yigitcolakoglu
/
femtoshare
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
The tiniest file-sharing server. Roughly equivalent to 1e-15 ordinary file-sharing servers.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
65 KiB
Tree: 70fc1e5730
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '70fc1e5730'
${ noResults }
femtoshare/README.md

111 lines
5.6 KiB
Raw Normal View History

Initial commit
7 years ago
Update README
7 years ago
Initial commit
7 years ago
Update README
7 years ago
Initial commit
7 years ago
Add screenshot
7 years ago
Initial commit
7 years ago
Update README
7 years ago
Initial commit
7 years ago
Update README
7 years ago
Initial commit
7 years ago
Added more options for basic auth
5 years ago
Initial commit
7 years ago
 
  1. Femtoshare
  2. ==========
  3. 

  4. Ultra simple self-hosted file sharing in a single Python script, without any dependencies. All files can be accessed/modified by all users. Don't upload anything secret!
  5. 

  6. Quickstart: `wget https://raw.githubusercontent.com/Uberi/femtoshare/master/femtoshare.py; chmod +x femtoshare.py; femtoshare.py`, then visit `http://localhost:8000/` in your web browser.
  7. 

  8. ![Femtoshare Screenshot](screenshot.png)
  9. 

  10. Options:
  11. 

  12.     $ ./femtoshare.py --help
  13.     usage: femtoshare.py [-h] [--port PORT] [--public]
  14. 

  15.     optional arguments:
  16.     -h, --help   show this help message and exit
  17.     --port PORT  local network port to listen on
  18.     --public     listen on remote network interfaces (allows other hosts to see
  19.                  the website; otherwise only this host can see it)
  20. 

  21. Rationale
  22. ---------
  23. 

  24. I often need to send/receive files from untrusted computers. Google Drive can be used for receiving, but not sending - I don't care about people seeing the files, but I do care about not revealing my account credentials when logging in to upload files.
  25. 

  26. Services like WeTransfer work for sending, but they often have tiny file size limits and long, hard-to-type file URLs, if they work at all.
  27. 

  28. I made Femtoshare to fix these issues. It's basically an FTP server that only needs a web browser to browse/download/upload. No file size limits and easily-memorized links, plus no worries about revealing important account credentials! A site-wide password is easily added to keep out the most unsophisticated attackers.
  29. 

  30. Deployment
  31. ----------
  32. 

  33. Minimal public-facing deployment: `wget https://raw.githubusercontent.com/Uberi/femtoshare/master/femtoshare.py; chmod +x femtoshare.py; ./femtoshare.py --port 1234 --public` is visible at `http://YOUR_HOST:1234`.
  34. 

  35. For improved security, authentication, and HTTPS support, we can run the script as a systemd daemon and put it behind an Nginx reverse proxy, configured to use HTTP Basic Authentication. Assuming a fresh Ubuntu 16.04 LTS machine:
  36. 

  37. 1. SSH into the machine: `ssh ubuntu@ec2-35-166-68-253.us-west-2.compute.amazonaws.com`.
  38. 2. Run software updates: `sudo apt-get update && sudo apt-get upgrade`.
  39. 3. Harden SSH: in `/etc/ssh/sshd_config`, change `PasswordAuthentication` to `no` and `PermitRootLogin` to `no` and `AllowUsers` to `ubuntu`. Restart `sshd` using `sudo service sshd restart`.
  40. 4. Get requirements: `sudo apt-get nginx openssl`.
  41. 5. Get the code: `sudo mkdir -p /var/www/femtoshare && cd /var/www/femtoshare && sudo wget https://raw.githubusercontent.com/Uberi/femtoshare/master/femtoshare.py; sudo chmod +x femtoshare.py`.
  42. 6. Set up restricted user: `sudo adduser --system --no-create-home --disabled-login --group femtoshare` (there is a `nobody` user, but it's better to have our own user in case other daemons also use `nobody`).
  43. 7. Set up file storage directory: `sudo install -o femtoshare -g femtoshare -d /var/www/femtoshare/files`.
  44. 8. Set up systemd service to start Femtoshare on boot:
  45. 

  46.     ```bash
  47.     sudo tee /lib/systemd/system/femtoshare.service << EOF
  48.     [Unit]
  49.     Description=Femtoshare
  50. 

  51.     [Service]
  52.     Type=simple
  53.     PrivateTmp=yes
  54.     User=femtoshare
  55.     Group=femtoshare
  56.     ExecStart=/var/www/femtoshare/femtoshare.py
  57.     Restart=always
  58.     RestartSec=5
  59. 

  60.     [Install]
  61.     WantedBy=multi-user.target
  62.     EOF
  63.     sudo systemctl daemon-reload
  64.     sudo systemctl enable femtoshare.service
  65.     ```
  66. 

  67. 9. Set up a password file for HTTP Basic Authentication: `echo "user:$(openssl passwd -apr1 -salt 8b80ef96d09ffd0be0daa1202f55bb09 'YOUR_PASSWORD_HERE')" | sudo tee /var/www/femtoshare/.htpasswd`
  68. 10. Set up Nginx as a reverse proxy with HTTP Basic Authentication:
  69. 

  70.     ```bash
  71.     sudo tee /etc/nginx/conf.d/femtoshare.conf << EOF
  72.     server {
  73.         listen 80;
  74.         server_name ~.;
  75. 

  76.         # HTTP Basic Authentication
  77.         auth_basic "Log in with username 'user' to access files";
  78.         auth_basic_user_file /var/www/femtoshare/.htpasswd;
  79. 

  80.         # serve directory listing
  81.         location = / {
  82.             # HTTP Auth Just For POST Requests (This will allow users toread files but they won't be able to upload or delete anything)
  83.             # limit_except GET HEAD {
  84.             #     auth_basic "Log in with username 'user' to access files";
  85.             #     auth_basic_user_file /var/www/femtoshare/.htpasswd;
  86.             # }
  87.             proxy_pass http://127.0.0.1:8000;
  88.             client_max_body_size 1000M;
  89.         }
  90. 

  91.         # serve uploaded file
  92.         location ~ /.+ {
  93.             root /var/www/femtoshare/files;
  94.         }
  95.     }
  96.     EOF
  97.     ```
  98. 

  99. 11. Set up HTTPS with Let's Encrypt: `export LC_ALL="en_US.UTF-8"; export LC_CTYPE="en_US.UTF-8"; sudo wget https://dl.eff.org/certbot-auto && sudo chmod a+x certbot-auto && sudo ./certbot-auto --nginx --debug`
  100. 12. Set up twice-daily certificate renewal cronjob with Let's Encrypt: add `23 0,12 * * * PATH=/home/ubuntu/bin:/home/ubuntu/.local/bin:/home/ubuntu/bin:/home/ubuntu/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin /var/www/femtoshare/certbot-auto renew >> /var/www/femtoshare/letsencrypt-renew-certificate.log 2>&1` in the root crontab with `sudo crontab -e` (setting `PATH` is necessary in order to get Nginx config updates to work).
  101. 13. Start Femtoshare and Nginx: `sudo systemctl start femtoshare.service` and `sudo service nginx restart`.
  102. 14. Allow incoming and outgoing HTTP and HTTPS traffic through the firewall.
  103. 

  104. License
  105. -------
  106. 

  107. Copyright 2018-2018 [Anthony Zhang (Uberi)](http://anthonyz.ca).
  108. 

  109. The source code is available online at [GitHub](https://github.com/Uberi/femtoshare).
  110. 

  111. This program is made available under the MIT license. See ``LICENSE.txt`` in the project's root directory for more information.