diff --git a/README.md b/README.md index 10ba070..fdd93c5 100644 --- a/README.md +++ b/README.md @@ -18,22 +18,21 @@ Easy peer-to-peer file transfer. ### Docker -#### Requirements: +#### Requirements - docker - docker-compose - bash - openssl +- git -Clone the repo and run the following command: +#### Installation -``` -./docker-start.sh -``` - -Make sure that your user is in the docker group. - -In case another reverse proxy is used make sure to change the default port (from 80) and to add the `X-Forwarded-For` header with client's IP address. +1. Ensure that your user is in the `docker` group. +1. Run the following commands in terminal: + 1. `git clone https://github.com/mat-sz/filedrop` + 2. `chmod +x ./docker-start.sh` + 3. `./docker-start.sh` TURN uses TCP port 3478 and UDP ports 49152-65535. @@ -49,9 +48,20 @@ TURN uses TCP port 3478 and UDP ports 49152-65535. ### Manual -> First you need to set up a TURN server (like [coturn](https://github.com/coturn/coturn)). -> -> Then you need to clone this repository, run `yarn build` and then `yarn start`. I also use nginx to proxy the back end through it. [Here's a guide on how to achieve that.](https://www.nginx.com/blog/websocket-nginx/) +#### Requirements + +- TURN server, ideally with HMAC authentication, example: [coturn](https://github.com/coturn/coturn) +- node.js 18.x.x, 20+ +- git + +#### Installation + +1. Set up and configure your TURN server and note down the secret for next steps. +2. Run the following in terminal: + 1. `git clone https://github.com/mat-sz/filedrop` + 2. `corepack yarn install` + 3. `corepack yarn build` + 4. `corepack yarn start` ### Environment variables @@ -73,6 +83,7 @@ The following variables are used in the WebSockets server: | `WS_MAX_SIZE` | `65536` | The limit should accommodate preview images (100x100 thumbnails). | | `WS_MAX_NETWORK_CLIENTS` | `64` | Limits the amount of clients that can connect to one room. | | `WS_REQUIRE_CRYPTO` | `0` | Set to `1` if you want to ensure that all communication between clients is encrypted. HTTPS is required for this to work. | +| `WS_STATIC_ROOT` | `../web/build` | Location of frontend build files relative to `./ws` | | `STUN_SERVER` | `stun:stun1.l.google.com:19302` | STUN server address. | | `TURN_MODE` | `default` | `default` for static credentials, `hmac` for time-limited credentials. | | `TURN_SERVER` | null | TURN server address. | @@ -109,24 +120,40 @@ I don't use PeerJS (while the other two projects do) and I also host TURN and We ## HTTPS setup -### Setup with a reverse proxy in front of nginx +### Reverse proxy -1. Configure your reverse proxy to proxy requests to `127.0.0.1:PORT` and then follow your usual instructions for using SSL certificates with said proxy. -2. Rebuild the application. -3. Make sure the TURN server can be connected to from the outside. +1. Configure your reverse proxy to proxy requests to `127.0.0.1:PORT` and then follow the instructions for using SSL certificates with said proxy. +2. Ensure the TURN server can be connected to from the outside. +3. Ensure the `X-Forwarded-For` header is set for every proxied request and contains the IP of the client. +4. Ensure that filedrop is configured with `WS_USE_X_FORWARDED_FOR=1` (or `-f` argument with `docker-start.sh`) #### Nginx configuration example -More details available here: https://www.nginx.com/blog/websocket-nginx/ +More details are available here: https://www.nginx.com/blog/websocket-nginx/ -```nginx -worker_processes auto; +Replace `DOMAIN_NAME` with your domain name. -events { - worker_connections 1024; -} +> [!WARNING] +> To use HTTP/3 your nginx must be built with HTTP/3 support. +> To check if your installation of nginx supports HTTP/3 execute `nginx -V` and check for presence of `--with-http_v3_module`. + +```nginx +# ... http { + # BEGIN: HTTP/2 setup + http2 on; + # END: HTTP/2 setup + + # BEGIN: HTTP/3 setup + # Feel free to leave this out if not using HTTP/3 or already configured. + + http3 on; + http3_hq on; + quic_gso on; + quic_retry on; + # END: HTTP/3 setup + upstream filedrop { server 127.0.0.1:5000; # 5000 = PORT } @@ -139,9 +166,31 @@ http { # ... server { - listen 80; - # server_name should be configured here. - # HTTPS should be configured here. (certbot will handle this for you, if you're using Let's Encrypt.) + server_name DOMAIN_NAME; + + listen 443 ssl; + listen [::]:443 ssl; + + # BEGIN: HTTP/3 (QUIC) setup + # Feel free to leave this out if not using HTTP/3. + + listen 443 quic; + listen [::]:443 quic; + add_header Alt-Svc 'h3=":443"; ma=86400'; + add_header x-quic 'h3'; + add_header Alt-Svc 'h3-29=":443"; ma=86400'; + add_header Alt-Svc 'quic=":443"; ma=86400'; + # END: HTTP/3 (QUIC) setup + + # BEGIN: SSL certificate + # The following lines will be most likely generated by certbot/Let's Encrypt. + # You may choose to omit them if using certbot. + + ssl_certificate /path/to/fullchain.pem; + ssl_certificate_key /path/to/privkey.pem; + # ... + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + # END: SSL certificate # ... @@ -153,6 +202,33 @@ http { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } + + # BEGIN: Caching + location ~* \.(jpg|jpeg|gif|png|svg|bin|img|js|css|woff|woff2|webp)$ { + proxy_pass http://filedrop; + proxy_http_version 1.1; + proxy_cache mycache; + proxy_cache_min_uses 1; + proxy_cache_valid 200 302 1d; + proxy_cache_valid 404 1h; + expires 12M; + add_header Cache-Control "public immutable"; + add_header X-Cache-Status $upstream_cache_status; + } + # END: Caching + } + + server { + if ($host = DOMAIN_NAME) { + return 301 https://$host$request_uri; + } + + + listen 80; + listen [::]:80; + + server_name DOMAIN_NAME; + return 404; } } ```