yigitcolakoglu
/
femtoshare
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
The tiniest file-sharing server. Roughly equivalent to 1e-15 ordinary file-sharing servers.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
65 KiB
Tree: cd068f7537
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cd068f7537'
${ noResults }
femtoshare/README.md

104 lines
5.0 KiB
Raw Normal View History

Initial commit
7 years ago
 
  1. Femtoshare
  2. ==========
  3. 

  4. Ultra simple self-hosted file sharing. All files can be accessed/modified by all users. Don't upload anything secret!
  5. 

  6. Quickstart: run `./femtoshare.py`, then visit `http://localhost:8000/` in your web browser.
  7. 

  8. Options:
  9. 

  10.     $ ./femtoshare.py --help
  11.     usage: femtoshare.py [-h] [--port PORT] [--public]
  12. 

  13.     optional arguments:
  14.     -h, --help   show this help message and exit
  15.     --port PORT  local network port to listen on
  16.     --public     listen on remote network interfaces (allows other hosts to see
  17.                  the website; otherwise only this host can see it)
  18. 

  19. Rationale
  20. ---------
  21. 

  22. I often need to send/receive files from untrusted computers. Google Drive can be used for receiving, but not sending - I don't care about people seeing the files, but I do care about not revealing my account credentials when logging in to upload files.
  23. 

  24. Services like WeTransfer work for sending, but they often have tiny file size limits and long, hard-to-type file URLs, if they work at all.
  25. 

  26. I made Femtoshare to fix these issues. It's basically an FTP server that only needs a web browser to browse/download/upload. No file size limits and easily-memorized links, plus no worries about revealing important account credentials! A site-wide password is easily added to keep out the most unsophisticated attackers.
  27. 

  28. Deployment
  29. ----------
  30. 

  31. Minimal public-facing deployment: `./femtoshare.py --port 1234 --public` is visible at `http://YOUR_HOST:1234`.
  32. 

  33. For improved security, authentication, and HTTPS support, we can run the script as a systemd daemon and put it behind an Nginx reverse proxy, configured to use HTTP Basic Authentication. Assuming a fresh Ubuntu 16.04 LTS machine:
  34. 

  35. 1. SSH into the machine: `ssh ubuntu@ec2-35-166-68-253.us-west-2.compute.amazonaws.com`.
  36. 2. Run software updates: `sudo apt-get update && sudo apt-get upgrade`.
  37. 3. Harden SSH: in `/etc/ssh/sshd_config`, change `PasswordAuthentication` to `no` and `PermitRootLogin` to `no` and `AllowUsers` to `ubuntu`. Restart `sshd` using `sudo service sshd restart`.
  38. 4. Get requirements: `sudo apt-get nginx openssl`.
  39. 5. Get the code: `sudo mkdir -p /var/www/femtoshare && cd /var/www/femtoshare && sudo wget https://raw.githubusercontent.com/Uberi/femtoshare/master/femtoshare.py`.
  40. 6. Set up restricted user: `sudo adduser --system --no-create-home --disabled-login --group femtoshare` (there is a `nobody` user, but it's better to have our own user in case other daemons also use `nobody`).
  41. 7. Set up file storage directory: `sudo install -o femtoshare -g femtoshare -d /var/www/femtoshare/files`.
  42. 8. Set up systemd service to start Femtoshare on boot:
  43. 

  44.     ```bash
  45.     sudo tee /lib/systemd/system/femtoshare.service << EOF
  46.     [Unit]
  47.     Description=Femtoshare
  48. 

  49.     [Service]
  50.     Type=simple
  51.     PrivateTmp=yes
  52.     User=femtoshare
  53.     Group=femtoshare
  54.     ExecStart=/var/www/femtoshare/femtoshare.py
  55.     Restart=always
  56.     RestartSec=5
  57. 

  58.     [Install]
  59.     WantedBy=multi-user.target
  60.     EOF
  61.     sudo systemctl daemon-reload
  62.     sudo systemctl enable femtoshare.service
  63.     ```
  64. 

  65. 9. Set up a password file for HTTP Basic Authentication: `echo "user:$(openssl passwd -apr1 -salt 8b80ef96d09ffd0be0daa1202f55bb09 'YOUR_PASSWORD_HERE')" | sudo tee /var/www/femtoshare/.htpasswd`
  66. 10. Set up Nginx as a reverse proxy with HTTP Basic Authentication:
  67. 

  68.     ```bash
  69.     sudo tee /etc/nginx/conf.d/femtoshare.conf << EOF
  70.     server {
  71.         listen 80;
  72.         server_name ~.;
  73. 

  74.         # HTTP Basic Authentication
  75.         auth_basic "Log in with username 'user' to access files";
  76.         auth_basic_user_file /var/www/femtoshare/.htpasswd;
  77. 

  78.         # serve directory listing
  79.         location = / {
  80.             proxy_pass http://127.0.0.1:8000;
  81.             client_max_body_size 1000M;
  82.         }
  83. 

  84.         # serve uploaded file
  85.         location ~ /.+ {
  86.             root /var/www/femtoshare/files;
  87.         }
  88.     }
  89.     EOF
  90.     ```
  91. 

  92. 11. Set up HTTPS with Let's Encrypt: `export LC_ALL="en_US.UTF-8"; export LC_CTYPE="en_US.UTF-8"; sudo wget https://dl.eff.org/certbot-auto && sudo chmod a+x certbot-auto && sudo ./certbot-auto --nginx --debug`
  93. 12. Set up twice-daily certificate renewal cronjob with Let's Encrypt: add `23 0,12 * * * PATH=/home/ubuntu/bin:/home/ubuntu/.local/bin:/home/ubuntu/bin:/home/ubuntu/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin /var/www/femtoshare/certbot-auto renew >> /var/www/femtoshare/letsencrypt-renew-certificate.log 2>&1` in the root crontab with `sudo crontab -e` (setting `PATH` is necessary in order to get Nginx config updates to work).
  94. 13. Start Femtoshare and Nginx: `sudo systemctl start femtoshare.service` and `sudo service nginx restart`.
  95. 14. Allow incoming and outgoing HTTP and HTTPS traffic through the firewall.
  96. 

  97. License
  98. -------
  99. 

  100. Copyright 2018-2018 [Anthony Zhang (Uberi)](http://anthonyz.ca).
  101. 

  102. The source code is available online at [GitHub](https://github.com/Uberi/femtoshare).
  103. 

  104. This program is made available under the MIT license. See ``LICENSE.txt`` in the project's root directory for more information.