]> git.p6c8.net - jirafeau_project.git/blob - README.md
Jirafeau version 4.1.0
[jirafeau_project.git] / README.md
1 # Jirafeau
2
3 Welcome to the official Jirafeau project, an [Open-Source software](https://en.wikipedia.org/wiki/Open-source_software).
4
5 Jirafeau allows your to "one-click-filesharing". It makes possible to upload a file in a simple way and give an unique link to it.
6
7 A demonstration of the latest version is available on [jirafeau.net](https://jirafeau.net/).
8
9 ![Screenshot1](http://i.imgur.com/TPjh48P.png)
10
11 Latest CI Status:
12 Master [![Build Status Master](https://gitlab.com/mojo42/Jirafeau/badges/master/build.svg)](https://gitlab.com/mojo42/Jirafeau/commits/master)
13 Next Release [![Build Status Next Release](https://gitlab.com/mojo42/Jirafeau/badges/test/build.svg)](https://gitlab.com/mojo42/Jirafeau/commits/master)
14 [All Branch Builds](https://gitlab.com/mojo42/Jirafeau/pipelines?scope=branches)
15
16 ## Main features
17
18 - One upload → One download link & one delete link
19 - Send any large files (thanks to the HTML5 file API → PHP post_max_size limit not relevant)
20 - Shows progression: speed, percentage and remaining upload time
21 - Preview content in browser (if possible)
22 - Optional password protection (for uploading or downloading)
23 - Set expiration time for downloads
24 - Option to self-destruct after first download
25 - Shortened URLs using base 64 encoding
26 - Maximal upload size configurable
27 - NO database, only use basic PHP
28 - Simple language support with a lot of langages (help us on [weblate](https://hosted.weblate.org/engage/jirafeau/)!)
29 - File level [Deduplication](http://en.wikipedia.org/wiki/Data_deduplication) for storage optimization (does store duplicate files only once, but generate multiple links)
30 - Optional data encryption
31 - Small administration interface
32 - CLI script to remove expired files automatically with a cronjob
33 - Basic, adaptable »Terms Of Service« page
34 - Basic API
35 - Bash script to upload files via command line
36 - Themes
37
38 Jirafeau is a fork of the original project [Jyraphe](http://home.gna.org/jyraphe/) based on the 0.5 (stable version) with a **lot** of modifications.
39
40 As it's original project, Jirafeau is made in the [KISS](http://en.wikipedia.org/wiki/KISS_principle) way (Keep It Simple, Stupid).
41
42 Jirafeau project won't evolve to a file manager and will focus to keep a very few dependencies.
43
44 ## Screenshots
45
46 - [Installation - Step 1](http://i.imgur.com/hmpT1eN.jpg)
47 - [Installation - Step 2](http://i.imgur.com/2e0UGKE.jpg)
48 - [Installation - Step 3](http://i.imgur.com/ofAjLXh.jpg)
49 - [Installation - Step 4](http://i.imgur.com/WXqnfqJ.jpg)
50 - [Upload - Step 1](http://i.imgur.com/SBmSwzJ.jpg)
51 - [Upload - Step 2](http://i.imgur.com/wzPkb1Z.jpg)
52 - [Upload - Progress](http://i.imgur.com/i6n95kv.jpg)
53 - [Upload - Confirmation page](http://i.imgur.com/P2oS1MY.jpg)
54 - [Admin Interface](http://i.imgur.com/nTdsVzn.png)
55
56 ## Installation
57
58 This shows how to install Jirafeau by your own, it's quite simple but you can
59 also use a [docker image](https://hub.docker.com/r/mojo42/jirafeau/) or build
60 it yourself. Check [docker folder](docker/README.md) for more informations.
61
62 System requirements:
63 - PHP >= 5.6
64 - Optional, but recommended: Git >= 2.7
65 - No database required, no mail required
66
67 Installation steps:
68 - Clone the [repository](https://gitlab.com/mojo42/Jirafeau/) or download the latest [release](https://gitlab.com/mojo42/Jirafeau/tags) from GitLab onto your webserver
69 - Set owner & group according to your webserver
70 - A) Setup with the installation wizard (web):
71 - Open your browser and go to your installed location, eg. ```https://example.com/jirafeau/```
72 - The script will redirect to you to a minimal installation wizard to set up all required options
73 - All optional parameters may be set in ```lib/config.local.php```, take a look at ```lib/config.original.php``` to see all default values
74 - B) Setup without the installation wizard (cli):
75 - Just copy ```config.original.php``` to ```config.local.php``` and customize it
76
77 ## Upgrade
78
79 ### General procedure for all versions
80
81 1. Backup your Jirafeau installation!
82 2. Block access to Jirafeau
83 3. Checkout the new version with Git using the [tagged release](https://gitlab.com/mojo42/Jirafeau/tags)
84 * If you have installed Jirafeau just by uploading files on your server, you can download the desired version, overwrite/remove all files and chown/chmod files if needed. Keep a backup of your local configuration file tough.
85 4. With you browser, go to your Jirafeau root page
86 5. Follow the installation wizard, it should propose you the same data folder or even update automatically
87 7. Check your ```/lib/config.local.php``` and compare it with the ```/lib/config.original.php``` to see if new configuration items are available
88
89 ### From version 1.0 to 1.1
90
91 1. The download URL changed
92 * Add a rewrite rule in your web server configuration to rename ```file.php``` to ```f.php``` to make older, still existing links work again
93 1. The default theme changed
94 * Optionally change the theme in ```lib/config.local.php``` to »courgette«
95
96 ### From version 1.2.0 to 2.0.0
97
98 1. The "Terms of Service" text file changed
99 * To reuse previous changes to the ToS, move the old ```/tos_text.php``` file to ```/lib/tos.local.txt``` and remove all HTML und PHP Tags, leaving a regular text file
100
101 ### From version 2.0.0 to 3.4.1
102
103 There is nothing special to do to update from/to the following versions:
104 - 2.0.0 -> 3.0.0
105 - 3.0.0 -> 3.1.0
106 - 3.1.0 -> 3.2.0
107 - 3.2.0 -> 3.2.1
108 - 3.2.1 -> 3.3.0
109 - 3.3.0 -> 3.4.0
110 - 3.4.0 -> 3.4.1
111
112 ### From 3.4.1 to 4.0.0
113
114 You may have to change your administrator password in your config file as admin password are only stored using sha256 (SHA2).
115 To do so, edit `lib/config.local.php` and update `admin_password` option using `echo -n MyNewPassw0rd | sha256sum` command.
116
117 Subfolder division changed in Jirafeau storage. You can either start from a fresh `var-` folder or you need to migrate your data.
118
119 In order to migrate your existing data:
120 1. Be sure to have a working backup of your Jirafeau instance and/or the rest of your hosting before any operation
121 2. Go to `var-` folder
122 3. Be sure you have read and write permissions on files and folders with your current user
123 4. Run the following commands:
124 ```bash
125 # Migrate files folder
126 find files -type f ! -name "*_count" | while read f; do bn="$(basename "$f")"; dst="files/${bn:0:8}/${bn:8:8}/${bn:16:8}/${bn:24:8}/"; mkdir -p "$dst"; mv "$f" "$dst" ; mv "${f}_count" "$dst"; done; find files -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
127 # Migrate links folder
128 find links -type f | while read link; do bn="$(basename "$link")"; mkdir "links/$bn"; mv "$link" "links/$bn/"; done; find links -maxdepth 1 -type d -iname "?" -exec rm -rf {} \;
129 ```
130
131 ### From 4.0.0 to 4.1.0
132
133 There is nothing special to do to update from/to the following versions:
134 - 4.0.0 -> 4.1.0
135
136 ### Troubleshooting
137
138 If you have some troubles, consider the following cases
139
140 - Check your ```/lib/config.local.php``` file and compare it with ```/lib/config.original.php```, the configuration syntax or a parameter may have changed
141 - Check owner & permissions of your files
142
143 ## Security
144
145 ```var``` directory contain all files and links. It is randomly named to limit access but you may add better protection to prevent un-authorized access to it.
146 You have several options:
147 - Configure a ```.htaccess```
148 - Move var folder to a place on your server which can't be directly accessed
149 - Disable automatic listing on your web server config or place a index.html in var's sub-directory (this is a limited solution)
150
151 If you are using Apache, you can add the following line to your configuration to prevent people to access to your ```var``` folder:
152
153 ```RedirectMatch 301 ^/var-.* http://my.service.jirafeau ```
154
155 If you are using nginx, you can add the following to your $vhost.conf:
156
157 ```nginx
158 location ~ /var-.* {
159 deny all;
160 return 404;
161 }
162 ```
163
164 If you are using lighttpd, you can deny access to ```var``` folder in your configuration:
165
166 ```
167 $HTTP["url"] =~ "^/var-*" {
168 url.access-deny = ("")
169 }
170 ```
171
172 You should also remove un-necessessary write access once the installation is done (ex: configuration file).
173 An other obvious basic security is to let access users to the site by HTTPS (make sure `web_root` in you `config.local.php` is set with https).
174
175 ## Server side encryption
176
177 Data encryption can be activated in options. This feature makes the server encrypt data and send the decryt key to the user (inside download URL).
178 The decrypt key is not stored on the server so if you loose an url, you won't be able to retrieve file content.
179 Encryption is configured to use AES256 in OFB mode.
180 In case of security troubles on the server, attacker won't be able to access files.
181
182 By activating this feature, you have to be aware of few things:
183 - Data encryption has a cost (cpu) and it takes more time for downloads to complete once file sent.
184 - During the download, the server will decrypt on the fly (and use resource).
185 - This feature needs to have the mcrypt php module.
186 - File de-duplication will stop to work (as we can't compare two encrypted files).
187 - Be sure your server do not log client's requests.
188 - Don't forget to enable https.
189
190 In a next step, encryption will be made by the client (in javascript), see issue #10.
191
192 ## License
193
194 GNU Affero General Public License v3 (AGPL-3.0).
195
196 The GNU Affero General Public License can be found at https://www.gnu.org/licenses/agpl.html.
197
198 Please note: If you decide do make adaptions to the source code and run a service with these changes incorporated,
199 you are required to provide a link to the source code of your version in order to obey the AGPL-3.0 license.
200 To do so please add a link to the source (eg. a public Git repository or a download link) to the Terms of Service page.
201 Take a look at the FAQ to find out about how to change the ToS.
202
203 PS: If you have fixed errors or added features, then please contribute to the project and send a merge request with these changes.
204
205 ## Contribution
206
207 If you want to contribute to project, then take a look at the git repository:
208
209 - https://gitlab.com/mojo42/Jirafeau
210
211 and the Contribution Guidelines
212
213 - https://gitlab.com/mojo42/Jirafeau/blob/master/CONTRIBUTING.md
214
215 ## FAQ
216
217 ### Can I add a new language in Jirafeau?
218
219 Of course ! Translations are easy to make and no technical knowledge is required.
220
221 Simply go to [Jirafeau's Weblate](https://hosted.weblate.org/engage/jirafeau/).
222
223 If you want to add a new language in the list, feel free to contact us or leave a comment in ticket #9.
224
225 Thanks to all contributors ! :)
226
227 ### How do I upgrade my Jirafeau?
228
229 See upgrade instructions above.
230
231 ### How can I limit upload access?
232
233 There are two ways to limit upload access (but not download):
234 - you can set one or more passwords in order to access the upload interface, or/and
235 - you can configure a list of authorized IP ([CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation)) which are allowed to access to the upload page
236
237 Check documentation of ```upload_password``` and ```upload_ip``` parameters in [lib/config.original.php](https://gitlab.com/mojo42/Jirafeau/blob/master/lib/config.original.php).
238
239 ### How can I automatize the cleaning of old (expired) files?
240
241 You can call the admin.php script from the command line (CLI) with the ```clean_expired``` or ```clean_async``` commands: ```sudo -u www-data php admin.php clean_expired```.
242
243 Then the command can be placed in a cron file to automatize the process. For example:
244 ```
245 # m h dom mon dow user command
246 12 3 * * * www-data php /path/to/jirafeau/admin.php clean_expired
247 16 3 * * * www-data php /path/to/jirafeau/admin.php clean_async
248 ```
249
250 ### I have some troubles with IE
251
252 If you have some strange behavior with IE, you may configure [compatibility mode](http://feedback.dominknow.com/knowledgebase/articles/159097-internet-explorer-ie8-ie9-ie10-and-ie11-compat).
253
254 Anyway I would recommend you to use another web browser. :)
255
256 ### How can I change the theme?
257
258 You may change the default theme to any of the existing ones or a custom.
259
260 Open your ```lib/config.local.php``` and change setting in the »`style`« key to the name of any folder in the ```/media``` directory.
261
262 Hint: To create a custom theme just copy the »courgette« folder and name your theme »custom« (this way it will be ignored by git and not overwritten during updates). You are invited to enhance the existing themes and send pull requests however.
263
264 ### I found a bug, what should I do?
265
266 Feel free to open a bug in the [GitLab's issues](https://gitlab.com/mojo42/Jirafeau/issues).
267
268 ### How to set maximum file size?
269
270 If your browser supports HTML5 file API, you can send files as big as you want.
271
272 For browsers who does not support HTML5 file API, the limitation come from PHP configuration.
273 You have to set [post_max_size](https://php.net/manual/en/ini.core.php#ini.post-max-size) and [upload_max_filesize](https://php.net/manual/en/ini.core.php#ini.upload-max-filesize) in your php configuration. Note that Nginx setups may requiere to configure `client_max_body_size`.
274
275 If you don't want to allow unlimited upload size, you can still setup a maximal file size in Jirafeau's setting (see ```maximal_upload_size``` in your configuration)
276
277 ### How can I edit an option?
278
279 Documentation of all default options are located in [lib/config.original.php](https://gitlab.com/mojo42/Jirafeau/blob/master/lib/config.original.php).
280 If you want to change an option, just edit your ```lib/config.local.php```.
281
282 ### How can I change the Terms of Service?
283
284 The license text on the "Terms of Service" page, which is shipped with the default installation, is based on the »[Open Source Initiative Terms of Service](https://opensource.org/ToS)«.
285
286 To change this text simply copy the file [/lib/tos.original.txt](https://gitlab.com/mojo42/Jirafeau/blob/master/lib/tos.original.txt), rename it to ```/lib/tos.local.txt``` and adapt it to your own needs.
287
288 If you update the installation, then only the ```tos.original.txt``` file may change eventually, not your ```tos.local.txt``` file.
289
290 ### How can I access the admin interface?
291
292 Just go to ```/admin.php```.
293
294 ### How can I use the scripting interface (API)?
295
296 Simply go to ```/script.php``` with your web browser.
297
298 ### My downloads are incomplete or my uploads fails
299
300 Be sure your PHP installation is not using safe mode, it may cause timeouts.
301
302 If you're using nginx, you might need to increase `client_max_body_size` or remove the restriction altogether. In your nginx.conf:
303
304 ```nginx
305 http {
306 # disable max upload size
307 client_max_body_size 0;
308 # add timeouts for very large uploads
309 client_header_timeout 30m;
310 client_body_timeout 30m;
311 }
312 ```
313
314 ### How can I monitor the use of my Jirafeau instance?
315
316 You may use Munin and simple scripts to collect the number of files in the Jirafeau instance as well as the disk space occupied by all the files. You can consult this [web page](https://blog.bandinelli.net/index.php?post/2016/05/15/Scripts-Munin-pour-Jirafeau).
317
318 ### Why forking?
319
320 The original project seems not to be continued anymore and I prefer to add more features and increase security from a stable version.
321
322 ### What can we expect in the future?
323
324 Check [issues](https://gitlab.com/mojo42/Jirafeau/issues) to check open bugs and incoming new stuff. :)
325
326 ### What about this file deduplication thing?
327
328 Jirafeau uses a very simple file level deduplication for storage optimization.
329
330 This mean that if some people upload several times the same file, this will only store one time the file and increment a counter.
331
332 If someone use his/her delete link or an admin cleans expired links, this will decrement the counter corresponding to the file.
333
334 When the counter falls to zero, the file is destroyed.
335
336 ### What is the difference between "delete link" and "delete file and links" in admin interface?
337
338 As explained in the previous question, files with the same md5 hash are not duplicated and a reference counter stores the number of links pointing to a single file.
339 So:
340 - The button "delete link" will delete the reference to the file but might not destroy the file.
341 - The button "delete file and links" will delete all references pointing to the file and will destroy the file.
342
343 ### How to contact someone from Jirafeau?
344
345 Feel free to create an issue if you found a bug.
346
347 ## Release notes
348
349 ### Version 1.0
350
351 The very first version of Jirafeau after the fork of Jyraphe.
352
353 - Security fix
354 - Keep uploader's ip
355 - Delete link for each upload
356 - No more clear text password storage
357 - Simple langage support
358 - Add an admin interface
359 - New Design
360 - Add term of use
361 - New path system to manage large number of files
362 - New option to show a page at download time
363 - Add option to activate or not preview mode
364
365 ### Version 1.1
366
367 - New skins
368 - Add optional server side encryption
369 - Unlimited file size upload using HTML5 file API
370 - Show speed and estimated time during upload
371 - A lot of fixes
372 - A lot of new langages
373 - Small API to upload files
374 - Limit access to Jirafeau using IP, mask, passwords
375 - Manage (some) proxy headers
376 - Configure your maximal upload size
377 - Configure file's lifetime durations
378 - Preview URL
379 - Get Jirafeau's version in admin interface
380
381 ## Version 1.2.0
382
383 - Link on API page to generate bash script
384 - More informative error codes for API
385 - Security Fix: Prevent authentication bypass for admin interface
386 - CLI script to remove expired files automatically with a cronjob
387 - SHA-256 hash the admin password
388 - New theme "elegantish"
389 - Fix for JavaScript MIME-Type, prevents blocking the resource on some servers
390 - Show download link for a file in admin interface
391 - Default time for expiration (set to 'month' by default)
392 - New expiration time: 'quarter'
393 - A lof of translation contributions
394 - Code cleanups
395
396 ## Version 2.0.0
397
398 - Various documentation improvements
399 - Simplify automatic generation of local configuration file
400 - Set a custom title
401 - Bash Script: Enhanced help, show version, return link to web view as well
402 - »Terms of Service« refactored - Enable admin to overwrite the ToS, without changing existing source code → breaking, see upgrade notes
403
404 ## Version 3.0.0
405
406 - Remove XHTML doctype, support HTML5 only → breaking change for older browsers
407 - Remove redundant code
408 - Remove baseurl usage and set absolute links instead, which for example fixes SSL issues
409 - Extend contribution guide
410 - Switch to PSR-2 code style (fix line endings, indentations, whitespaces, etc)
411 - Declare system requirements
412 - Catch API errors in upload form
413 - Allow clients to upload files depending on IP or password
414 - Set UTC as timezone to prevent date/time issues
415 - Show readable date & time information
416 - Fix UI glitches in admin panel and upload form
417
418 ## Version 3.1.0
419
420 - Fix regression on user authentication (see #113)
421 - Some cosmetic change
422
423 ## Version 3.2.0
424
425 - Update translations from Update translations from weblate
426 - Better style
427 - Fix regression on admin password setting
428
429 ## Version 3.2.1
430
431 - fix download view after an upload
432
433 ## Version 3.3.0
434
435 - Added Docker Support
436 - Added a copy button next to links to copy URLs in clipboard
437 - Now use a delete page to confirm file deletion (#136)
438 - Fixed object ProgressEvent Error (#127)
439 - Added configuration tips for web servers
440 - More translations
441 - Style fixes
442 - Removed useless alias API support (some old toy)
443
444 ## Version 3.4.0
445
446 - Add encryption support in bash script
447 - Refactoring of lang system for simpler management
448 - Removed installation step asking for language
449 - Merged weblate contributions
450 - Fixed some spelling issues
451
452 ## Version 3.4.1
453
454 - Security fixes, thanks [Bishopfox Team](https://www.bishopfox.com/)
455 - Translation fixes
456 - Docker fix
457 - Advertise javascript license for LibreJS compatibility
458 - other minor fixes
459
460 ## Version 4.0.0
461
462 - Removed plain-text password support for admin auth (breaking change).
463 - Default folder sub-division to 8 characters (breaking change).
464 - New option `upload_ip_nopassword` to allow a list of IP to access Jirafeau without password
465 - Bugfix with LibreJS
466 - Other minor bug fixes
467 - More languages supported
468
469 ## Version 4.1.0
470
471 - Fix upload password and allowed ip (#201)
472 - Code refactorisation of IP checking
473 - Fix expiration dates
474 - Add better support for Accept-Language
475 - Cosmetic fixes
476 - More languages supported and language fixes
477

patrick-canterino.de