- Modifié
[Tuto] Hébergez vos fichiers : "L.U.Fi".


Le principe, défini par l'auteur lui-même, est le suivant :
Auquel viennent s'ajouter des fonctions que vous découvrirez à l'utilisation.1°) On dépose des fichiers dans la zone dédiée à cet effet
2°) Le javascript génère une clé de chiffrement (différente pour chaque fichier) ;
3°) Le fichier est découpé en morceaux ;
4°) Chaque morceau est chiffré et envoyé via WebSocket au serveur ;
5°) Vous récupérez deux liens : un lien de téléchargement et un lien de suppression.
Si vous souhaitez en savoir davantage, l'article de l'auteur se trouve à cet endroit, et son GitLab, ici.
Remarque : Un dockerfile, créé par xataz est disponible ici.
Entrons dans le vif du sujet et rendons LUFi accessible par un sous-domaine. Nous partons du principe que vous avez un environnement LEMP fonctionnel sous Debian 8 "Jessie".
1°) Mise à jour du système :
apt-get update && apt-get dist-upgrade
2°) Installation des dépendances : "Carton" :Carton permet de gérer l'installation des dépendances PERL. Nous allons utiliser CPAN pour l'installer, les paquets officiels étant caducs selon l'auteur.
cpan Carton
Et on ajoute aussi, malgré que vous devriez déjà l'avoir :apt-get install build-essential
3°) Installation de "LUFi":cd /var/www
git clone https://git.framasoft.org/luc/lufi.git
chown -R www-data:www-data lufi
cd lufi
carton install
cp lufi.conf.template lufi.conf
4°) Configuration de "LUFi":Je mets ici ma configuration, en relation avec mes besoins et ma configuration actuelle (serveur mail, etc.). Libre à vous de l'adapter en conséquence. Aussi, le fichier de conf étant assez commenté, soyez attentifs à chaque ligne, que ce soit pour valider/invalider un paramètre et/ou pour chercher un explication relative.
nano lufi.conf
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
{
####################
# Hypnotoad settings
####################
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
hypnotoad => {
# array of IP addresses and ports you want to listen to
listen => ['http://127.0.0.1:8080'],
# if you use Lufi behind a reverse proxy like Nginx, you want ro set proxy to 1
# if you use Lufi directly, let it commented
proxy => 1,
},
# put a way to contact you here and uncomment it
# MANDATORY
contact => 'contact@domain.tld',
# array of random strings used to encrypt cookies
# optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT
secrets => ['zelkjfamozijcefa'],
# choose a theme. See the available themes in `themes` directory
# optional, default is 'default'
#theme => 'default',
# length of the random URL
# optional, default is 8
length => 8,
# how many URLs will be provisioned in a batch ?
# optional, default is 5
provis_step => 5,
# max number of URLs to be provisioned
# optional, default is 100
provisioning => 100,
# length of the modify/delete token
# optional, default is 32
token_length => 32,
# max file size, in octets
# you can write it 100*1024*1024
# optional, no default
max_file_size => 10000000000,
# if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript
# optional, no default
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
# broadcast_message which will displayed on the index page
# optional, no default
#broadcast_message => 'Maintenance',
# default time limit for files
# valid values are 0, 1, 7, 30 and 365
# optional, default is 0 (no limit)
default_delay => 1,
# number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
# a warning message will be displayed on homepage
# optional, default is 0 (no limit)
max_delay => 0,
# size thresholds: if you want to define max delays for different sizes of file
# the keys are size in Bytes, you can't have 10*1000*10000 as key
# if a file is smaller than the smallest configured size, it will have a expiration delay of max_delay (see above)
# optional, default is using max_delay (see above) for all sizes
#delay_for_size => {
# 10000000 => 90, # between 10MB and 50MB => max is 90 days, less than 10MB => max is max_delay (see above)
# 50000000 => 60, # between 50MB ans 1GB => max is 60 days
# 1000000000 => 2, # more than 1GB => max is 2 days
#},
# URL sub-directory in which you want Lufi to be accessible
# example: you want to have Lufi under https://example.org/lufi/
# => set prefix to '/lufi' or to '/lufi/', it doesn't matter
# optional, defaut is /
#prefix => '/',
# array of authorized domains for API calls.
# if you want to authorize everyone to use the API: ['*']
# optional, no domains allowed by default
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
# if set, the shortened URLs will use this domain
# optional
fixed_domain => 'domain.tld',
# Mail configuration
# See https://metacpan.org/pod/Mojolicious::Plugin::Mail#EXAMPLES
# Optional, default to sendmail method with no arguments
mail => {
# # Valid values are 'sendmail' and 'smtp'
how => 'smtp',
howargs => ['smtp.domain.tld']
},
# Email sender address
# Optional, default to no-reply@lufi.io
mail_sender => 'lufi@domain.tld'
# define a path to the SQLite database
# you can define it relative to lufi directory or set an absolute path
# remember that it has to be in a directory writable by Lufi user
# optional, default is lufi.db
#db_path => 'lufi.db',
# define a path to the upload directory, where the uploaded files will be stored
# you can define it relative to lufi directory or set an absolute path
# remember that it has to be in a directory writable by Lufi user
# DO NOT CHANGE THIS IF FILES HAVE BEEN ALREADY UPLOADED: THEY WILL NOT BE DOWNLOADABLE ANYMORE
# optional, default is 'files'
upload_dir => '/repertoiredevotrechoix',
#########################
# Lufi cron jobs settings
#########################
# number of days senders' IP addresses are kept in database
# after that delay, they will be deleted from database (used with script/lufi cron cleanbdd)
# optional, default is 365
#keep_ip_during => 365,
# max size of the files directory, in octets
# used by script/lufi cron watch to trigger an action
# optional, no default
#max_total_size => 10*1024*1024*1024,
# default action when files directory is over max_total_size (used with script/lufi cron watch)
# valid values are 'warn', 'stop-upload' and 'delete'
# please, see readme
# optional, default is 'warn'
#policy_when_full => 'warn',
# images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
# if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
# optional, no default
#delete_no_longer_viewed_files => 90
};
5°) Migration du service vers systemd :cp utilities/lufi.service /etc/systemd/system/
On édite le fichier :nano /etc/systemd/system/lufi.service
Pour s'assurer qu'il ressemble à celui-ci :[Unit]
Description=File hosting service with encryption
Documentation=https://git.framasoft.org/luc/lufi
Requires=network.target
After=network.target
[Service]
Type=forking
User=www-data
RemainAfterExit=yes
WorkingDirectory=/var/www/lufi/
PIDFile=/var/www/lufi/script/hypnotoad.pid
ExecStart=/usr/local/bin/carton exec hypnotoad script/lufi
ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lufi
ExecReload=/usr/local/bin/carton exec hypnotoad script/lufi
[Install]
WantedBy=multi-user.target
Puis :systemctl daemon-reload
Et on lance LUFi :systemctl start lufi.service
Pensez à regarder vos logs si vous rencontrez des erreurs :journalctl -xn
Ou mieux encore :systemctl status lufi.service -l
IMPORTANT : Quand vous modifiez le fichier de *.conf de lufi (/var/www/lufi/lufi.conf), il vous faudra à chaque fois relancer LUFi comme suit :systemctl restart lufi.service
6°) Configuration du vhost Nginx en sous-domaine :Cette configuration est bien entendu à adapter, la version de nginx utilisée ici étant la 1.9.5 (support http/2). Vous pouvez également vous référer au vhost proposé par l'auteur.
nano /etc/nginx/sites-enabled/lufi.conf
server {
listen 80;
server_name lufi.domain.tld;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name lufi.domain.tld;
root /var/www/lufi/;
access_log /var/log/nginx/lufi.access.log;
error_log /var/log/nginx/lufi.error.log;
ssl_certificate /etc/ssl/nginx/lufi.domain.tld.crt-unified;
ssl_certificate_key /etc/ssl/nginx/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:AES128+EECDH:AES256+EECDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
client_max_body_size 10G;
location ~* ^/(img|css|font|js)/ {
try_files $uri @lufi;
add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
add_header Cache-Control "public, max-age=315360000";
#HTTPS only header, improves security
add_header Strict-Transport-Security "max-age=15768000";
}
location / {
try_files $uri @lufi;
#HTTPS only header, improves security
add_header Strict-Transport-Security "max-age=15768000";
}
location @lufi {
# Adapt this to your configuration
proxy_pass http://127.0.0.1:8080;
# Really important! Lufi uses WebSocket, it won't work without this
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# If you want to log the remote port of the image senders, you'll need that
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
La variable suivante :Doit être en cohérence avec celle définit dans votre lufi.conf. Également, ajouté à cela, un php.ini (/etc/php5/fpm/php.ini)client_max_body_size 10G;
correctement renseigné, notamment aux niveaux des valeurs : "upload_max_filesize" et "post_max_size".
On redémarre nginx pour prendre en compte les modifications :
systemctl restart nginx.service
6°) Mise à jour de LUFi :Pour mettre à jour LUFi, procédez comme suit :
cd /var/www/lufi
git pull
carton install
carton exec hypnotoad /var/www/lufi/script/lufi
systemctl restart lufi.service
Vous devriez pouvoir à présent vous rendre sur votre sous-domaine pour profiter de LUFi !Si vous avez des questions, des suggestions, n'hésitez pas à m'en faire part sur le sujet de discussion.