-
Prerequisites
- MongoDB.
- Redis.
- MinIO.
- ClamAV (Optional)
- Node.js v12 or later.
carbon-now-cli
npm package- Package-Config, Pixman Dev Library, Cairo Dev Libirary, PangoCairo Dev Lbrary, Jpeg Dev Library
- Web Authentication Provider
- Web Authentication Token Service
- Pulibc URL of Web-File-Uploader in this document is
www.example.com
- Public URL of Web Authentication Provider in this document is
auth.example.com
- Public URL of Web Authentication Token Service in this document is
token.example.com
-
If you want to run MongoDB locally, you can use the official binary repository or docker.
docker volume create --name=mongodata docker run -p 27017:27017 --name mongo -v mongodata:/data/db -d mongo
-
Or you can also use MongoDB Atlas
You can use your distribution package or docker.
docker volume create --name=redisdata
docker run -p 6379:6379 --name redis -v redisdata:/data -d redis redis-server --appendonly yes
You can use the official binary or docker.
docker volume create --name=miniodata
docker run -p 9000:9000 -e MINIO_ACCESS_KEY=CHANGE_ME_ACCESS_KEY -e MINIO_SECRET_KEY=CHANGE_ME_SECRET_KEY --name minio -v miniodata:/data -d minio/minio server /data
Refer to the official page.
If you want to scan any uploaded files, you can use ClamAV of your distribution package or docker.
# the port is set to 9001 because 9000 is used by minio by default
docker run -p 9001:9000 --name clamav -d niilo/clamav-rest
# this takes a while to start up, monitor progress with `docker logs clamav`
-
Clone the repository of Authentication Provider.
git clone https://github.com/femto-apps/web-authentication-provider.git provider
-
cd provider
-
Copy
config.default.js
toconfig.js
-
Edit
config.js
. Change the Mongo URI to point to your MongoDB server, and replace all secrets with random strings.- Example
module.exports = { port: 3001, mongo: { uri: 'mongodb://user:password@localhost:27017/', db: 'authenticationProvider' }, redis: { // url: 'redis://127.0.0.1:6379/0', host: '127.0.0.1', port: 6379, db: 0, session: 'sessions' }, cookie: { maxAge: 1000 * 60 * 60 * 24 * 7 * 4, // 28 days secret: 'REPLACE THIS WITH A RANDOM STRING', name: 'provider' }, session: { secret: 'REPLACE THIS WITH A RANDOM STRING' }, title: { suffix: 'Femto Authentication Provider' // You can replace this with your favorite title }, favicon: 'public/images/favicon/favicon.ico', }
-
Run
npm install
-
Run
node index.js
When your system uses systemd, refer the following sample.
[Unit] Description=Web Authentication Provider After=network.target Before=apache2.service [Service] User=user WorkingDirectory=/path/to/provider Environment=NODE_ENV=production ExecStart=/usr/bin/node index.js Restart=always [Install] WantedBy=multi-user.target
-
Configure your web server.
- Example for Apache
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName auth.example.com ServerAdmin [email protected] SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf RequestHeader set X-Forwarded-Proto "https" ProxyPreserveHost On ProxyPass / http://127.0.0.1:3001/ ProxyPassReverse / http://127.0.0.1:3001/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> </IfModule>
- Example for Caddy
auth.example.com { proxy / localhost:3001 }
-
Access
https://auth.example.com/consumer/add
via your browser. -
Enter
Name
,Description
andRedirects
butRedirects
is as below:https://www.example.com/login_callback
-
If you got
...does not appear to be a URL
message, please refer femto-apps/web-authentication-provider#8 -
When submitting above, you'll get authentication informations as JSON format. You MUST pick up
uuid
asConsumerId
-
clone the repository of Web Authntication Token Service
git clone https://github.com/femto-apps/web-authentication-token-service.git token
-
cd token
-
Copy
config.default.js
toconfig.js
-
Edit
config.js
if needed- Example
module.exports = { port: 4500, redis: { // url: 'redis://127.0.0.1:6379/0', host: '127.0.0.1', port: 6379, db: 0, session: 'sessions' } }
-
Run
npm install
-
Run
node index.js
When your system uses systemd, refer the following sample.[Unit] Description=Authentication Token Service After=network.target Before=apache2.service [Service] User=user WorkingDirectory=/path/to/token Environment=NODE_ENV=production ExecStart=/usr/bin/node index.js Restart=always [Install] WantedBy=multi-user.target
-
Configure your web server
- Example for Apache
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName token.example.com ServerAdmin [email protected] SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf RequestHeader set X-Forwarded-Proto "https" ProxyPreserveHost On ProxyPass / http://127.0.0.1:4500/ ProxyPassReverse / http://127.0.0.1:4500/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> </IfModule>
- Example for Caddy
token.example.com { proxy / localhost:4500 }
-
Install
carbon-now-cli
.e.g.
yarn global add carbon-now-cli
ornpm install -g carbon-now-cli
-
Install Package-Config, Pixman Dev Library, Cairo Dev Libirary, PangoCairo Dev Lbrary, Jpeg Dev Library.
e.g.
apt install pkgconf libpixman-1-dev libpixman-1-dev libcairo2-dev librust-pangocairo-dev libjpeg-dev
-
Clone the repository
git clone https://github.com/femto-apps/web-file-uploader.git uploader
-
cd uploader
-
Copy
config.default.hjson
toconfig.hjson
-
Edit
config.hjson
. Specially you must changeminio.accessKey
,minio.secretKey
,session.secret
andauthenticationProvider.consumerId
and eachendpoint
.For example:
{ port: 3005 dev: false trustedProxy: ['127.0.0.1/8', '::1/128'] title: { name: Femto Uploader // You can replae this with your favorite name shortener: Femto Shortener // You can replae this with your favorite name suffix: Femto Uploader // You can replae this with your favorite name } url: { origin: https://www.example.com/ } carbon: { // you can find this installation directory with `which carbon-now` path: /path/to/.yarn/bin/carbon-now } mongo: { uri: mongodb://user:password@localhost:27017/ db: fileUploader } minio: { host: 127.0.0.1 port: 9000 itemBucket: items // the bucket you created on Minio accessKey: ACCESSKEY secretKey: SECRETKEY useSSL: false } clamav: { url: http://localhost:9001 } session: { secret: REPLACE THIS WITH A RAMDOM STRING } redis: { host: 128.0.0.1 port: 6379 db: 0 // url: redis://127.0.0.1:6379/0 } cookie: { name: file-uploader maxAge: 15552000000 // 1000 * 60 * 60 * 24 * 180 (6 months) } email: { name: 'example.com' host: 'smtp.gmail.com' secure: false port: 587 auth: { user: 'username' pass: 'password' } authMethod: 'PLAIN' ignoreTLS: false } tokenService: { endpoint: https://token.example.com } authenticationProvider: { endpoint: https://auth.example.com consumerId: REPLACE THIS WITH YOUR CONSUMER ID // You got this in the installation step 10 for Web Authentication Provider } authenticationConsumer: { endpoint: https://www.example.com } experimental: { profiling: false statsTimer: 86400000 // 1000 * 60 * 60 * 24 (1 day) } }
-
Run
npm install
-
Run
node index.js
When your system uses systemd, refer the following sample.[Unit] Description=Web-File-Uploader After=network.target Before=apache2.service [Service] User=user WorkingDirectory=/path/to/uploader Environment=NODE_ENV=production ExecStart=/usr/bin/node index.js Restart=always [Install] WantedBy=multi-user.target
-
Configure your web server
- Example for Apache
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName www.example.com ServerAdmin [email protected] SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf RequestHeader set X-Forwarded-Proto "https" ProxyPreserveHost On ProxyPass / http://127.0.0.1:3005/ ProxyPassReverse / http://127.0.0.1:3005/ ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost> </IfModule>
- Example for Caddy
www.example.com { proxy / localhost:3005 }
-
Access
https://www.example.com
and you can register as many users as you wish! :)