Sharing files from default web server

Discussion in 'Tomato Firmware' started by Bunsen, Jun 6, 2018.

Tags:
  1. Bunsen

    Bunsen Network Newbie Member

    I'm trying to make it easy for some of the less tech savvy folks on my network to download files shared locally.

    I'm also trying to make it easy for myself....

    The default web server in tomato has a "user" folder available here: /tmp/var/wwwext
    Its accessible by the local addr: http(s)://192.168.1.1/user

    I can share text, html, and jpg files without an issue - but i can't get PDF files to open/download.
    Anyone know why?
     
  2. koitsu

    koitsu Network Guru Member

    Because the Tomato web server is not a general-purpose web server like nginx, Apache, lighttpd, or thttpd. It does not have "generic" MIME type support, it's intended for serving very specific documents. Many file types/formats require very specific HTTP headers for them to work how you've come to expect.

    If you need a general-purpose webserver, you will need to run one yourself using Entware, and set it up + configure it yourself. The Tomato GUI has no involvement with this.

    My general recommendation is to not use Tomato's webserver for file serving. The webserver was not designed/coded with this in mind. It was designed/coded specifically for driving the web GUI used as an administrative interface for router-specific functions.

    Consider use of CIFS/SMB (there is no HTTP integration with this, obviously), or better yet, a dedicated system/box of some sort on your network. A low-end Intel NUC running a Linux distro of your choice, or FreeBSD etc., would work just fine.
     
  3. Bunsen

    Bunsen Network Newbie Member

    Thanks for the suggestions.
    I was avoiding the CIFS option because I didn't want to require them to know how to map drives, and remember passwords.
    I was definitely wanted to avoid throwing up another box.. I'll try out the nginx server on Tomato first though.

    I'm considering just using an AWS S3 bucket.. maybe after I'm comfortable that I understand the security.
    Thanks again
     
  4. koitsu

    koitsu Network Guru Member

    I'm not sure what's hard to remember about mapping drives. On Windows, it's as easy as any of these commands, depending on how you set things up in CIFS/SMB . This is the command-line way; the GUI way under Windows Explorer is equally as simple (Computer -> Map Network Drive -> etc.).

    Without authentication:
    Code:
    NET USE Z: \\TOMATOROUTERNAME\SHARE /PERSISTENT:YES
    
    With authentication:
    Code:
    NET USE Z: /USER:USERNAME:PASSWORD \\TOMATOROUTERNAME\SHARE /SAVECRED /PERSISTENT:YES
    
    These are one-time things. There should be no user effort needed past that point. The drive letter will re-map when they log in to their machine. If you reboot the router, or they suspend/resume their laptops, there is a possibility the drive mapping will show up with a red "X" on it, but clicking on it will resume the connection (assuming router is available).

    OS X is just as easy.

    The problem with CIFS/SMB is that if they're on laptops that roam (going between home/work), they will find that their laptop may "stall" on logging in since it tries to access a CIFS/SMB share that's inaccessible. Windows is notoriously rude about this.

    Things to remember about running nginx on Tomato:

    1. You will get no support here on the forum for it. It's part of Entware. If you encounter problems with the software, you'll need to talk to the Entware folks,
    2. There is no GUI integration for it, because it's unrelated to Tomato. As such, you will need to configure it by hand, i.e. get familiar with editing text files with vi etc. on Tomato. Busybox vi is... questionable... at times, but Entware offers other things like vim, nano, etc.,
    3. You will need to figure out how to start nginx yourself using rc.unslung and friends, particularly on router reboot. This is probably one of the biggest sources of contention there is, mainly because the people using it tend to not be UNIX sysadmins and don't understand how to do it, combined with lack of knowledge of how to do things on Tomato like wait for a USB filesystem to mount + execute commands only after it's mounted (vs. silly things like "sleep 30" in Scripts -> Init, which are unreliable). The proper way to do it is via a TomatoUSB autorun script, and an associated autostop script when shutting things down,
    4. Tomato (and consumer-grade routers in general) is not "generally" well-suited for running servers of this nature -- routers have very limited RAM and CPU resources. Tomato is intended for two purposes: 1) routing packets, 2) doing NAT. Do not expect high speed I/O performance. I also strongly suggest setting up some swap (see link in #3), just in case memory contention becomes an issue.

    If going this route, make sure whatever medium you're using for /opt (ex. USB flash drive, etc.) is an ext2 or ext3 filesystem, not NTFS. It's the only way to ensure proper UNIX user/group and file permissions. I can't stress this enough. "Weird problems" tend to crop up if using NTFS. Don't use it.

    If you're considering alternate solutions, consider Google Drive, Dropbox, or OneDrive (I haven't used the latter) as well. Dropbox provides fairly a fairly granular level of access control over folders and documents; Google Drive does as well, but there are caveats/gotchas that sometimes surprise people, esp. in a workplace environment (often requiring things like making the entire drive itself viewable to the entire company, then locking down access on a per-folder basis, vs. the opposite model). I've had success with both Google Drive and Dropbox.

    S3 is also fine, but I cannot stress the importance of security. Insecure S3 buckets are a humongous problem, and have been the source of many breaches in recent years -- enough that Amazon has repeatedly sent all customers Emails insisting they review their S3 bucket permissions. You will need to get familiar with IAM (specifically policies, users, and roles). So if you use S3, make sure you fully test access control, and make sure your stuff isn't publicly-accessible. A good way to test this is to use a browser (or Chrome Incognito tab/window) hat has no associated AWS/IAM data with it.

    Good luck with whatever approach you go with.
     
  5. AndreDVJ

    AndreDVJ LI Guru Member

    I integrated h5ai in my repo. It works well:

    upload_2018-6-6_13-20-28.png
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice