The tiniest file-sharing server. Roughly equivalent to 1e-15 ordinary file-sharing servers.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

5.0 KiB

Femtoshare

Ultra simple self-hosted file sharing. All files can be accessed/modified by all users. Don't upload anything secret!

Quickstart: run ./femtoshare.py, then visit http://localhost:8000/ in your web browser.

Options:

$ ./femtoshare.py --help
usage: femtoshare.py [-h] [--port PORT] [--public]

optional arguments:
-h, --help   show this help message and exit
--port PORT  local network port to listen on
--public     listen on remote network interfaces (allows other hosts to see
             the website; otherwise only this host can see it)

Rationale

I often need to send/receive files from untrusted computers. Google Drive can be used for receiving, but not sending - I don't care about people seeing the files, but I do care about not revealing my account credentials when logging in to upload files.

Services like WeTransfer work for sending, but they often have tiny file size limits and long, hard-to-type file URLs, if they work at all.

I made Femtoshare to fix these issues. It's basically an FTP server that only needs a web browser to browse/download/upload. No file size limits and easily-memorized links, plus no worries about revealing important account credentials! A site-wide password is easily added to keep out the most unsophisticated attackers.

Deployment

Minimal public-facing deployment: ./femtoshare.py --port 1234 --public is visible at http://YOUR_HOST:1234.

For improved security, authentication, and HTTPS support, we can run the script as a systemd daemon and put it behind an Nginx reverse proxy, configured to use HTTP Basic Authentication. Assuming a fresh Ubuntu 16.04 LTS machine:

  1. SSH into the machine: ssh ubuntu@ec2-35-166-68-253.us-west-2.compute.amazonaws.com.

  2. Run software updates: sudo apt-get update && sudo apt-get upgrade.

  3. Harden SSH: in /etc/ssh/sshd_config, change PasswordAuthentication to no and PermitRootLogin to no and AllowUsers to ubuntu. Restart sshd using sudo service sshd restart.

  4. Get requirements: sudo apt-get nginx openssl.

  5. Get the code: sudo mkdir -p /var/www/femtoshare && cd /var/www/femtoshare && sudo wget https://raw.githubusercontent.com/Uberi/femtoshare/master/femtoshare.py.

  6. Set up restricted user: sudo adduser --system --no-create-home --disabled-login --group femtoshare (there is a nobody user, but it's better to have our own user in case other daemons also use nobody).

  7. Set up file storage directory: sudo install -o femtoshare -g femtoshare -d /var/www/femtoshare/files.

  8. Set up systemd service to start Femtoshare on boot:

    sudo tee /lib/systemd/system/femtoshare.service << EOF
    [Unit]
    Description=Femtoshare
    
    [Service]
    Type=simple
    PrivateTmp=yes
    User=femtoshare
    Group=femtoshare
    ExecStart=/var/www/femtoshare/femtoshare.py
    Restart=always
    RestartSec=5
    
    [Install]
    WantedBy=multi-user.target
    EOF
    sudo systemctl daemon-reload
    sudo systemctl enable femtoshare.service
    
  9. Set up a password file for HTTP Basic Authentication: echo "user:$(openssl passwd -apr1 -salt 8b80ef96d09ffd0be0daa1202f55bb09 'YOUR_PASSWORD_HERE')" | sudo tee /var/www/femtoshare/.htpasswd

  10. Set up Nginx as a reverse proxy with HTTP Basic Authentication:

    sudo tee /etc/nginx/conf.d/femtoshare.conf << EOF
    server {
        listen 80;
        server_name ~.;
    
        # HTTP Basic Authentication
        auth_basic "Log in with username 'user' to access files";
        auth_basic_user_file /var/www/femtoshare/.htpasswd;
    
        # serve directory listing
        location = / {
            proxy_pass http://127.0.0.1:8000;
            client_max_body_size 1000M;
        }
    
        # serve uploaded file
        location ~ /.+ {
            root /var/www/femtoshare/files;
        }
    }
    EOF
    
  11. Set up HTTPS with Let's Encrypt: export LC_ALL="en_US.UTF-8"; export LC_CTYPE="en_US.UTF-8"; sudo wget https://dl.eff.org/certbot-auto && sudo chmod a+x certbot-auto && sudo ./certbot-auto --nginx --debug

  12. Set up twice-daily certificate renewal cronjob with Let's Encrypt: add 23 0,12 * * * PATH=/home/ubuntu/bin:/home/ubuntu/.local/bin:/home/ubuntu/bin:/home/ubuntu/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin /var/www/femtoshare/certbot-auto renew >> /var/www/femtoshare/letsencrypt-renew-certificate.log 2>&1 in the root crontab with sudo crontab -e (setting PATH is necessary in order to get Nginx config updates to work).

  13. Start Femtoshare and Nginx: sudo systemctl start femtoshare.service and sudo service nginx restart.

  14. Allow incoming and outgoing HTTP and HTTPS traffic through the firewall.

License

Copyright 2018-2018 Anthony Zhang (Uberi).

The source code is available online at GitHub.

This program is made available under the MIT license. See LICENSE.txt in the project's root directory for more information.