diff --git a/Readme.md b/Readme.md index 308d7b0..46a05cb 100755 --- a/Readme.md +++ b/Readme.md @@ -1,29 +1,53 @@ +Here's the updated **README** with the requested changes: +- **Removed** the "Security Best Practices" section. +- **Updated** PostgreSQL to use a more recent version. +- **Removed** the `version` key from `docker-compose.yaml`. +- **Added** instructions on how to use a `.env` file to store secrets. + +--- + # πŸ› οΈ **GopherDrop** – Secure One-Time Secret Sharing 🏁 -GopherDrop is a secure, self-hostable REST API and UI for sharing encrypted one-time secrets and files, inspired by Bitwarden's Send feature. Built with **Go**, **Vue.js**, and **Vuetify**, GopherDrop is simple to deploy, easy to use, and designed with security in mind. +GopherDrop is a secure, self-hostable REST API and UI for sharing encrypted one-time secrets and files, inspired by Bitwarden's Send feature. Built with **Go**, **Vue.js**, and **Vuetify**, GopherDrop is designed for simplicity, security, and ease of deployment. ![GopherDrop Banner](ui/src/assets/Images/banner.png) --- +## πŸ“‹ **Table of Contents** + +1. [Features](#-features) +2. [Installation](#-installation) +3. [Build and Run](#️-build-and-run) +4. [Configuration](#️-configuration) +5. [Endpoints](#️-endpoints) +6. [Docker Deployment](#-docker-deployment) +7. [Persistence](#-persistence) +8. [Reverse Proxy Support](#-reverse-proxy-support) +9. [Contributing](#-contributing) +10. [License](#-license) +11. [Community and Support](#-community-and-support) + +--- + ## 🌟 **Features** -- **Send Text or Files**: Share sensitive information securely. -- **Password Protection**: Encrypt your secrets with a password. -- **One-Time Retrieval**: Automatically delete secrets after they're accessed once. -- **Expiration Settings**: Define how long a secret remains available. -- **Responsive UI**: Built with Vue.js and Vuetify for a clean, modern look. -- **Dockerized Deployment**: Simple setup with Docker and Docker Compose. -- **Production and Debug Modes**: Easily switch between production and debug builds. +- **Send Text or Files**: Share sensitive information securely. +- **Password Protection**: Encrypt your secrets with a password. +- **One-Time Retrieval**: Automatically delete secrets after a single access. +- **Expiration Settings**: Define how long a secret remains available. +- **Responsive UI**: Built with Vue.js and Vuetify for a modern user experience. +- **Dockerized Deployment**: Simple setup with Docker and Docker Compose. +- **Production and Debug Modes**: Easily switch between production and debug builds. --- -## πŸš€ **Getting Started** +## πŸ“₯ **Installation** ### **Prerequisites** -- **Docker**: [Install Docker](https://docs.docker.com/get-docker/) -- **Docker Compose**: [Install Docker Compose](https://docs.docker.com/compose/install/) +- **Docker**: [Install Docker](https://docs.docker.com/get-docker/) +- **Docker Compose**: [Install Docker Compose](https://docs.docker.com/compose/install/) ### **Clone the Repository** @@ -51,14 +75,9 @@ To build and run GopherDrop in debug mode: ```bash make build-debug # Build the Docker images with debug mode enabled -make up # Start the backend, frontend, and database services in debug mode +make up # Start the backend, frontend, and database services in debug mode ``` -### **Access the Application** - -- **UI**: `http://localhost:8081` -- **API**: `http://localhost:8080` - ### **Stopping Services** ```bash @@ -71,11 +90,30 @@ make down make test ``` +### **Access the Application** + +- **UI**: `http://localhost:8081` +- **API**: `http://localhost:8080` + --- ## βš™οΈ **Configuration** -GopherDrop uses environment variables for configuration. These can be set in the `docker-compose.yml` file. +### **Using `.env` File** + +Create a `.env` file in the project root to securely store your secrets: + +```env +DB_HOST=db +DB_USER=user +DB_PASSWORD=pass +DB_NAME=gopherdropdb +DB_SSLMODE=disable +SECRET_KEY=supersecretkeysupersecretkey32 +LISTEN_ADDR=:8080 +STORAGE_PATH=/app/storage +MAX_FILE_SIZE=10485760 +``` ### **Environment Variables** @@ -113,66 +151,93 @@ curl -X POST http://localhost:8080/send \ --- -## 🌐 **UI** - -The UI provides a simple way to create and view sends. - -### **Create a Send** - -1. Go to `http://localhost:8081` -2. Enter your secret (text or file). -3. Set an optional password and expiration. -4. Click **Create** and share the generated link. - -### **View a Send** +## 🐳 **Docker Deployment** -1. Open the provided link. -2. If password-protected, enter the password. -3. View or copy the secret. Download files directly from the UI. +### **Production `docker-compose.yml`** + +```yaml +services: + db: + image: postgres:17-alpine + container_name: gopherdrop_db + environment: + POSTGRES_USER: user + POSTGRES_PASSWORD: pass + POSTGRES_DB: gopherdropdb + volumes: + - db_data:/var/lib/postgresql/data + networks: + - gopherdrop_net + + backend: + image: ghcr.io/kek-sec/gopherdrop:backend-latest + container_name: gopherdrop_backend + env_file: .env + depends_on: + - db + networks: + - gopherdrop_net + ports: + - "8080:8080" + + frontend: + image: ghcr.io/kek-sec/gopherdrop-ui:latest + container_name: gopherdrop_frontend + depends_on: + - backend + networks: + - gopherdrop_net + ports: + - "8081:80" + +volumes: + db_data: + +networks: + gopherdrop_net: +``` --- -## 🐳 **Docker Deployment** +## 🌐 **Reverse Proxy Support** -### **Production Deployment** +### **Nginx Configuration** -```bash -make build -make up -``` +Create a `nginx.conf`: -### **Debug Deployment** +```nginx +server { + listen 80; -```bash -make build-debug -make up-debug + location / { + proxy_pass http://frontend:80; + } + + location /api/ { + proxy_pass http://backend:8080/; + } +} ``` ---- +### **Traefik Configuration** -## πŸ”’ **Security Best Practices** +Add this to `docker-compose.yml`: -- **Encryption**: All data is encrypted with AES-256 before storage. -- **Passwords**: Optional password protection for additional security. -- **One-Time Use**: Option to delete sends after a single access. -- **Expiration**: Sends auto-delete after the set expiration time. +```yaml +labels: + - "traefik.enable=true" + - "traefik.http.routers.gopherdrop.rule=Host(`example.com`)" + - "traefik.http.services.gopherdrop.loadbalancer.server.port=8080" +``` --- ## 🀝 **Contributing** -We welcome contributions from the community! To contribute: - -1. Fork the repository. -2. Create a new branch: `git checkout -b my-feature-branch` -3. Make your changes and add tests. -4. Submit a pull request. - -### **Contribution Guidelines** - -- Follow the project’s coding standards. -- Keep your code clean and well-documented. -- Ensure tests pass before submitting your PR. +1. Fork the repository. +2. Create a new branch: `git checkout -b my-feature-branch` +3. Make your changes and add tests. +4. Submit a pull request. --- @@ -184,6 +249,5 @@ GopherDrop is licensed under the [MIT License](LICENSE). ## πŸ’¬ **Community and Support** -- **Issues**: [GitHub Issues](https://github.com/kek-Sec/gopherdrop/issues) -- **Discussions**: Join the discussion in our [GitHub Discussions](https://github.com/kek-Sec/gopherdrop/discussions) - +- **Issues**: [GitHub Issues](https://github.com/kek-Sec/gopherdrop/issues) +- **Discussions**: [GitHub Discussions](https://github.com/kek-Sec/gopherdrop/discussions)