Samba & SMB Web Access Through Sambee With Automatic HTTPS
- Home Automation, Networking & Self-Hosting
- Published Jul 12, 2026
This article explains how to set up Sambee in a Docker container as a web interface for browser-based access to a Samba or SMB file server.
This article is part of a mini-series about running Samba Active Directory and a file server service in a Docker container on a home server:
- Samba Active Directory in a Docker Container: Installation Guide
- Samba Active Directory as Authelia’s Authentication Backend
- Samba File Server With Windows ACLs in a Docker Container
- Samba File Server With POSIX ACLs in a Docker Container
- Web Access Through Filebrowser With SSO & HTTPS
- Web Access Through Filestash With Passthrough Auth
- Web Access Through Sambee With Automatic HTTPS (this article)
- GitHub repository with Docker files and helper scripts

Sambee Installation
Installing Sambee via its Docker image is straightforward (docs).
Preparation
I’m assuming that you’ve set up Docker, the Caddy container and a Samba file server as described in previous articles.
Dockerized Sambee Directory Structure
This is what the directory structure will look like when we’re done:
rpool/
└── encrypted/
└── docker/
└── sambee/
├── data/
└── docker-compose.yml
We’re placing the configuration on the encrypted ZFS dataset (rpool/encrypted).
Create the new directories and set ownership of the directories to user/group ID 1000, which are used by the dockerized application:
mkdir -p /rpool/encrypted/docker/sambee/data
chown -Rfv 1000:1000 /rpool/encrypted/docker/sambee/data
Sambee Docker Compose File
Create docker-compose.yml with the following content:
services:
sambee:
container_name: sambee
hostname: sambee
# Release channels:
# test: preview builds
# beta: prerelease builds
# stable: production builds (not available yet)
image: ghcr.io/helgeklein/sambee:beta
restart: unless-stopped
networks:
caddy_caddynet: # Frontend communications
expose:
- 8000 # Web UI, Sambee to Caddy
volumes:
- /etc/localtime:/etc/localtime:ro
- ./data:/app/data
networks:
caddy_caddynet:
external: true
Start the Sambee Container And Retrieve the Initial Admin Password
Navigate into the directory with docker-compose.yml and run:
docker compose up -d
When the Sambee container is first started, it sets up some required files in the data subdirectory, creates an admin user and prints the password (only once!).
Run the following to retrieve the initial admin password:
docker compose logs sambee --tail 100 | grep -A 5 "FIRST-TIME SETUP"
Let’s Encrypt Certificate for Sambee via Caddy
Caddyfile
Default: No Authentication by the Reverse Proxy
Add the following to Caddyfile (details):
files.{$MY_DOMAIN} {
reverse_proxy sambee:8000 {
}
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
Alternative: Reverse Proxy Authentication via Authelia
Add the import auth snippet to your Caddy configuration so that it looks as follows:
# Sambee site
files.{$MY_DOMAIN} {
import auth
reverse_proxy sambee:8000 {
}
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
}
Note: the definition of the auth snippet can be found here.
DNS A Record
Add the following A record to your DNS domain:
files.home.yourdomain.com 192.168.0.4 # replace with your Docker host's IP address
Try to resolve the name on a machine in your network (e.g., nslookup files.home.yourdomain.com).
Reload Caddy’s Configuration
Instruct Caddy to reload its configuration by running:
docker exec -w /etc/caddy caddy caddy reload
You should now be able to access the Sambee web interface at https://files.home.yourdomain.com without getting a certificate warning from your browser.
If you selected the alternative configuration with reverse proxy authentication, you’re directed to Authelia’s login page before you can access Sambee.
Create Sambee Users
Users are managed in Sambee’s settings UI. To access it, open https://files.home.yourdomain.com and log on with the user admin and the password you retrieved earlier.
Navigate to Settings by clicking the gear icon or pressing Ctrl+,, select User Management and create the user accounts you need. Assign users to roles as follows:
- Editor: regular user
- Viewer: limited user with read-only capabilities on SMB connections
- Admin: power user with full management access







Comments