Lufi是一个支持E2E加密的文件上传工具,用户上传的所有文件都由浏览器进行加密,Lufi的实例管理员也无法得知你上传的是什么文件。
下面在Debian10上安装一下:
apt -y update apt -y install build-essential libssl-dev libio-socket-ssl-perl liblwp-protocol-https-perl nginx python-certbot-nginx git
安装Carton:
cpan Carton
程序支持SQLite/MySQL/PostgreSQL作为数据库,这里直接使用SQLite,所以就不需要安装其他的依赖了。
拉取源码/复制一份配置文件/给予正确的权限/:
cd /opt git clone https://framagit.org/fiat-tux/hat-softwares/lufi.git cp lufi/lufi.conf.template lufi/lufi.conf chown -R www-data:www-data lufi cd lufi
安装/编辑配置文件:
carton install --deployment --without=test --without=postgresql --without=mysql --without=ldap --without=htpasswd nano lufi.conf
至少取消下面贴出来的注释,还有很多其他的配置可以自己根据配置文件里的说明更改:
{ #################### # Hypnotoad settings #################### # see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings hypnotoad => { # array of IP addresses and ports you want to listen to # you can specify a unix socket too, like 'http+unix://%2Ftmp%2Flufi.sock' listen => ['http://127.0.0.1:8081'], # if you use Lufi behind a reverse proxy like Nginx, you want to set proxy to 1 # if you use Lufi directly, let it commented proxy => 1, # Please read http://mojolicious.org/perldoc/Mojo/Server/Hypnotoad#workers # to adjust this to your server workers => 30, clients => 1, }, # Put a way to contact you here and uncomment it # You can put some HTML in it # MANDATORY contact => 'Contact page', # Put an URL or an email address to receive file reports and uncomment it # It's for make reporting illegal files easy for users # MANDATORY report => '[email protected]', # Array of random strings used to encrypt cookies # optional, default is ['fdjsofjoihrei'], PLEASE, CHANGE IT secrets => ['fdjsofjoihrei'], # Name of the instance, displayed next to the logo # optional, default is Lufi instance_name => 'Lufi', # Choose a theme. See the available themes in `themes` directory # Optional, default is 'default' theme => 'default', # Length of the random URL # optional, default is 8 length => 8, # How many URLs will be provisioned in a batch ? # optional, default is 5 provis_step => 5, # Max number of URLs to be provisioned # optional, default is 100 provisioning => 100, # Length of the modify/delete token # optional, default is 32 token_length => 32, # Max file size, in octets # You can write it 100*1024*1024 # optional, no default max_file_size => 104857600, ############# # DB settings ############# # Choose what database you want to use # Valid choices are sqlite, postgresql and mysql (all lowercase) # optional, default is sqlite dbtype => 'sqlite', # SQLite ONLY - only used if dbtype is set to sqlite # Define a path to the SQLite database # You can define it relative to lufi directory or set an absolute path # Remember that it has to be in a directory writable by Lufi user # optional, default is lufi.db db_path => 'lufi.db', };
新建systemd服务文件:
nano /etc/systemd/system/lufi.service
写入如下配置:
[Unit] Description=File hosting service with encryption Documentation=https://framagit.org/luc/lufi Requires=network.target After=network.target [Service] Type=forking User=www-data RemainAfterExit=yes WorkingDirectory=/opt/lufi/ PIDFile=/opt/lufi/script/hypnotoad.pid ExecStart=/usr/local/bin/carton exec hypnotoad script/lufi ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lufi ExecReload=/usr/local/bin/carton exec hypnotoad script/lufi [Install] WantedBy=multi-user.target
启动/设置开机启动:
systemctl start lufi.service systemctl enable lufi.service nginx.service
新建一个nginx站点配置文件:
nano /etc/nginx/conf.d/lufi.conf
写入如下内容:
server { listen 80; # Adapt this to your domain! server_name poof.233.fi; location / { # Add cache for static files if ($request_uri ~* ^/(img|css|font|js)/) { add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT"; add_header Cache-Control "public, max-age=315360000"; } # HTTPS only header, improves security #add_header Strict-Transport-Security "max-age=15768000"; # Adapt this to your configuration (port, subdirectory (see below)) proxy_pass http://127.0.0.1:8081; # Really important! Lufi uses WebSocket, it won't work without this proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # If you want to log the remote port of the file senders, you'll need that proxy_set_header X-Remote-Port $remote_port; proxy_set_header X-Forwarded-Proto $scheme; # We expect the downstream servers to redirect to the right hostname, so don't do any rewrites here. proxy_redirect off; } }
检查你的nginx配置有没有错误:
nginx -t
没有问题的话使用certbot签发一个ssl证书:
certbot --nginx --agree-tos --no-eff-email --email [email protected]
打开你的域名应该可以访问到程序界面了:
上传的文件如果要下载必须先解密:
而服务器内存储的数据是加密的,管理员也看不见你上传的文件具体内容:
LALA
我什么都不卖了,告辞!
最新评论
5211314
能不能教我 一点不会