2022-12-22 01:03:24 +01:00
# Deployment Notes
2023-02-20 00:17:55 +01:00
The easiest way to get PairDrop up and running is by using Docker.
2023-02-26 08:35:19 +01:00
## Deployment with Docker
### Docker Image from Docker Hub
2023-02-20 00:17:55 +01:00
```bash
docker run -d --restart=unless-stopped --name=pairdrop -p 127.0.0.1:3000:3000 lscr.io/linuxserver/pairdrop
```
2023-02-26 08:35:19 +01:00
2023-02-20 00:17:55 +01:00
> You must use a server proxy to set the X-Forwarded-For to prevent all clients from discovering each other (See [#HTTP-Server](#http-server)).
>
2023-02-26 08:35:19 +01:00
> To prevent bypassing the proxy by reaching the docker container directly, `127.0.0.1` is specified in the run command.
2023-02-20 00:17:55 +01:00
2023-02-26 21:28:17 +01:00
#### Options / Flags
2023-02-20 00:17:55 +01:00
Set options by using the following flags in the `docker run` command:
2023-02-26 21:28:17 +01:00
##### Port
2023-02-24 18:08:48 +01:00
```bash
2023-02-20 00:17:55 +01:00
-p 127.0.0.1:8080:3000
```
> Specify the port used by the docker image
> - 3000 -> `-p 127.0.0.1:3000:3000`
> - 8080 -> `-p 127.0.0.1:8080:3000`
2023-02-26 21:28:17 +01:00
##### Rate limiting requests
2023-02-20 00:17:55 +01:00
```
-e RATE_LIMIT=true
```
2023-02-26 21:28:17 +01:00
> Limits clients to 1000 requests per 5 min
2023-02-20 00:17:55 +01:00
2023-02-26 21:28:17 +01:00
##### Websocket Fallback (for VPN)
2023-02-24 18:08:48 +01:00
```bash
2023-02-20 00:17:55 +01:00
-e WS_FALLBACK=true
```
> Provides PairDrop to clients with an included websocket fallback if the peer to peer WebRTC connection is not available to the client.
>
> This is not used on the official https://pairdrop.net, but you can activate it on your self-hosted instance.
> This is especially useful if you connect to your instance via a VPN as most VPN services block WebRTC completely in order to hide your real IP address ([read more](https://privacysavvy.com/security/safe-browsing/disable-webrtc-chrome-firefox-safari-opera-edge/)).
>
> **Warning:** All traffic sent between devices using this fallback is routed through the server and therefor not peer to peer!
> Beware that the traffic routed via this fallback is readable by the server. Only ever use this on instances you can trust.
> Additionally, beware that all traffic using this fallback debits the servers data plan.
2023-03-03 18:28:49 +01:00
##### Specify STUN/TURN Servers
2023-02-24 18:08:48 +01:00
```bash
-e RTC_CONFIG="rtc_config.json"
```
> Specify the STUN/TURN servers PairDrop clients use by setting `RTC_CONFIG` to a JSON file including the configuration.
> You can use `pairdrop/rtc_config_example.json` as a starting point.
>
> Default configuration:
> ```json
> {
> "sdpSemantics": "unified-plan",
> "iceServers": [
> {
> "urls": "stun:stun.l.google.com:19302"
> },
> {
> "urls": "stun:openrelay.metered.ca:80"
> },
> {
> "urls": "turn:openrelay.metered.ca:443",
> "username": "openrelayproject",
> "credential": "openrelayproject"
> }
> ]
> }
> ```
2023-02-20 00:17:55 +01:00
< br >
2023-02-26 08:35:19 +01:00
### Docker Image from GHCR
```bash
docker run -d --restart=unless-stopped --name=pairdrop -p 127.0.0.1:3000:3000 ghcr.io/schlagmichdoch/pairdrop npm run start:prod
```
> You must use a server proxy to set the X-Forwarded-For to prevent all clients from discovering each other (See [#HTTP-Server](#http-server)).
>
> To prevent bypassing the proxy by reaching the docker container directly, `127.0.0.1` is specified in the run command.
>
> To specify options replace `npm run start:prod` according to [the documentation below.](#options--flags-1)
### Docker Image self-built
#### Build the image
2023-02-20 00:17:55 +01:00
```bash
docker build --pull . -f Dockerfile -t pairdrop
```
> A GitHub action is set up to do this step automatically.
>
> `--pull` ensures always the latest node image is used.
2023-02-26 08:35:19 +01:00
#### Run the image
2023-02-20 00:17:55 +01:00
```bash
docker run -d --restart=unless-stopped --name=pairdrop -p 127.0.0.1:3000:3000 -it pairdrop npm run start:prod
```
> You must use a server proxy to set the X-Forwarded-For to prevent all clients from discovering each other (See [#HTTP-Server](#http-server)).
>
2023-02-26 08:35:19 +01:00
> To prevent bypassing the proxy by reaching the docker container directly, `127.0.0.1` is specified in the run command.
2023-02-20 00:17:55 +01:00
>
2023-02-26 08:35:19 +01:00
> To specify options replace `npm run start:prod` according to [the documentation below.](#options--flags-1)
< br >
2023-02-22 05:42:41 +01:00
## Deployment with Docker Compose
Here's an example docker-compose file:
```yaml
version: "2"
services:
pairdrop:
image: lscr.io/linuxserver/pairdrop:latest
container_name: pairdrop
restart: unless-stopped
environment:
- PUID=1000 # UID to run the application as
- PGID=1000 # GID to run the application as
- WS_FALLBACK=false # Set to true to enable websocket fallback if the peer to peer WebRTC connection is not available to the client.
2023-02-26 21:28:17 +01:00
- RATE_LIMIT=false # Set to true to limit clients to 1000 requests per 5 min.
2023-02-22 05:42:41 +01:00
- TZ=Etc/UTC # Time Zone
ports:
2023-02-26 08:35:19 +01:00
- 127.0.0.1:3000:3000 # Web UI
2023-02-22 05:42:41 +01:00
```
Run the compose file with `docker compose up -d` .
2023-02-20 00:17:55 +01:00
> You must use a server proxy to set the X-Forwarded-For to prevent all clients from discovering each other (See [#HTTP-Server](#http-server)).
>
2023-02-26 08:35:19 +01:00
> To prevent bypassing the proxy by reaching the docker container directly, `127.0.0.1` is specified in the run command.
< br >
2022-12-22 01:03:24 +01:00
## Deployment with node
2023-01-11 14:21:54 +01:00
```bash
2023-02-10 12:43:16 +01:00
git clone https://github.com/schlagmichdoch/PairDrop.git & & cd PairDrop
2023-01-11 14:21:54 +01:00
```
Install all dependencies with NPM:
```bash
npm install
```
Start the server with:
```bash
2023-02-14 02:41:06 +01:00
node index.js
2023-01-11 14:21:54 +01:00
```
or
```bash
npm start
```
> Remember to check your IP Address using your OS command to see where you can access the server.
> By default, the node server listens on port 3000.
2023-02-10 20:22:36 +01:00
< br >
2023-02-14 02:41:06 +01:00
### Environment variables
#### Port
On Unix based systems
```bash
PORT=3010 npm start
```
On Windows
```bash
$env:PORT=3010; npm start
```
> Specify the port PairDrop is running on. (Default: 3000)
2023-02-24 18:08:48 +01:00
#### Specify STUN/TURN Server
On Unix based systems
```bash
RTC_CONFIG="rtc_config.json" npm start
```
On Windows
```bash
$env:RTC_CONFIG="rtc_config.json"; npm start
```
> Specify the STUN/TURN servers PairDrop clients use by setting `RTC_CONFIG` to a JSON file including the configuration.
> You can use `pairdrop/rtc_config_example.json` as a starting point.
>
> Default configuration:
> ```json
> {
> "sdpSemantics": "unified-plan",
> "iceServers": [
> {
> "urls": "stun:stun.l.google.com:19302"
> },
> {
> "urls": "stun:openrelay.metered.ca:80"
> },
> {
> "urls": "turn:openrelay.metered.ca:443",
> "username": "openrelayproject",
> "credential": "openrelayproject"
> }
> ]
> }
> ```
2023-02-14 02:41:06 +01:00
### Options / Flags
#### Local Run
```bash
npm start -- --localhost-only
```
> Only allow connections from localhost.
>
2023-02-20 00:17:55 +01:00
> You must use a server proxy to set the X-Forwarded-For to prevent all clients from discovering each other (See [#HTTP-Server](#http-server)).
>
2023-02-26 08:35:19 +01:00
> Use this when deploying PairDrop with node to prevent bypassing the proxy by reaching the docker container directly.
2023-02-14 02:41:06 +01:00
2023-01-11 14:21:54 +01:00
#### Automatic restart on error
```bash
npm start -- --auto-restart
```
2023-02-10 20:22:36 +01:00
> Restarts server automatically on error
< br >
#### Rate limiting requests
2023-01-11 14:21:54 +01:00
```bash
npm start -- --rate-limit
```
2023-02-26 21:28:17 +01:00
> Limits clients to 1000 requests per 5 min
2023-02-10 20:22:36 +01:00
< br >
#### Websocket Fallback (for VPN)
```bash
npm start -- --include-ws-fallback
```
> Provides PairDrop to clients with an included websocket fallback if the peer to peer WebRTC connection is not available to the client.
>
2023-02-20 00:17:55 +01:00
> This is not used on the official https://pairdrop.net, but you can activate it on your self-hosted instance.
2023-02-10 20:22:36 +01:00
> This is especially useful if you connect to your instance via a VPN as most VPN services block WebRTC completely in order to hide your real IP address ([read more](https://privacysavvy.com/security/safe-browsing/disable-webrtc-chrome-firefox-safari-opera-edge/)).
>
> **Warning:** All traffic sent between devices using this fallback is routed through the server and therefor not peer to peer!
> Beware that the traffic routed via this fallback is readable by the server. Only ever use this on instances you can trust.
> Additionally, beware that all traffic using this fallback debits the servers data plan.
< br >
2023-01-11 14:21:54 +01:00
#### Production (autostart and rate-limit)
```bash
2023-02-10 20:22:36 +01:00
npm run start:prod
2023-01-11 14:21:54 +01:00
```
2023-02-14 02:41:06 +01:00
#### Production (autostart, rate-limit, localhost-only and websocket fallback for VPN)
2023-02-14 01:16:25 +01:00
```bash
2023-02-14 02:41:06 +01:00
npm run start:prod -- --localhost-only --include-ws-fallback
2023-02-14 01:16:25 +01:00
```
2023-02-20 00:17:55 +01:00
> To prevent connections to the node server from bypassing the proxy server you should always use "--localhost-only" on production.
2022-12-22 01:03:24 +01:00
2023-02-12 02:30:07 +01:00
## HTTP-Server
When running PairDrop, the `X-Forwarded-For` header has to be set by a proxy. Otherwise, all clients will be mutually visible.
2022-12-22 01:03:24 +01:00
### Using nginx
2023-02-10 12:43:16 +01:00
#### Allow http and https requests
2022-12-22 01:03:24 +01:00
```
server {
listen 80;
expires epoch;
location / {
proxy_connect_timeout 300;
2023-02-12 02:30:07 +01:00
proxy_pass http://127.0.0.1:3000;
2022-12-22 01:03:24 +01:00
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
server {
listen 443 ssl http2;
2023-01-10 17:22:36 +01:00
ssl_certificate /etc/ssl/certs/pairdrop-dev.crt;
ssl_certificate_key /etc/ssl/certs/pairdrop-dev.key;
2022-12-22 01:03:24 +01:00
expires epoch;
location / {
proxy_connect_timeout 300;
2023-02-12 02:30:07 +01:00
proxy_pass http://127.0.0.1:3000;
2023-02-10 12:43:16 +01:00
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
2022-12-22 01:03:24 +01:00
}
2023-02-10 12:43:16 +01:00
}
```
2023-02-12 02:30:07 +01:00
2023-02-10 12:43:16 +01:00
#### Automatic http to https redirect:
```
server {
listen 80;
expires epoch;
location / {
2023-02-12 02:30:07 +01:00
return 301 https://$host:3000$request_uri;
2023-02-10 12:43:16 +01:00
}
}
2022-12-22 01:03:24 +01:00
2023-02-10 12:43:16 +01:00
server {
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/pairdrop-dev.crt;
ssl_certificate_key /etc/ssl/certs/pairdrop-dev.key;
expires epoch;
location / {
2022-12-22 01:03:24 +01:00
proxy_connect_timeout 300;
2023-02-12 02:30:07 +01:00
proxy_pass http://127.0.0.1:3000;
2022-12-22 01:03:24 +01:00
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-for $remote_addr;
}
}
```
### Using Apache
install modules `proxy` , `proxy_http` , `mod_proxy_wstunnel`
2023-02-24 18:08:48 +01:00
```bash
2022-12-22 01:03:24 +01:00
a2enmod proxy
```
2023-02-24 18:08:48 +01:00
```bash
2022-12-22 01:03:24 +01:00
a2enmod proxy_http
```
2023-02-24 18:08:48 +01:00
```bash
2022-12-22 01:03:24 +01:00
a2enmod proxy_wstunnel
```
< br >
Create a new configuration file under `/etc/apache2/sites-available` (on debian)
2023-01-10 17:22:36 +01:00
**pairdrop.conf**
2023-02-10 12:43:16 +01:00
#### Allow http and https requests
2023-02-24 18:08:48 +01:00
```apacheconf
2022-12-22 01:03:24 +01:00
< VirtualHost * :80 >
2023-02-12 02:30:07 +01:00
ProxyPass / http://127.0.0.1:3000/
2022-12-22 01:03:24 +01:00
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
2023-02-12 02:30:07 +01:00
RewriteRule ^/?(.*) "ws://127.0.0.1:3000/$1" [P,L]
2022-12-22 01:03:24 +01:00
< / VirtualHost >
< VirtualHost * :443 >
2023-02-12 02:30:07 +01:00
ProxyPass / https://127.0.0.1:3000/
2022-12-22 01:03:24 +01:00
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
2023-02-12 02:30:07 +01:00
RewriteRule ^/?(.*) "wws://127.0.0.1:3000/$1" [P,L]
2022-12-22 01:03:24 +01:00
< / VirtualHost >
```
2023-02-10 12:43:16 +01:00
#### Automatic http to https redirect:
2023-02-24 18:08:48 +01:00
```apacheconf
2023-02-10 12:43:16 +01:00
< VirtualHost * :80 >
2023-02-12 02:30:07 +01:00
Redirect permanent / https://127.0.0.1:3000/
2023-02-10 12:43:16 +01:00
< / VirtualHost >
< VirtualHost * :443 >
2023-02-12 02:30:07 +01:00
ProxyPass / https://127.0.0.1:3000/
2023-02-10 12:43:16 +01:00
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
2023-02-12 02:30:07 +01:00
RewriteRule ^/?(.*) "wws://127.0.0.1:3000/$1" [P,L]
2023-02-10 12:43:16 +01:00
< / VirtualHost >
```
2022-12-22 01:03:24 +01:00
Activate the new virtual host and reload apache:
2023-02-24 18:08:48 +01:00
```bash
2023-01-10 17:22:36 +01:00
a2ensite pairdrop
2022-12-22 01:03:24 +01:00
```
2023-02-24 18:08:48 +01:00
```bash
2022-12-22 01:03:24 +01:00
service apache2 reload
```
2023-02-12 02:30:07 +01:00
# Local Development
## Install
All files needed for developing are available on the branch `dev` .
First, [Install docker with docker-compose. ](https://docs.docker.com/compose/install/ )
Then, clone the repository and run docker-compose:
2023-02-24 18:08:48 +01:00
```bash
2023-02-12 02:30:07 +01:00
git clone https://github.com/schlagmichdoch/PairDrop.git
cd PairDrop
git checkout dev
docker-compose up -d
```
Now point your browser to `http://localhost:8080` .
- To restart the containers run `docker-compose restart` .
- To stop the containers run `docker-compose stop` .
- To debug the NodeJS server run `docker logs pairdrop_node_1` .
< br >
## Testing PWA related features
PWAs require that the app is served under a correctly set up and trusted TLS endpoint.
The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation.
If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://<Your FQDN>:8080/ca.crt` . Install that certificate to the trust store of your operating system.
- On Windows, make sure to install it to the `Trusted Root Certification Authorities` store.
2023-02-24 18:08:48 +01:00
- On macOS, double-click the installed CA certificate in `Keychain Access` , expand `Trust` , and select `Always Trust` for SSL.
2023-02-12 02:30:07 +01:00
- Firefox uses its own trust store. To install the CA, point Firefox at `http://<Your FQDN>:8080/ca.crt` . When prompted, select `Trust this CA to identify websites` and click OK.
- When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data).
Please note that the certificates (CA and webserver cert) expire after a day.
Also, whenever you restart the nginx docker, container new certificates are created.
The site is served on `https://<Your FQDN>:8443` .
2022-12-22 01:03:24 +01:00
[< Back ](/README.md )