]> git.p6c8.net - jirafeau_project.git/blob - README.md
a5ddf09176ade93bb61166c16fdd695bf95ba851
[jirafeau_project.git] / README.md
1 # Jirafeau
2
3 Welcome to the official Jirafeau project, an [Open-Source software](https://en.wikipedia.org/wiki/Open-source_software).
4
5 Jirafeau allows your to "one-click-filesharing". It makes possible to upload a file in a simple way and give an unique link to it.
6
7 A demonstration of the latest version is available on [jirafeau.net](https://jirafeau.net/).
8
9 ![Screenshot1](http://i.imgur.com/TPjh48P.png)
10
11 Latest CI Status:
12 Master [![Build Status Master](https://gitlab.com/mojo42/Jirafeau/badges/master/build.svg)](https://gitlab.com/mojo42/Jirafeau/commits/master)
13 Next Release [![Build Status Next Release](https://gitlab.com/mojo42/Jirafeau/badges/test/build.svg)](https://gitlab.com/mojo42/Jirafeau/commits/master)
14 [All Branch Builds](https://gitlab.com/mojo42/Jirafeau/pipelines?scope=branches)
15
16 ## Main features
17
18 - One upload → One download link & one delete link
19 - Send any large files (thanks to the HTML5 file API → PHP post_max_size limit not relevant)
20 - Shows progression: speed, percentage and remaining upload time
21 - Preview content in browser (if possible)
22 - Optional password protection (for uploading or downloading)
23 - Set expiration time for downloads
24 - Option to self-destruct after first download
25 - Shortened URLs using base 64 encoding
26 - Maximal upload size configurable
27 - NO database, only use basic PHP
28 - Simple language support with a lot of langages (help us on [weblate](https://hosted.weblate.org/engage/jirafeau/)!)
29 - File level [Deduplication](http://en.wikipedia.org/wiki/Data_deduplication) for storage optimization (does store duplicate files only once, but generate multiple links)
30 - Optional data encryption
31 - Small administration interface
32 - CLI script to remove expired files automatically with a cronjob
33 - Basic, adaptable »Terms Of Service« page
34 - Basic API
35 - Bash script to upload files via command line
36 - Themes
37
38 Jirafeau is a fork of the original project [Jyraphe](http://home.gna.org/jyraphe/) based on the 0.5 (stable version) with a **lot** of modifications.
39
40 As it's original project, Jirafeau is made in the [KISS](http://en.wikipedia.org/wiki/KISS_principle) way (Keep It Simple, Stupid).
41
42 Jirafeau project won't evolve to a file manager and will focus to keep a very few dependencies.
43
44 ## Screenshots
45
46 - [Installation - Step 1](http://i.imgur.com/hmpT1eN.jpg)
47 - [Installation - Step 2](http://i.imgur.com/2e0UGKE.jpg)
48 - [Installation - Step 3](http://i.imgur.com/ofAjLXh.jpg)
49 - [Installation - Step 4](http://i.imgur.com/WXqnfqJ.jpg)
50 - [Upload - Step 1](http://i.imgur.com/SBmSwzJ.jpg)
51 - [Upload - Step 2](http://i.imgur.com/wzPkb1Z.jpg)
52 - [Upload - Progress](http://i.imgur.com/i6n95kv.jpg)
53 - [Upload - Confirmation page](http://i.imgur.com/P2oS1MY.jpg)
54 - [Admin Interface](http://i.imgur.com/nTdsVzn.png)
55
56 ## Installation
57
58 This shows how to install Jirafeau by your own, it's quite simple but you can
59 also use a [docker image](https://hub.docker.com/r/mojo42/jirafeau/) or build
60 it yourself. Check [docker folder](docker/README.md) for more informations.
61
62 System requirements:
63 - PHP >= 5.6
64 - Optional, but recommended: Git >= 2.7
65 - No database required, no mail required
66
67 Installation steps:
68 - Clone the [repository](https://gitlab.com/mojo42/Jirafeau/) or download the latest [release](https://gitlab.com/mojo42/Jirafeau/tags) from GitLab onto your webserver
69 - Set owner & group according to your webserver
70 - A) Setup with the installation wizard (web):
71 - Open your browser and go to your installed location, eg. ```https://example.com/jirafeau/```
72 - The script will redirect to you to a minimal installation wizard to set up all required options
73 - All optional parameters may be set in ```lib/config.local.php```, take a look at ```lib/config.original.php``` to see all default values
74 - B) Setup without the installation wizard (cli):
75 - Just copy ```config.original.php``` to ```config.local.php``` and customize it
76
77 ## Upgrade
78
79 ### General procedure for all versions
80
81 1. Backup your Jirafeau installation!
82 2. Block access to Jirafeau
83 3. Checkout the new version with Git using the [tagged release](https://gitlab.com/mojo42/Jirafeau/tags)
84 * If you have installed Jirafeau just by uploading files on your server, you can download the desired version, overwrite/remove all files and chown/chmod files if needed. Keep a backup of your local configuration file tough.
85 4. With you browser, go to your Jirafeau root page
86 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
87 7. Check your ```/lib/config.local.php``` and compare it with the ```/lib/config.original.php``` to see if new configuration items are available
88
89 ### From version 1.0 to 1.1
90
91 1. The download URL changed
92 * Add a rewrite rule in your web server configuration to rename ```file.php``` to ```f.php``` to make older, still existing links work again
93 1. The default theme changed
94 * Optionally change the theme in ```lib/config.local.php``` to »courgette«
95
96 ### From version 1.2.0 to 2.0.0
97
98 1. The "Terms of Service" text file changed
99 * To reuse previous changes to the ToS, move the old ```/tos_text.php``` file to ```/lib/tos.local.txt``` and remove all HTML und PHP Tags, leaving a regular text file
100
101 ### from version 2.0.0 to 3.4.1
102
103 There is nothing special to do to update from/to the following versions:
104 - 2.0.0 -> 3.0.0
105 - 3.0.0 -> 3.1.0
106 - 3.1.0 -> 3.2.0
107 - 3.2.0 -> 3.2.1
108 - 3.2.1 -> 3.3.0
109 - 3.3.0 -> 3.4.0
110 - 3.4.0 -> 3.4.1
111
112 ### From 3.4.1 to 4.0.0
113
114 You may have to change your administrator password in your config file as admin password are only stored using sha256 (SHA2).
115 To do so, edit `lib/config.local.php` and update `admin_password` option using `echo -n MyNewPassw0rd | sha256sum` command.
116
117 Subfolder division changed so Jirafeau storage. If you need to migrate your data:
118 1. Be sure to make any backups before any operation
119 2. Go to `var-` folder
120 3. Be sure you have the rigths to create and delete files and folders with your current user
121 4. Run the following commands:
122 ```bash
123 # Migrate files folder
124 find files -type f ! -name "*_count" | while read f; do bn="$(basename "$f")"; dst="files/${bn:0:8}/${bn:8:8}/${bn:16:8}/${bn:24:8}/"; mkdir -p "$dst"; mv "$f" "$dst" ; mv "${f}_count" "$dst"; done; find files -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
125 # Migrate links folder
126 find links -type f | while read link; do bn="$(basename "$link")"; mkdir "links/$bn"; mv "$link" "links/$bn/"; done; find links -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
127 ```
128
129 ### Troubleshooting
130
131 If you have some troubles, consider the following cases
132
133 - Check your ```/lib/config.local.php``` file and compare it with ```/lib/config.original.php```, the configuration syntax or a parameter may have changed
134 - Check owner & permissions of your files
135
136 ## Security
137
138 ```var``` directory contain all files and links. It is randomly named to limit access but you may add better protection to prevent un-authorized access to it.
139 You have several options:
140 - Configure a ```.htaccess```
141 - Move var folder to a place on your server which can't be directly accessed
142 - Disable automatic listing on your web server config or place a index.html in var's sub-directory (this is a limited solution)
143
144 If you are using Apache, you can add the following line to your configuration to prevent people to access to your ```var``` folder:
145
146 ```RedirectMatch 301 ^/var-.* http://my.service.jirafeau ```
147
148 If you are using nginx, you can add the following to your $vhost.conf:
149
150 ```nginx
151 location ~ /var-.* {
152 deny all;
153 return 404;
154 }
155 ```
156
157 If you are using lighttpd, you can deny access to ```var``` folder in your configuration:
158
159 ```
160 $HTTP["url"] =~ "^/var-*" {
161 url.access-deny = ("")
162 }
163 ```
164
165 You should also remove un-necessessary write access once the installation is done (ex: configuration file).
166 An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).
167
168 ## Server side encryption
169
170 Data encryption can be activated in options. This feature makes the server encrypt data and send the decryt key to the user (inside download URL).
171 The decrypt key is not stored on the server so if you loose an url, you won't be able to retrieve file content.
172 Encryption is configured to use AES256 in OFB mode.
173 In case of security troubles on the server, attacker won't be able to access files.
174
175 By activating this feature, you have to be aware of few things:
176 - Data encryption has a cost (cpu) and it takes more time for downloads to complete once file sent.
177 - During the download, the server will decrypt on the fly (and use resource).
178 - This feature needs to have the mcrypt php module.
179 - File de-duplication will stop to work (as we can't compare two encrypted files).
180 - Be sure your server do not log client's requests.
181 - Don't forget to enable https.
182
183 In a next step, encryption will be made by the client (in javascript), see issue #10.
184
185 ## License
186
187 GNU Affero General Public License v3 (AGPL-3.0).
188
189 The GNU Affero General Public License can be found at https://www.gnu.org/licenses/agpl.html.
190
191 Please note: If you decide do make adaptions to the source code and run a service with these changes incorporated,
192 you are required to provide a link to the source code of your version in order to obey the AGPL-3.0 license.
193 To do so please add a link to the source (eg. a public Git repository or a download link) to the Terms of Service page.
194 Take a look at the FAQ to find out about how to change the ToS.
195
196 PS: If you have fixed errors or added features, then please contribute to the project and send a merge request with these changes.
197
198 ## Contribution
199
200 If you want to contribute to project, then take a look at the git repository:
201
202 - https://gitlab.com/mojo42/Jirafeau
203
204 and the Contribution Guidelines
205
206 - https://gitlab.com/mojo42/Jirafeau/blob/master/CONTRIBUTING.md
207
208 ## FAQ
209
210 ### Can I add a new language in Jirafeau?
211
212 Of course ! Translations are easy to make and no technical knowledge is required.
213
214 Simply go to [Jirafeau's Weblate](https://hosted.weblate.org/engage/jirafeau/).
215
216 If you want to add a new language in the list, feel free to contact us or leave a comment in ticket #9.
217
218 Thanks to all contributors ! :)
219
220 ### How do I upgrade my Jirafeau?
221
222 See upgrade instructions above.
223
224 ### How can I limit upload access?
225
226 There are two ways to limit upload access (but not download):
227 - you can set one or more passwords in order to access the upload interface, or/and
228 - you can configure a list of authorized IP ([CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation)) which are allowed to access to the upload page
229
230 Check documentation of ```upload_password``` and ```upload_ip``` parameters in [lib/config.original.php](https://gitlab.com/mojo42/Jirafeau/blob/master/lib/config.original.php).
231
232 ### How can I automatize the cleaning of old (expired) files?
233
234 You can call the admin.php script from the command line (CLI) with the ```clean_expired``` or ```clean_async``` commands: ```sudo -u www-data php admin.php clean_expired```.
235
236 Then the command can be placed in a cron file to automatize the process. For example:
237 ```
238 # m h dom mon dow user command
239 12 3 * * * www-data php /path/to/jirafeau/admin.php clean_expired
240 16 3 * * * www-data php /path/to/jirafeau/admin.php clean_async
241 ```
242
243 ### I have some troubles with IE
244
245 If you have some strange behavior with IE, you may configure [compatibility mode](http://feedback.dominknow.com/knowledgebase/articles/159097-internet-explorer-ie8-ie9-ie10-and-ie11-compat).
246
247 Anyway I would recommend you to use another web browser. :)
248
249 ### How can I change the theme?
250
251 You may change the default theme to any of the existing ones or a custom.
252
253 Open your ```lib/config.local.php``` and change setting in the »`style`« key to the name of any folder in the ```/media``` directory.
254
255 Hint: To create a custom theme just copy the »courgette« folder and name your theme »custom« (this way it will be ignored by git and not overwritten during updates). You are invited to enhance the existing themes and send pull requests however.
256
257 ### I found a bug, what should I do?
258
259 Feel free to open a bug in the [GitLab's issues](https://gitlab.com/mojo42/Jirafeau/issues).
260
261 ### How to set maximum file size?
262
263 If your browser supports HTML5 file API, you can send files as big as you want.
264
265 For browsers who does not support HTML5 file API, the limitation come from PHP configuration.
266 You have to set [post_max_size](https://php.net/manual/en/ini.core.php#ini.post-max-size) and [upload_max_filesize](https://php.net/manual/en/ini.core.php#ini.upload-max-filesize) in your php configuration. Note that Nginx setups may requiere to configure `client_max_body_size`.
267
268 If you don't want to allow unlimited upload size, you can still setup a maximal file size in Jirafeau's setting (see ```maximal_upload_size``` in your configuration)
269
270 ### How can I edit an option?
271
272 Documentation of all default options are located in [lib/config.original.php](https://gitlab.com/mojo42/Jirafeau/blob/master/lib/config.original.php).
273 If you want to change an option, just edit your ```lib/config.local.php```.
274
275 ### How can I change the Terms of Service?
276
277 The license text on the "Terms of Service" page, which is shipped with the default installation, is based on the »[Open Source Initiative Terms of Service](https://opensource.org/ToS)«.
278
279 To change this text simply copy the file [/lib/tos.original.txt](https://gitlab.com/mojo42/Jirafeau/blob/master/lib/tos.original.txt), rename it to ```/lib/tos.local.txt``` and adapt it to your own needs.
280
281 If you update the installation, then only the ```tos.original.txt``` file may change eventually, not your ```tos.local.txt``` file.
282
283 ### How can I access the admin interface?
284
285 Just go to ```/admin.php```.
286
287 ### How can I use the scripting interface (API)?
288
289 Simply go to ```/script.php``` with your web browser.
290
291 ### My downloads are incomplete or my uploads fails
292
293 Be sure your PHP installation is not using safe mode, it may cause timeouts.
294
295 If you're using nginx, you might need to increase `client_max_body_size` or remove the restriction altogether. In your nginx.conf:
296
297 ```nginx
298 http {
299 # disable max upload size
300 client_max_body_size 0;
301 # add timeouts for very large uploads
302 client_header_timeout 30m;
303 client_body_timeout 30m;
304 }
305 ```
306
307 ### How can I monitor the use of my Jirafeau instance?
308
309 You may use Munin and simple scripts to collect the number of files in the Jirafeau instance as well as the disk space occupied by all the files. You can consult this [web page](https://blog.bandinelli.net/index.php?post/2016/05/15/Scripts-Munin-pour-Jirafeau).
310
311 ### Why forking?
312
313 The original project seems not to be continued anymore and I prefer to add more features and increase security from a stable version.
314
315 ### What can we expect in the future?
316
317 Check [issues](https://gitlab.com/mojo42/Jirafeau/issues) to check open bugs and incoming new stuff. :)
318
319 ### What about this file deduplication thing?
320
321 Jirafeau uses a very simple file level deduplication for storage optimization.
322
323 This mean that if some people upload several times the same file, this will only store one time the file and increment a counter.
324
325 If someone use his/her delete link or an admin cleans expired links, this will decrement the counter corresponding to the file.
326
327 When the counter falls to zero, the file is destroyed.
328
329 ### What is the difference between "delete link" and "delete file and links" in admin interface?
330
331 As explained in the previous question, files with the same md5 hash are not duplicated and a reference counter stores the number of links pointing to a single file.
332 So:
333 - The button "delete link" will delete the reference to the file but might not destroy the file.
334 - The button "delete file and links" will delete all references pointing to the file and will destroy the file.
335
336 ### How to contact someone from Jirafeau?
337
338 Feel free to create an issue if you found a bug.
339
340 ## Release notes
341
342 ### Version 1.0
343
344 The very first version of Jirafeau after the fork of Jyraphe.
345
346 - Security fix
347 - Keep uploader's ip
348 - Delete link for each upload
349 - No more clear text password storage
350 - Simple langage support
351 - Add an admin interface
352 - New Design
353 - Add term of use
354 - New path system to manage large number of files
355 - New option to show a page at download time
356 - Add option to activate or not preview mode
357
358 ### Version 1.1
359
360 - New skins
361 - Add optional server side encryption
362 - Unlimited file size upload using HTML5 file API
363 - Show speed and estimated time during upload
364 - A lot of fixes
365 - A lot of new langages
366 - Small API to upload files
367 - Limit access to Jirafeau using IP, mask, passwords
368 - Manage (some) proxy headers
369 - Configure your maximal upload size
370 - Configure file's lifetime durations
371 - Preview URL
372 - Get Jirafeau's version in admin interface
373
374 ## Version 1.2.0
375
376 - Link on API page to generate bash script
377 - More informative error codes for API
378 - Security Fix: Prevent authentication bypass for admin interface
379 - CLI script to remove expired files automatically with a cronjob
380 - SHA-256 hash the admin password
381 - New theme "elegantish"
382 - Fix for JavaScript MIME-Type, prevents blocking the resource on some servers
383 - Show download link for a file in admin interface
384 - Default time for expiration (set to 'month' by default)
385 - New expiration time: 'quarter'
386 - A lof of translation contributions
387 - Code cleanups
388
389 ## Version 2.0.0
390
391 - Various documentation improvements
392 - Simplify automatic generation of local configuration file
393 - Set a custom title
394 - Bash Script: Enhanced help, show version, return link to web view as well
395 - »Terms of Service« refactored - Enable admin to overwrite the ToS, without changing existing source code → breaking, see upgrade notes
396
397 ## Version 3.0.0
398
399 - Remove XHTML doctype, support HTML5 only → breaking change for older browsers
400 - Remove redundant code
401 - Remove baseurl usage and set absolute links instead, which for example fixes SSL issues
402 - Extend contribution guide
403 - Switch to PSR-2 code style (fix line endings, indentations, whitespaces, etc)
404 - Declare system requirements
405 - Catch API errors in upload form
406 - Allow clients to upload files depending on IP or password
407 - Set UTC as timezone to prevent date/time issues
408 - Show readable date & time information
409 - Fix UI glitches in admin panel and upload form
410
411 ## Version 3.1.0
412
413 - Fix regression on user authentication (see #113)
414 - Some cosmetic change
415
416 ## Version 3.2.0
417
418 - Update translations from Update translations from weblate
419 - Better style
420 - Fix regression on admin password setting
421
422 ## Version 3.2.1
423
424 - fix download view after an upload
425
426 ## Version 3.3.0
427
428 - Added Docker Support
429 - Added a copy button next to links to copy URLs in clipboard
430 - Now use a delete page to confirm file deletion (#136)
431 - Fixed object ProgressEvent Error (#127)
432 - Added configuration tips for web servers
433 - More translations
434 - Style fixes
435 - Removed useless alias API support (some old toy)
436
437 ## Version 3.4.0
438
439 - Add encryption support in bash script
440 - Refactoring of lang system for simpler management
441 - Removed installation step asking for language
442 - Merged weblate contributions
443 - Fixed some spelling issues
444
445 ## Version 3.4.1
446
447 - Security fixes, thanks [Bishopfox Team](https://www.bishopfox.com/)
448 - Translation fixes
449 - Docker fix
450 - Advertise javascript license for LibreJS compatibility
451 - other minor fixes
452
453 ## Version 4.0.0
454
455 - Removed plain-text password support for admin auth (breaking change).
456 - Default folder sub-division to 8 characters (breaking change).
457 - New option `upload_ip_nopassword` to allow a list of IP to access Jirafeau without password
458 - Bugfix with LibreJS
459 - Other minor bug fixes
460 - More languages supported

patrick-canterino.de