviteas shipped, orclosed), and control who can create accounts -
Back up the data disk at
/var/lib/sharry(the PostgreSQL cluster and the uploaded files), or take Azure disk snapshots -
Patch the OS monthly with
sudo apt-get update && sudo apt-get upgrade && sudo reboot
Step 15: Support and Licensing
Sharry is licensed under the GNU General Public License v3.0. There are no per node, per CPU, or per GB fees. This image is produced by cloudimg and is not affiliated with, endorsed by, or sponsored by the Sharry project; Sharry is a trademark of its respective owner and is used here only to describe the software included in the image.
cloudimg provides commercial support for this image separately from the upstream project.
-
Email: support@cloudimg.co.uk
-
Website: www.cloudimg.co.uk
-
Support hours: 24/7 with guaranteed 24 hour response SLA
Deploy on Azure
Launch Sharry 1.16 Secure File Sharing on Ubuntu 24.04 with 24/7 support from cloudimg.
View on Marketplace
Need Help?
Our support team is available 24/7.
support@cloudimg.co.uk