Operations
Startup, backup, cleanup, CORS, public reads, deployment, and troubleshooting.
Operations
Running Locally
Default run:
go run ./cmd/server
Local dev mode:
go run ./cmd/server --dev
Dev mode bypasses auth and is allowed only on localhost bind addresses.
Custom paths:
go run ./cmd/server \
--http-addr 127.0.0.1:9000 \
--db-path /var/lib/fbs/fbs.db \
--data-dir /var/lib/fbs/data
Health Checks
GET /healthz
GET /readyz
Both return JSON:
{"status":"ok"}
or:
{"status":"ready"}
Initial Setup
Bootstrap must be performed from the server host:
curl -X POST http://127.0.0.1:9000/api/setup/bootstrap \
-H 'Content-Type: application/json' \
-d '{"display_name":"Admin User"}'
Store the returned Bearer token and SigV4 secret. They are not returned again by management reads.
Public Base URL
Set FBS_PUBLIC_BASE_URL or --public-base-url when the service is behind a reverse proxy. This value is used in setup responses and generated public object URLs.
Example:
FBS_PUBLIC_BASE_URL=https://storage.example.com go run ./cmd/server
Public Reads
Signed public reads are disabled unless a signing secret is configured:
FBS_PUBLIC_READ_SIGNING_SECRET='at-least-32-bytes-of-secret-material' \
go run ./cmd/server
Generate public URLs through the Management API:
POST /api/management/buckets/{bucket}/objects/{key}/public-url
The public read path is reserved, so public is not a valid bucket name.
Reverse Proxy Notes
For S3 compatibility, preserve:
- The HTTP method.
- The exact path and query string.
- The
Hostheader used by SigV4 clients. Authorization,X-Amz-Date,X-Amz-Content-SHA256, and other signed headers.
If generated URLs should use an external hostname, configure public-base-url instead of relying on inbound request host detection.
Backup
Back up SQLite and object data together. SQLite is the source of truth, but object rows reference files under the data directory. A consistent backup should include:
- SQLite database file and WAL-related files, or a SQLite online backup.
- The full data directory.
Avoid backing up only object files without SQLite metadata, because object keys, content type, ETags, sizes, ownership, and activity live in the database.
Startup Cleanup
Every start reconciles the filesystem against metadata. It can delete:
- Non-multipart temporary files under
data/.tmp. - Object backing files without matching metadata rows.
- Multipart temp directories without matching upload rows.
This is expected. Do not put unrelated files under the configured data directory.
Troubleshooting
Bootstrap returns 403
The setup endpoints are loopback-only. Run the request from the server host using 127.0.0.1, localhost, or another loopback address.
Dev mode refuses to start
Dev mode requires a localhost-only bind address. Use --http-addr 127.0.0.1:9000, localhost:9000, or [::1]:9000.
Management API returns 403
The credentials are valid but the user is inactive or does not have admin role. Use an admin key to list or patch users.
S3 SigV4 requests fail
Check:
- Service is
s3. - Region is
us-east-1. - Signed headers include
host. - Proxy preserves signed headers and host.
- Server clock is close to client clock.
Public URL returns 403
Check:
- Signing secret is configured.
- URL has exactly
expiresandsignaturequery parameters. - URL path has not been rewritten.
- The expiration timestamp is still in the future.