diff --git a/README.md b/README.md index d34fa32..b1c279c 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Have any questions? Read our [FAQ](/docs/faq.md). -You can [host your own instance with Docker](/docs/local-dev.md). +You can [host your own instance with Docker](/docs/host-your-own.md). ## Support the Snapdrop Community diff --git a/docker-compose.yml b/docker-compose.yml index 1782926..08a7bcd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -19,7 +19,7 @@ services: - ./docker/openssl:/mnt/openssl ports: - "8080:80" - - "443:443" + - "8443:443" env_file: ./docker/fqdn.env entrypoint: /mnt/openssl/create.sh - command: ["nginx", "-g", "daemon off;"] \ No newline at end of file + command: ["nginx", "-g", "daemon off;"] diff --git a/docker/nginx/default.conf b/docker/nginx/default.conf index 475d29a..c5aef38 100644 --- a/docker/nginx/default.conf +++ b/docker/nginx/default.conf @@ -1,9 +1,5 @@ server { listen 80; - #server_name your.domain; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; expires epoch; @@ -17,21 +13,11 @@ server { proxy_pass http://node:3000; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-for $remote_addr; } location /ca.crt { alias /etc/ssl/certs/snapdropCA.crt; } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } } server { @@ -39,11 +25,6 @@ server { ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; - #server_name ; - - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - expires epoch; location / { @@ -56,20 +37,10 @@ server { proxy_pass http://node:3000; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-for $remote_addr; } location /ca.crt { alias /etc/ssl/certs/snapdropCA.crt; } - - #error_page 404 /404.html; - - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } } diff --git a/docs/host-your-own.md b/docs/host-your-own.md new file mode 100644 index 0000000..a8d5232 --- /dev/null +++ b/docs/host-your-own.md @@ -0,0 +1,226 @@ +# Local Development +## Install + +First, [Install docker with docker-compose.](https://docs.docker.com/compose/install/) + +Then, clone the repository and run docker-compose: +```shell + git clone https://github.com/RobinLinus/snapdrop.git +``` +```shell + cd snapdrop +``` +```shell + docker-compose up -d +``` +Now point your browser to `http://localhost:8080`. + +- To restart the containers run `docker-compose restart`. +- To stop the containers run `docker-compose stop`. +- To debug the NodeJS server run `docker logs snapdrop_node_1`. + + +## Run locally by pulling image from Docker Hub + +Have docker installed, then use the command: +```shell + docker pull linuxserver/snapdrop +``` + +To run the image, type (if port 8080 is occupied by host use another random port :80): +```shell + docker run -d -p 8080:80 linuxserver/snapdrop +``` + +
+ +## Testing PWA related features +PWAs require that the app is served under a correctly set up and trusted TLS endpoint. + +The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation. + +If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://:8080/ca.crt`. Install that certificate to the trust store of your operating system. +- On Windows, make sure to install it to the `Trusted Root Certification Authorities` store. +- On MacOS, double click the installed CA certificate in `Keychain Access`, expand `Trust`, and select `Always Trust` for SSL. +- Firefox uses its own trust store. To install the CA, point Firefox at `http://:8080/ca.crt`. When prompted, select `Trust this CA to identify websites` and click OK. +- When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data). + +Please note that the certificates (CA and webserver cert) expire after a day. +Also, whenever you restart the nginx docker, container new certificates are created. + +The site is served on `https://:8443`. + + +# Deployment Notes +The client expects the server at http(s)://your.domain/server. + +When serving the node server behind a proxy, the `X-Forwarded-For` header has to be set by the proxy. Otherwise, all clients that are served by the proxy will be mutually visible. + +## Deployment with node +By default, the node server listens on port 3000. + +Use nginx or apache to set the header correctly: + +### Using nginx +``` +server { + listen 80; + + expires epoch; + + location / { + root /var/www/snapdrop/client; + index index.html index.htm; + } + + location /server { + proxy_connect_timeout 300; + proxy_pass http://node:3000; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-for $remote_addr; + } +} + +server { + listen 443 ssl http2; + ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; + ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; + + expires epoch; + + location / { + root /var/www/snapdrop/client; + index index.html; + } + + location /server { + proxy_connect_timeout 300; + proxy_pass http://node:3000; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-for $remote_addr; + } +} +``` + +### Using Apache +``` + + DocumentRoot "/var/www/snapdrop/client" + DirectoryIndex index.html + + RewriteEngine on + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "ws://127.0.0.1:3000/$1" [P,L] + + + DocumentRoot "/var/www/snapdrop/client" + DirectoryIndex index.html + + RewriteEngine on + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "wws://127.0.0.1:3000/$1" [P,L] + +``` + +## Deployment with Docker +The easiest way to get snapdrop up and running is by using Docker. + +By default, docker listens on ports 8080 (http) and 8443 (https) (specified in `docker-compose.yml`). + +When running Snapdrop via Docker, the `X-Forwarded-For` header has to be set by a proxy. Otherwise, all clients will be mutually visible. + +### Installation +[See Local Development > Install](#install) + +Use nginx or apache to set the header correctly: + +### Using nginx +(This differs from the config under `/docker/nginx/default.conf) +``` +server { + listen 80; + + expires epoch; + + location / { + proxy_connect_timeout 300; + proxy_pass http://127.0.0.1:8080; + } + + location /server { + proxy_connect_timeout 300; + proxy_pass http://127.0.0.1:8080; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-for $remote_addr; + } +} + +server { + listen 443 ssl http2; + ssl_certificate /etc/ssl/certs/snapdrop-dev.crt; + ssl_certificate_key /etc/ssl/certs/snapdrop-dev.key; + + expires epoch; + + location / { + proxy_connect_timeout 300; + proxy_pass http://127.0.0.1:443; + } + + location /server { + proxy_connect_timeout 300; + proxy_pass http://127.0.0.1:443; + proxy_set_header Connection "upgrade"; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header X-Forwarded-for $remote_addr; + } +} +``` + +### Using Apache +install modules `proxy`, `proxy_http`, `mod_proxy_wstunnel` +```shell +a2enmod proxy +``` +```shell +a2enmod proxy_http +``` +```shell +a2enmod proxy_wstunnel +``` + +
+ +Create a new configuration file under `/etc/apache2/sites-available` (on debian) + +**snapdrop.conf** +``` + + ProxyPass / http://127.0.0.1:8080/ + RewriteEngine on + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "ws://127.0.0.1:8080/$1" [P,L] + + + ProxyPass / https://127.0.0.1:8443/ + RewriteEngine on + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "wws://127.0.0.1:8443/$1" [P,L] + +``` +Activate the new virtual host and reload apache: +```shell +a2ensite snapdrop +``` +```shell +service apache2 reload +``` + +[< Back](/README.md) diff --git a/docs/local-dev.md b/docs/local-dev.md deleted file mode 100644 index 39f19d9..0000000 --- a/docs/local-dev.md +++ /dev/null @@ -1,61 +0,0 @@ -# Local Development -## Install - -First, [Install docker with docker-compose.](https://docs.docker.com/compose/install/) - -Then, clone the repository: -``` - git clone https://github.com/RobinLinus/snapdrop.git - cd snapdrop - docker-compose up -d -``` -Now point your browser to `http://localhost:8080`. - -- To restart the containers run `docker-compose restart`. -- To stop the containers run `docker-compose stop`. -- To debug the NodeJS server run `docker logs snapdrop_node_1`. - - -## Run locally by pulling image from Docker Hub - -Have docker installed, then use the command: -``` - docker pull linuxserver/snapdrop -``` - -To run the image, type (if port 8080 is occupied by host use another random port :80): -``` - docker run -d -p 8080:80 linuxserver/snapdrop -``` - - - - - - -## Testing PWA related features -PWAs require that the app is served under a correctly set up and trusted TLS endpoint. - -The nginx container creates a CA certificate and a website certificate for you. To correctly set the common name of the certificate, you need to change the FQDN environment variable in `docker/fqdn.env` to the fully qualified domain name of your workstation. - -If you want to test PWA features, you need to trust the CA of the certificate for your local deployment. For your convenience, you can download the crt file from `http://:8080/ca.crt`. Install that certificate to the trust store of your operating system. -- On Windows, make sure to install it to the `Trusted Root Certification Authorities` store. -- On MacOS, double click the installed CA certificate in `Keychain Access`, expand `Trust`, and select `Always Trust` for SSL. -- Firefox uses its own trust store. To install the CA, point Firefox at `http://:8080/ca.crt`. When prompted, select `Trust this CA to identify websites` and click OK. -- When using Chrome, you need to restart Chrome so it reloads the trust store (`chrome://restart`). Additionally, after installing a new cert, you need to clear the Storage (DevTools -> Application -> Clear storage -> Clear site data). - -Please note that the certificates (CA and webserver cert) expire after a day. -Also, whenever you restart the nginx docker, container new certificates are created. - -The site is served on `https://:443`. -     -## Deployment Notes -The client expects the server at http(s)://your.domain/server. - -When serving the node server behind a proxy, the `X-Forwarded-For` header has to be set by the proxy. Otherwise, all clients that are served by the proxy will be mutually visible. - -By default, the server listens on port 3000. - -For an nginx configuration example, see `docker/nginx/default.conf`. - -[< Back](/README.md)