diff --git a/readme.md b/readme.md index 2e20527..5954bc2 100644 --- a/readme.md +++ b/readme.md @@ -41,7 +41,7 @@ release images are pushed to [dockerhub](https://hub.docker.com/r/pldubouilh/gos % sudo docker run -v ~/LocalDirToShare:/shared -p 8001:8001 pldubouilh/gossa ``` -in a do-one-thing-well mindset, HTTPS and authentication has been left to middlewares and proxies. for instance [caddy](https://caddyserver.com/) handles this very well - have a look at this small [caddy config](https://github.com/pldubouilh/gossa/blob/master/support/Caddyfile) with authentication and option for HTTPS that works along with gossa. +in a do-one-thing-well mindset, HTTPS and authentication has been left to middlewares and proxies. [this sample caddy config](https://github.com/pldubouilh/gossa/blob/master/support/) shows how to quickly get a multi user setup along with https. ### shortcuts the default UI is fully usable by through keyboard/UI shortcuts - press `Ctrl/Cmd + h` to see them all. diff --git a/support/Caddyfile b/support/Caddyfile deleted file mode 100644 index 05f97ee..0000000 --- a/support/Caddyfile +++ /dev/null @@ -1,8 +0,0 @@ -# Caddy config -# to enable https just set a valid domain (e.g. mydomain.com) instead of :8080 - how simple ! -# authentication has been setup with 2 users, alice and bob - -:8080 -basicauth / alice paul -basicauth / bob dylan -proxy / 127.0.0.1:8001 \ No newline at end of file diff --git a/support/caddy.Dockerfile b/support/caddy.Dockerfile deleted file mode 100644 index 6773196..0000000 --- a/support/caddy.Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM pldubouilh/gossa - -RUN apk update && apk add curl ca-certificates caddy - -ENV UID="1000" GID="1000" HOST="127.0.0.1" PORT="8001" PREFIX="/" FOLLOW_SYMLINKS="false" SKIP_HIDDEN_FILES="true" DATADIR="/shared" -EXPOSE 443 -RUN echo -e 'exec su-exec ${UID}:${GID} /gossa -h ${HOST} -p ${PORT} -k=${SKIP_HIDDEN_FILES} --symlinks=${FOLLOW_SYMLINKS} --prefix=${PREFIX} ${DATADIR} & \n caddy' > /start.sh -ENTRYPOINT [ "sh", "/start.sh" ] diff --git a/support/readme.md b/support/readme.md index 39c141d..a074c12 100644 --- a/support/readme.md +++ b/support/readme.md @@ -1,3 +1,92 @@ +## multi-account setup + +authentication / user routing has been left out of the design of gossa, as simple tools are already available for this purpose. + +### example 1 root, multiple read-only users + +this sample caddy config will + + enable https on the domain myserver.com + + password protect the access + + route the root user requests to 1 gossa instance + + route user1 and user2 requests to a readonly gossa instance + +```sh +myserver.com + +# proxy regular and read only instance +proxy / 127.0.0.1:8001 +proxy /ro 127.0.0.1:8002 { without /ro } + +# reroute non-root user to read-only +# cm9... is the output of `printf "root:password" | base64` +rewrite { + if {>Authorization} not "Basic cm9vdDpwYXNzd29yZA==" + to /ro/{path} +} + +# gate access +basicauth / root password +basicauth / ro_user1 passworduser1 +basicauth / ro_user2 passworduser2 +``` + +then simply start the 2 gossa instances, and caddy + +```sh +# start an instance in readonly +% ./gossa -ro=true -p 8002 ~/folder & + +# start an instance with access to hidden files +% ./gossa -k=false -p 8001 ~/folder & + +# start caddy +% ./caddy +``` + +### example 2 users on 2 different folders + +this sample caddy config will + + enable https on the domain myserver.com + + password protect the access + + route user1 to own folder + + route user2 to own folder + + share a folder between 2 users with a symlink + +```sh +myserver.com + +proxy /user1 127.0.0.1:8001 { without /user1 } +proxy /user2 127.0.0.1:8002 { without /user2 } + +basicauth / user1 passworduser1 +basicauth / user2 passworduser2 + +rewrite { + if {>Authorization} is "Basic dXNlcjE6cGFzc3dvcmR1c2VyMQ==" + to /user1/{path} +} + +rewrite { + if {>Authorization} is "Basic dXNlcjI6cGFzc3dvcmR1c2VyMg==" + to /user2/{path} +} +``` + +start 2 gossa instances, and caddy + +```sh +# create symlink to share folder between 2 users +% ln -s /path/shared test/user1 +% ln -s /path/shared test/user2 + +# start gossa & caddy +% ./gossa -p 8001 -symlinks=true test/user1 & +% ./gossa -p 8002 -symlinks=true test/user2 & +% ./caddy +``` + +## docker + the master branch is automatically built and pushed to [dockerhub](https://hub.docker.com/r/pldubouilh/gossa) under `pldubouilh/gossa`. ```sh @@ -15,13 +104,4 @@ if you prefer building the image yourself : the options are settable through environment variables that can be passed starting off the docker image. -a fancy docker image using [Caddy](https://caddyserver.com/) is also provided. have a look at the simple config file `Caddyfile`, it shows how to use http basic authentication, and automatic TLS for hands-free https 🎉 - -```sh -# checkout the caddy config, build, and run docker image -% vim caddy.Dockerfile -% docker build -t gossa-caddy -f caddy.Dockerfile . -% sudo docker run -v ~/LocalDirToShare:/shared -v `pwd`/Caddyfile:/Caddyfile --net=host gossa-caddy -``` - a docker-compose example image is also provided. running docker compose should be straightforward : `docker-compose up .` have a look in `docker-compose.yml` for further configuration. \ No newline at end of file