#!/bin/bash # This software is released into public domain. # It is provided "as is", without warranties or conditions of any kind. # Anyone is free to modify, redistribute and do anything with this software. # Simple startup/configuration script for Gomf # Leave options blank ("OPTION=", "OPTION=''") or comment them out to use Gomf # defaults (see `gomf --help`) set -e ############################################################################### # The Gomf binary #GOMF_BIN=gomf # Root folder for Gomf containing gomf-web files # # All paths in other options are relative to this. # Defaults to current directory if not set. #GOMF_ROOT=~/www/gomf-web # The website name, appearing on web pages #NAME='Gomf' # The hostname to serve uploaded files on # # By default, any connection can serve files on path /u/$file, but, if enabled, # this host will serve them directly on /$file. #UPLOAD_HOST=u.example.com # The URL to serve uploaded files on # # Generated URLs will be $UPLOAD_URL/$file.$ext. # If not specified, it is generated depending on which variables are set: # - $UPLOAD_HOST and $LISTEN_HTTPS: https://$UPLOAD_HOST/ # - $UPLOAD_HOST and $LISTEN_HTTP: http://$UPLOAD_HOST/ # - $LISTEN_HTTPS: https://$LISTEN_HTTPS/u/ # - $LISTEN_HTTP: http://$LISTEN_HTTP/u/ #UPLOAD_URL=https://u.example.com/ # The contact email address, appearing on web pages #CONTACT_EMAIL=contact@example.com # The abuse contact email address, appearing on web pages #ABUSE_EMAIL=abuse@example.com # The host to listen on for HTTP and/or HTTPS # # Use 'localhost' if using local reverse proxy, 0.0.0.0 to listen to any host # or a specific hostname to only allow connections to that address. #LISTEN_HOST=0.0.0.0 # The port to listen on for HTTP # # 80 for a standard HTTP server, probably a higher port (e.g. 9000) if # reverse-proxied. #HTTP_PORT=80 # The port to listen on for HTTPS # # 443 for a standard HTTPS server. Requires TLS_CERT and TLS_KEY #HTTPS_PORT=443 # SSL certificate for HTTPS #TLS_CERT=cert.pem # SSL certificate key for HTTPS #TLS_KEY=key.pem # Redirect traffic accepted with the HTTP handler to HTTOS # # Uses the same host, path and query as the incomming request, just rewrites # the scheme to https://. # Only works when serving directly. If a reverse proxy is used, it should be # also used to set up this redirect instead. #REDIRECT_HTTPS=0 # Adds the HSTS header to responses #HSTS=0 # Sets the Content-Security-Policy header # # Useful for disallowing script execution in XML-based formats (e.g. SVG). # Gomf default is "default-src 'none'; media-src 'self'", which blocks all # scripts but allows inline video playback. # Set to "0" to disable the CSP header. #CSP="default-src 'none'; media-src 'self'" # Allows serving HTML/XHTML files with their actual MIME types # # If disabled, text/html and application/xhtml+xml will be served as types # text/plain to prevent rendering thme in browser and to keep services such as # CloudFlare from modifying them to insert its tracking JavaScript. #ALLOW_HTML=0 # Sets Access-Control-Allow-Origin header to "*" # # This enables CORS and allows other sites' JavaScript applications to upload # files using XMLHttpRequest. #CORS=1 # Enables grills # # With this enabled, the path /grill.php will serve a redirect to a random file # from the static/grill/ directory. This is used as a background-image in the # bottom right corner in the default gomf-web style. #GRILL=1 # The charset used to generate file IDs # # Should only contain URL-safe characters. Must not contain / and _. #ID_CHARSET='abcdefghijklmnopqrstuvwxyz' # The length of generated file IDs #ID_LENGTH=6 # Maximum allowed size in MiB # # When blank/commented, no maximum upload size is enforced. #MAX_SIZE_MIB=50 # Enable whitelist mode instead of blacklist for filters # # When enabled, only the file extensions/types specified in filters are allowed # and all others are blocked. When disabled, the extensions/types in filters # are blocked and all others are allowed. #WHITELIST=0 # The file extensions (without leading dot) to filter # # Set to an empty array to disable. #FILTER_EXT=(exe dll msi scr com pif) # The file MIME types to filter # # Set to an empty array to disable. #FILTER_MIME=( # application/x-dosexec # application/x-msdos-program #) # Enable logging # # When set to 1, all uploads are logged to $GOMF_ROOT/log/. #LOG=0 # Enable logging of IP addresses #LOG_IP=0 # Enable logging of hashed IP addresses #LOG_IP_HASH=0 # Enable logging of User-Agent headers #LOG_UA=0 # Enable logging of hashed User-Agent headers #LOG_UA_HASH=0 # Enable logging of Referer headers #LOG_REFERER=0 # Enable logging of hashed Referer headers #LOG_REFERER_HASH=0 # Salt for hashed log entries # # Used to obfuscate entries when LOG_*_HASH option is enabled for privacy. #LOG_HASH_SALT='put some unique string here' # Count of trusted reverse proxies # # Used to determine which, if any, X-Forwarded-For or X-Real-IP to trust when # logging or hashing the uploaders' IP addresses #PROXY_COUNT=0 ############################################################################### flags=() [ -n "$GOMF_ROOT" ] && cd "$GOMF_ROOT" [ -n "$NAME" ] && flags+=(--name "$NAME") [ -n "$UPLOAD_HOST" ] && flags+=(--upload-host "$UPLOAD_HOST") [ -n "$UPLOAD_URL" ] && flags+=(--upload-url "$UPLOAD_URL") [ -n "$CONTACT_EMAIL" ] && flags+=(--contact "$CONTACT_EMAIL") [ -n "$ABUSE_EMAIL" ] && flags+=(--abuse "$ABUSE_EMAIL") [ -n "$HTTP_PORT" ] && flags+=(--http "${HTTP_HOST:-localhost}:$HTTP_PORT") [ -n "$HTTPS_PORT" ] && [ -n "$TLS_CERT" ] && [ -n "$TLS_KEY" ] && flags+=( --https "${HTTP_HOST:-localhost}:$HTTPS_PORT" --cert "$TLS_CERT" --key "$TLS_KEY") [ "${REDIRECT_HTTPS:-0}" -ne 0 ] && flags+=(--redirect-https) [ "${HSTS:-0}" -ne 0 ] && flags+=(--hsts) [ -n "${ID_CHARSET}" ] && flags+=(--id-charset "$ID_CHARSET") [ -n "${ID_LENGTH}" ] && flags+=(--id-length "$ID_LENGTH") [ -n "${MAX_SIZE_MIB}" ] && flags+=(--max-size "$((MAX_SIZE_MIB*1024*1024))") [ "${WHITELIST:-0}" -ne 0 ] && flags+=(--whitelist) oldifs="$IFS" IFS=, [ -n "$(declare -p FILTER_EXT 2>/dev/null)" ] && flags+=(--filter-ext "${FILTER_EXT[*]}") [ -n "$(declare -p FILTER_MIME 2>/dev/null)" ] && flags+=(--filter-mime "${FILTER_MIME[*]}") IFS="$oldifs" [ "${ALLOW_HTML:-0}" -ne 0 ] && flags+=(--allow-html) [ "${CORS:-0}" -ne 0 ] && flags+=(--cors) [ "${GRILL:-0}" -ne 0 ] && flags+=(--grill) [ -n "$CSP" ] && [ "$CSP" = 0 ] && flags+=(--csp '') [ -n "$CSP" ] && ! [ "$CSP" = 0 ] && flags+=(--csp "$CSP") [ "${LOG:-0}" -ne 0 ] && flags+=(--log) [ "${LOG_IP:-0}" -ne 0 ] && flags+=(--log-ip) [ "${LOG_IP_HASH:-0}" -ne 0 ] && flags+=(--log-ip-hash) [ "${LOG_UA:-0}" -ne 0 ] && flags+=(--log-ua) [ "${LOG_UA_HASH:-0}" -ne 0 ] && flags+=(--log-ua-hash) [ "${LOG_REFERER:-0}" -ne 0 ] && flags+=(--log-referer) [ "${LOG_REFERER_HASH:-0}" -ne 0 ] && flags+=(--log-referer-hash) [ -n "$LOG_HASH_SALT" ] && flags+=(--log-hash-salt "$LOG_HASH_SALT") [ -n "$PROXY_COUNT" ] && flags+=(--proxy-count "$PROXY_COUNT") printf "%s" "${GOMF_BIN:-gomf}" [ "${#flags}" -gt 0 ] && printf " \"%s\"" "${flags[@]}" printf "\n" exec "${GOMF_BIN:-gomf}" "${flags[@]}"