Para que los logs no crezcan indefinidamente, se puede configurar newsyslog en FreeBSD
sudo tee /etc/newsyslog.conf.d/filebrowser.conf > /dev/null << EOF # FileBrowser log rotation - rotates weekly or when > 10MB /home/carlos/.config/filebrowser/filebrowser.log carlos:carlos 640 7 10000 * Z EOF
sudo service newsyslog restartFreeBSD es genial!.
pkg install filebrowser which filebrowser filebrowser version File Browser v2.52.0/c11c986b7382a5c1f18d83ee7e6093dc0544cff9
mkdir -p /home/carlos/fileserver
mkdir -p /home/carlos/.config/filebrowser
filebrowser config init -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser users add carlos tu_contraseña_segura \ --perm.admin \ --perm.create \ --perm.delete \ --perm.download \ --perm.execute \ --perm.modify \ --perm.rename \ --perm.share \ -d /home/carlos/.config/filebrowser/filebrowser.db
--perm.admin → Acceso administrativo completo --perm.create → Crear archivos y carpetas --perm.delete → Eliminar archivos --perm.download → Descargar archivos --perm.execute → Ejecutar comandos --perm.modify → Modificar archivos --perm.rename → Renombrar archivos/carpetas --perm.share → Compartir enlaces públicos
sudo service FileBrowser stop sudo pkill -9 filebrowser
filebrowser users add invitado password123 \ --perm.download \ --scope /home/carlos/fileserver/publico \ -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser config cat -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser users ls -d /home/carlos/.config/filebrowser/filebrowser.db
{
"port": 8080,
"baseURL": "",
"address": "0.0.0.0",
"log": "/home/carlos/.config/filebrowser/filebrowser.log",
"database": "/home/carlos/.config/filebrowser/filebrowser.db",
"root": "/home/carlos/fileserver"
}
#!/bin/sh
# PROVIDE: filebrowser
# REQUIRE: NETWORKING DAEMON tailscaled
# KEYWORD: shutdown
. /etc/rc.subr
name="filebrowser"
desc="Web File Browser"
rcvar="${name}_enable"
load_rc_config $name
: ${filebrowser_enable:="NO"}
: ${filebrowser_runas:="carlos"}
: ${filebrowser_config:="/home/carlos/.config/filebrowser/config.json"}
procname="/usr/local/bin/${name}"
command="/usr/sbin/daemon"
command_args="-c -u ${filebrowser_runas} -t \"${desc}\" \
${procname} -c ${filebrowser_config}"
start_precmd="filebrowser_prestart"
filebrowser_prestart()
{
log_file="/home/carlos/.config/filebrowser/filebrowser.log"
if [ ! -f "${log_file}" ]; then
touch "${log_file}"
chown ${filebrowser_runas} "${log_file}"
chmod 640 "${log_file}"
fi
}
run_rc_command "$1"
sudo chmod 555 /usr/local/etc/rc.d/filebrowser
sudo sysrc filebrowser_enable="YES"
sudo service filebrowser status filebrowser is running as pid 1918. ls -ld /var/run/filebrowser drwxr-xr-x 2 carlos wheel 3 Apr 3 09:21 /var/run/filebrowser sudo cat /var/run/filebrowser/filebrowser.pid 1918 tail -10 /home/carlos/.config/filebrowser/filebrowser.log 2026/04/02 23:57:05 Listening on [::]:8080 2026/04/03 08:40:10 Got signal: terminated 2026/04/03 08:40:10 Stopped serving new connections. 2026/04/03 08:40:10 Graceful shutdown complete. 2026/04/03 08:41:06 Listening on [::]:8080 2026/04/03 08:46:48 Got signal: terminated 2026/04/03 08:46:48 Stopped serving new connections. 2026/04/03 08:46:48 Graceful shutdown complete. 2026/04/03 08:47:40 Listening on [::]:8080 2026/04/03 09:21:27 Listening on [::]:8080
tailscale status 100.69.99.114 tornado nombreusuario@ freebsd -
sudo service tailscaled start tailscale up
# ========================================
# Configuración PF para tornado.local.com
# ========================================
# MACROS (Variables)
ext_if = "wlan0" # Interfaz de red
tailscale_if = "tailscale0"
local_net = "192.168.88.0/24" # Red local permitida
ssh_port = "22" # Puerto SSH
filebrowser_port = "8080"
filebrowser_https_port = "8443"
http_port = "80"
https_port = "443"
# --- OPCIONES ---
set skip on lo0 # No filtrar loopback
set block-policy drop # Descartar paquetes bloqueados silenciosamente
set loginterface $ext_if # Interfaz para estadísticas
# --- SCRUB (Normalización de paquetes) ---
scrub in all # Normalizar todo el tráfico entrante
# --- POLÍTICA PREDETERMINADA ---
block all # Bloquear todo por defecto
# --- REGLAS ANTISPOOF ---
antispoof quick for $ext_if # Protección contra IP spoofing
# --- PERMITIR LOOPBACK ---
pass quick on lo0 all # Permitir todo en loopback
# --- PERMITIR TRÁFICO EN TAILSCALE ---
pass quick on $tailscale_if all keep state
# --- Solo permite TAILSCALE ---
pass in quick on $tailscale_if all keep state
# --- PERMITIR ICMP (ping) desde red local ---
pass in quick on $ext_if inet proto icmp from $local_net to any icmp-type { echoreq } keep state
# --- PERMITIR SSH SOLO DESDE RED LOCAL ---
pass in quick on $ext_if proto tcp from $local_net to ($ext_if) port $ssh_port keep state
# --- PERMITIR FILEBROWSER HTTP DESDE RED LOCAL ---
pass in quick on $ext_if proto tcp from $local_net to ($ext_if) port $filebrowser_port keep state
# --- PERMITIR FILEBROWSER HTTP DESDE TAILSCALE ---
pass in quick on $tailscale_if proto tcp to any port $filebrowser_port keep state
# --- PERMITIR FILEBROWSER HTTPS DESDE RED LOCAL ---
pass in quick on $ext_if proto tcp from $local_net to ($ext_if) port $filebrowser_https_port keep state
# --- PERMITIR FILEBROWSER HTTPS DESDE TAILSCALE ---
pass in quick on $tailscale_if proto tcp to any port $filebrowser_https_port keep state
# --- PERMITIR TRÁFICO SALIENTE ---
pass out quick on $ext_if all keep state
# --- LOGGING (opcional) ---
# pass in log on $ext_if proto tcp from $local_net to ($ext_if) port $ssh_port keep state
sudo pfctl -f /etc/pf.conf sudo service pf reload
sudo service filebrowser start
sudo service filebrowser status Password: filebrowser is running as pid 4721
sudo sockstat -4l | grep 8080 carlos filebrowse 1322 5 tcp46 *:8080
http://192.168.88.183:8080
https://100.69.99.114:443 https://tornado.tail0788a4.ts.net
Usuario carlos Contraseña tu_contraseña_segura
tail -f /home/carlos/.config/filebrowser/filebrowser.log
ps aux | grep filebrowser carlos 5542 0.0 0.4 1270900 30200 - I 23:57 \ 0:05.52 /usr/local/bin/filebrowser -c /home/carlos/.config/filebrowser/config.json
sudo pfctl -sr Password: scrub in all fragment reassemble block drop all block drop in quick on ! wlan0 inet from 192.168.88.0/24 to any block drop in quick inet from 192.168.88.183 to any pass in quick on wlan0 inet proto tcp from 192.168.88.0/24 to \ (wlan0) port = ssh flags S/SA keep state pass in quick on wlan0 inet proto tcp from 192.168.88.0/24 to \ (wlan0) port = http-alt flags S/SA keep state pass in quick on wlan0 inet proto tcp from 192.168.88.0/24 to \ (wlan0) port = 8443 flags S/SA keep state pass in quick on wlan0 inet proto icmp from 192.168.88.0/24 to \ any icmp-type echoreq keep state pass out quick on wlan0 all flags S/SA keep state pass quick on lo0 all flags S/SA keep state pass quick on tailscale0 all flags S/SA keep state
IMPORTANTE: Detener FileBrowser antes de modificar la base de datos
sudo service filebrowser stop sudo pkill -9 filebrowser
filebrowser users update carlos \ --password nueva_contraseña \ -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser config set \ --branding.name "Servidor de Carlos" \ --branding.disableExternal \ -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser config set \ --theme dark \ -d /home/carlos/.config/filebrowser/filebrowser.db
sudo service filebrowser start
filebrowser config set --signup false -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser config set --auth.recaptcha.secret "" -d /home/carlos/.config/filebrowser/filebrowser.db
cp /home/carlos/.config/filebrowser/filebrowser.db /home/carlos/.config/filebrowser/filebrowser.db.backup
tar -czf /home/carlos/fileserver-backup-$(date +%Y%m%d).tar.gz /home/carlos/fileserver/
sudo service filebrowser restart
sudo service filebrowser stop sudo pkill -9 filebrowser
rm -f /var/run/filebrowser/filebrowser.pid
sudo service filebrowser start
sudo ps aux | grep "filebrowser" carlos 1322 0.0 0.4 1279096 29736 v0- I Sun23 1:11.45 \ /usr/local/bin/filebrowser -c /home/carlos/.config/filebrowser/config.json
tail -f /home/carlos/.config/filebrowser/filebrowser.log
sudo service filebrowser stop sudo pkill -9 filebrowser filebrowser users ls -d /home/carlos/.config/filebrowser/filebrowser.db
filebrowser config cat -d /home/carlos/.config/filebrowser/filebrowser.db
http://localhost:8080
http://192.168.88.183:8080
http://100.69.99.114:8080 https://https://tornado.tail0788a4.ts.net
Configuración completada exitosamente: FileBrowser instalado y configurando Autenticación habilitada (usuario: carlos) Acceso desde red local (192.168.88.0/24) Acceso remoto seguro vía Tailscale Firewall PF configurado correctamente Autoarranque habilitado (rc.conf)
Tailscale puede proporcionar certificados HTTPS válidos de forma automática para un nodo.
Esto generará certificados en /var/lib/tailscale/certs/ o /usr/local/tailscale/certs/. Si no existe el directorio, Tailscale los colocará en el directorio actual.
tailscale status
https://tornado.tail0788a4.ts.net
¡El certificado será válido y reconocido por todos los navegadores!
sudo tailscale serve --bg http://127.0.0.1:8080
https://tornado.tail0788a4.ts.net
No es necesario configurar nada más, Tailscale maneja todo el HTTPS
tailscale serve status https://tornado.tail0788a4.ts.net (tailnet only) |-- / proxy http://127.0.0.1:8080
tailscale status --json | grep tornado
"DNSName": "tornado.tail0788a4.ts.net.",
"tornado.tail0788a4.ts.net"
Para que Tailscale Serve se mantenga después de reiniciar:
sudo vim /usr/local/etc/rc.d/tailscale_serve
#!/bin/sh
# PROVIDE: tailscale_serve
# REQUIRE: tailscaled filebrowser
# KEYWORD: shutdown
. /etc/rc.subr
name="tailscale_serve"
rcvar="tailscale_serve_enable"
load_rc_config $name
: ${tailscale_serve_enable:="NO"}
start_cmd="${name}_start"
stop_cmd="${name}_stop"
tailscale_serve_start()
{
echo "Starting Tailscale Serve..."
/usr/local/bin/tailscale serve --bg http://127.0.0.1:8080
}
tailscale_serve_stop()
{
echo "Stopping Tailscale Serve..."
/usr/local/bin/tailscale serve reset
}
run_rc_command "$1"
sudo chmod +x /usr/local/etc/rc.d/tailscale_serve
sudo sysrc tailscale_serve_enable="YES" sudo service tailscale_serve start
https://login.tailscale.com/admin/machines
Hacer clic en los 3 puntos -> "Enable HTTPS"
En la página que se abre: Marcar "HTTPS certificates" (requerido) NO marque "Funnel" (a menos que quiera acceso público desde Internet)
Nota: Serve = Acceso solo desde tu Tailnet (privado) - Esto es lo que quiere
Hacer clic en "Enable HTTPS and Serve" o "Enable"
sudo tailscale serve --bg http://127.0.0.1:8080
Debería funcionar sin errores
tailscale serve status https://tornado.tail0788a4.ts.net (tailnet only) |-- / proxy http://127.0.0.1:8080
https://tornado.tail0788a4.ts.net
Cuando habilita HTTPS en Tailscale, el nombre de su dispositivo (tornado.tail0788a4.ts.net) se escribirá en un Certificate Transparency Log público. Esto es un requisito de Let's Encrypt y no se puede evitar. Esto NO expone:
Su IP Sus archivos El contenido de tu servidor
El nombre del dispositivo (tornado.tail0788a4.ts.net)
sudo tailscale status --json | grep -i magic
"InMagicSock": false,
"MagicDNSSuffix": "tail0788a4.ts.net",
"MagicDNSSuffix": "tail0788a4.ts.net",
"MagicDNSEnabled": true
"InMagicSock": true,
"InMagicSock": true,
"InMagicSock": true,
"InMagicSock": true,
sudo pkill -9 filebrowser rm -f /var/run/filebrowser/filebrowser.pid
filebrowser -c /home/carlos/.config/filebrowser/config.json 2026/03/27 09:17:02 Using config file: /home/carlos/.config/filebrowser/config.json 2026/03/27 09:17:02 Using database: /home/carlos/.config/filebrowser/filebrowser.db
tail -50 /home/carlos/.config/filebrowser/filebrowser.log
filebrowser -c /home/carlos/.config/filebrowser/config.json &
Elemento Valor URL de acceso https://tornado.tail0788a4.ts.net Certificado SSL Let's Encrypt (válido, sin advertencias) FileBrowser HTTP en localhost:8080 Tailscale Serve HTTPS proxy en puerto 443 Acceso Solo desde su Tailnet (privado) Usuario carlos Usuario no privilegiado invitadohttps://gnulinuxcodigo.blogspot.com/2026/04/crear-rotacion-de-logs-filebrowser.html
alacritty &
[1] 87350
libEGL warning: MESA-LOADER: failed to open iris: Shared object "libLLVM.so.19.1" \
not found, required by "iris_dri.so" (search paths /usr/local/lib/dri, suffix _dri)
libEGL warning: MESA-LOADER: failed to open zink: Shared object "libLLVM.so.19.1" \
not found, required by "zink_dri.so" (search paths /usr/local/lib/dri, suffix _dri)
libEGL warning: MESA-LOADER: failed to open swrast: Shared object "libLLVM.so.19.1" \
not found, required by "swrast_dri.so" (search paths /usr/local/lib/dri, suffix _dri)
Error: Error { raw_code: Some(12289), raw_os_message: None, kind: InitializationFailed }
[1] + 87350 exit 1 alacritty
Los controladores iris (Intel), zink (capa de traducción Vulkan) y swrast (software rasterizador) fueron compilados contra LLVM 19, pero la librería compartida correspondiente no está instalada en el sistema y si lo está el sistema no la encuentra.
pkg info | grep llvm linux-rl9-llvm-20.1.8 The Low Level Virtual Machine suite (Rocky Linux 9.7) llvm18-18.1.8_2 LLVM and Clang llvm19-19.1.7_1 LLVM and Clang spirv-llvm-translator-llvm19-19.1.14 Bi-directional translation between SPIR-V and LLVM IR
ls -l /usr/local/lib/libLLVM.so.19.1 ls: /usr/local/lib/libLLVM.so.19.1: No such file or directory
find /usr/local -name "libLLVM.so.19.1" 2>/dev/null /usr/local/llvm19/lib/libLLVM.so.19.1
existe, pero está en /usr/local/llvm19/lib/, un directorio que no está en las rutas de búsqueda por defecto del enlazador dinámico. Hay que hacer que el sistema la encuentre
Esta es la opción más ordenada y escalable si en el futuro se necesitan más bibliotecas de LLVM 19.
echo "/usr/local/llvm19/lib" | sudo tee /usr/local/libdata/ldconfig/llvm19.conf
sudo ldconfig -m /usr/local/llvm19/lib
ldd /usr/local/lib/dri/iris_dri.so | grep LLVM libLLVM.so.19.1 => /usr/local/llvm19/lib/libLLVM.so.19.1 (0x13cd9c800000)
alacritty &
alacritty -v
Created log file at "/tmp/Alacritty-2576.log"
[0.000017635s] [INFO ] [alacritty] Welcome to Alacritty
[0.000143511s] [INFO ] [alacritty] Version 0.16.1
[0.000156837s] [INFO ] [alacritty] Running on X11
[0.002709829s] [INFO ] [alacritty] Configuration files loaded from:
"/home/carlos/.config/alacritty/alacritty.toml"
FreeBSD es genial!.
En FreeBSD 14.3, el sistema no tiene soporte nativo para exFAT en el kernel. Para el montaje de un disco USB exFAT (/dev/da0 o /dev/da0p1 /dev/da0s1), se necesita utilizar FUSE y el puerto fusefs-exfat.
pkg install fusefs-libs fusefs-exfat pkg info | grep -i exfat exfat-utils-1.4.0_1 Utilities to create, check, label and dump exFAT filesystem fusefs-exfat-1.4.0_1 Full-featured exFAT FS implementation as a FUSE module
kldload fusefs
sysrc kld_list+="fusefs"
dmesg da0 at umass-sim0 bus 0 scbus1 target 0 lun 0 da0: <ASMT USB 3.0 TOSATA 0> Fixed Direct Access SPC-4 SCSI device da0: Serial Number 0000000000A3 da0: 400.000MB/s transfers da0: 38166MB (78165360 512 byte sectors) da0: quirks=0x2
Desmontar si está montado (por seguridad)
umount /dev/da0p1 2>/dev/null || true
sudo gpart destroy -F da0 da0 destroyed gpart create -s gpt da0 da0 created
gpart add -t ms-basic-data -l "MiSSD" da0 da0p1 added
mkexfatfs /dev/da0p1 mkexfatfs 1.4.0 Creating... done. Flushing... done. File system created successfully.
mkdir /mnt/usb mount.exfat /dev/da0p1 /mnt/usb FUSE exfat 1.4.0 (libfuse2)
df -h /mnt/usb Filesystem Size Used Avail Capacity Mounted on /dev/da0p1 37G 1.6M 37G 0% /mnt/usb
gpart show da0
=> 40 78165280 da0 GPT (37G)
40 78165280 1 ms-basic-data (37G)
/dev/da0p1 (GPT con letra p) /dev/da0s1 (MBR/slice con letra s)
umount /mnt/usbFreeBSD es genial!.
mkdir /tmp/mountado geli attach /dev/nda0p4 zpool import -f -R /tmp/montado zroot
zfs list zroot
NAME USED AVAIL REFER MOUNTPOINT
zroot 223G 211G 96K /zroot
zroot/ROOT 82.9G 211G 96K none
zroot/ROOT/14.3-RELEASE-p8 8K 211G 21.1G /
zroot/ROOT/default 82.9G 211G 21.3G /
zroot/cache 3.04G 211G 96K /zroot/cache
zroot/cache/ccache 3.04G 211G 3.04G /var/cache/ccache
zroot/home 75.3G 211G 96K /home
zroot/home/carlos 75.3G 211G 67.4G /home/carlos
zroot/reserved 50.0G 261G 96K /zroot/reserved
zroot/tmp 320K 211G 180K /tmp
zroot/usr 9.89G 211G 96K /usr
zroot/usr/ports 6.99G 211G 2.91G /usr/ports
zroot/usr/src 2.90G 211G 2.63G /usr/src
zroot/var 1.61G 211G 96K /var
zroot/var/audit 96K 211G 96K /var/audit
zroot/var/crash 1.60G 211G 1.60G /var/crash
zroot/var/log 3.11M 211G 2.00M /var/log
zroot/var/mail 356K 211G 260K
zfs get mountpoint,canmount,mounted zroot/ROOT/default NAME PROPERTY VALUE SOURCE zroot/ROOT/default mountpoint / local zroot/ROOT/default canmount noauto local zroot/ROOT/default mounted yes -
La propiedad canmount en ZFS controla si un dataset puede ser montado. Tiene tres valores posibles:
on - El dataset se monta automáticamente cuando es necesario (por ejemplo, al importar el pool o al ejecutar zfs mount -a).
off - El dataset no puede ser montado en absoluto.noauto - El dataset no se monta automáticamente por operaciones generales del sistema (como zfs mount -a o la importación del pool), pero puede ser montado manualmente con zfs mount. Es un estado intermedio que lo hace "disponible pero no automático".
zfs mount zroot/ROOT/default
zpool export zroot
shutdown -r nowFreeBSD es genial!.