How to Setup a Raspberry Pi AFP Server?

Setting up a Raspberry Pi as an AFP (Apple Filing Protocol) server allows Mac users on your network to access files and storage connected to the Pi. This provides a convenient central location for sharing files between Macs.

How to Setup a Raspberry Pi AFP Server?

In this guide, you’ll learn how to:

  • Install and configure Netatalk to handle AFP connections
  • Set up user accounts and groups
  • Connect a USB drive for network storage
  • Secure the Pi AFP server
  • Optimize performance

By the end, you’ll have a Raspberry Pi acting as an AFP file server for your Macs.

Benefits of a Raspberry Pi AFP Server

Some benefits of setting up a Raspberry Pi as an AFP file server include:

  • Centralized Storage – Share USB drives over the network for centralized storage and backups.
  • File Sharing – Easily share files between your Macs like a NAS device.
  • User Accounts – Create separate user accounts and groups for managing access.
  • Low Cost – Raspberry Pis are an affordable network server option.

Requirements

You’ll need the following to set up a Raspberry Pi AFP server:

  • A Raspberry Pi model with Ethernet port and powered USB ports (Pi 2, 3 or 4 recommended)
  • MicroSD card loaded with Raspberry Pi OS
  • Power supply for the Pi
  • Ethernet cable to connect the Pi to your network
  • Supported USB drive(s) for storage
  • Macs on your network to connect as AFP clients

Step 1 – Install Netatalk

Netatalk is the Linux software that provides AFP services. To install it:

  1. SSH into your Pi and update apt:

sudo apt update

sudo apt upgrade

Install Netatalk:

  1. sudo apt install netatalk

This installs the key packages for handling AFP connections.

Step 2 – Configure AFP Users and Groups

You’ll want to set up user accounts and groups to manage permissions for accessing shared volumes on your AFP server.

Netatalk uses system accounts, so first create local users:

sudo useradd -m -G users,netatalk bob

sudo useradd -m -G users,netatalk sue

  • The -m flag creates their home directories located at /home/username.
  • We add the accounts to the supplementary groups users and netatalk.

Next create groups:

sudo groupadd admins

sudo groupadd accounting

You can make shared folders later that are restricted to certain groups.

Step 3 – Set up Shared Folders

Now you can configure shared folders, called ” AFP volumes”, for file sharing through Netatalk.

Each volume maps to a folder path, which can point to an external USB drive or path on the internal SSD. Permissions and accessibility can be configured per volume.

Let’s make some volumes.

  1. Create volume directories

Make the directories somewhere like /media or /srv for storing the shared files:

sudo mkdir -p /media/usbdrive/share1

sudo mkdir -p /home/bob/share2

  1. Edit /etc/netatalk/afp.conf

Configure the volumes in Netatalk’s config file:

sudo nano /etc/netatalk/afp.conf

Add volume sections like:

[Share1]

   path = /media/usbdrive/share1

   time machine = yes

[Bob’s Files]

   path = /home/bob/share2

   valid users = bob

   read only = yes

  1. Set permissions

Set folder permissions appropriately for the shared volumes:

sudo chown -R root:netatalk /media/usbdrive/share1

sudo chmod -R 775 /media/usbdrive/share1

sudo chown -R bob:netatalk /home/bob/share2  

sudo chmod -R 775 /home/bob/share2

This allows the specified users/groups access to the shares.

Step 4 – Connect External USB Drives

For network storage, connect an external USB hard drive or flash drive to one of the Pi’s USB ports.

The drive will be accessible at /media/pi/<volume name> by default.

Create and share folders on the external drive as outlined in Step 3. For example:

sudo mkdir -p /media/pi/usbdrive/share1

Then map /media/pi/usbdrive/share1 as a shared volume in /etc/netatalk/afp.conf.

Tip: For optimal performance, use a powered USB hub with externally-powered drives.

Step 5 – Secure the AFP Server

Here are some tips for securing your AFP file server:

Firewall Rules

Limit network exposure to ports:

  • TCP 548 (afpd)
  • TCP 636 (afpd over TLS)
  • TCP 5000:5100 (DHCP optionally)

sudo ufw allow 548,636/tcp

Disable Guest Access

In /etc/netatalk/afpd.conf set:

uam list = uams_dhx2.so,uams_dhx.so -nouserguest

This disables guest authentication.

HTTPS Encryption

To encrypt connections:

  1. Generate SSL certificate:

sudo /usr/libexec/netatalk/netatalk-certbot

In afpd.conf set:

  1. encrypt connections = true

Clients can now use afp:// or afps:// URLs.

Step 6 – Improve Performance

Here are some best practices for faster file transfers:

  • Use a pi model with quad-core CPU and wired ethernet connection.
  • Set preexec close = no in afp.conf to reduce CPU load.
  • Mount external drives properly in /etc/fstab.
  • Enable RAM disk in /etc/dphys-swapfile.
  • Sync mounted drives noatime in /etc/fstab.
  • Test different read/write buffer sizes.
  • Enable SMB/CIFS support only if needed.

Also monitor CPU load and memory usage during transfers to catch bottlenecks.

Step 7 – Start Netatalk Service

Once you finish configuring:

sudo systemctl enable netatalk

sudo systemctl start netatalk

The AFP server is now running!

Clients should see your shared drives under “Shared” in the Finder sidebar.

Key Takeaways

  • Use Netatalk to handle AFP sharing on the Pi
  • Manage access with system users and groups
  • Share folders as AFP volumes in /etc/netatalk/afp.conf
  • Optimize performance for faster transfers
  • Add security like firewall rules and SSL encryption

After some initial setup, a Raspberry Pi makes for an easy, low-cost AFP file server!

Conclusion

Setting up a Raspberry Pi AFP server allows centralized file storage and sharing across Macs on your local network.

Features like user account access controls and TLS encryption provide security protections. Optimizing Netatalk’s performance helps maximize file transfer speeds.

With external USB drives, you can expand the available shared storage affordably. And the Pi itself uses very little power.

For Mac-centric environments needing improved file collaboration, a DIY Raspberry Pi AFP server is an excellent option!

Frequently Asked Questions

Q: What models of Raspberry Pi work as an AFP server?
A: We recommend a Pi 2, 3 or 4 model with wired ethernet connectivity. The quad-core CPU helps with performance vs the lower-end models.

Q: Can I access the AFP server files on Windows PCs?
A: Windows doesn’t natively support AFP. But installing third-party software like GroupLogic ExtremeZ-IP can allow Windows AFP access.

Q: Is Time Machine backup supported?
A: Yes, you can enable Time Machine network backups on AFP volumes by setting time machine = yes for a share in afp.conf.

Q: How do you enable guest access?
A: To allow guest logins, remove -nouserguest from the uams list in /etc/netatalk/afpd.conf. But guest access is not recommended.

Q: What is the afpd service?
A: The afpd daemon manages AFP connections. Restart it with systemctl restart netatalk after making config changes.

Q: Can I access AFP files from the internet?
A: We don’t recommend exposing your AFP server directly to the internet. Limit outside access using a VPN tunnel instead.

Q: How is AFP different than SMB?
A: SMB is better supported in Windows environments, while AFP is designed for Macs. They have similar file and print sharing functions.

Q: Where are AFP server logs located?
A: Check /var/log/syslog or set a custom logfile using afpd -F LogFile in afpd.conf.

Q: Can I share printers through the Pi AFP server?
A: Yes. Attach USB printers to the Pi, then expose them as shared AFP printers using CUPS and Avahi.

Q: Does the Pi AFP server support Time Capsule backups?
A: Sort of – you can enable Time Machine network backups. But it doesn’t support iOS device backups like an actual Time Capsule.

Q: Can multiple external drives be used for shares?
A: Absolutely. Connect multiple supported USB hard drives and partitions, then map network folders on each drive block device.

Q: Is there an AFP client for Android to access shares?
A: A few third-party apps claim AFP support, like AndSMB. But native integration is still limited compared to Mac/iOS.

Q: What are the key Netatalk config files?
A: /etc/afp.conf defines shares, /etc/netatalk/afpd.conf controls server settings, and /etc/netatalk/AppleVolumes.default sets defaults.

Q: What are some alternatives to Netatalk?
A: Options like Samba (smbd) or NFS may be easier for Windows-centric networks. But Netatalk remains the optimal choice for AFP shares.

Q: Does the Pi need a static IP address?
A: It’s recommended to set a static IP for the Pi. This ensures clients can reliably locate the AFP server on the network without the IP changing.

Q: Can I connect WiFi drives instead of USB?
A: Networked drives connected over WiFi may work, but can suffer from slower speeds and connectivity issues vs wired USB or ethernet drives.

Q: How do I backup the AFP server files?
A: Set up the Pi to sync or replicate files onto another system like a NAS as backups. Or use another Pi as a redundant AFP server mirroring the same shares.

Q: Is permissions handling similar to NFS shares?
A: AFP and NFS have some permissions concepts in common, like UID/GID ownership and Unix rights. But the ACL implementation differs between the two protocols.

Q: Can file sharing traffic be encrypted?
A: Yes, enable TLS connections by generating an SSL certificate for the Pi and configuring afpd.conf to encrypt client sessions for security.

Q: How many users can access AFP shares simultaneously?
A: It depends on the Pi hardware performance, but in general a Pi can handle 5-10 concurrent AFP connections. More users or sessions will require a more powerful server.

Leave a Comment