diff --git a/Caddyfile b/Caddyfile index cc5bbdf..fcca257 100644 --- a/Caddyfile +++ b/Caddyfile @@ -1,12 +1,13 @@ +{ + email %sslmail% +} + %interface% { - basicauth * { -%userpw% } log { output file /var/www/web.log format console } php_fastcgi 127.0.0.1:9000 - request_header +X-User {http.auth.user.id} root * /var/www/uploadpage file_server } diff --git a/Dockerfile b/Dockerfile index e7121d5..36d6ec2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,10 +10,11 @@ FROM alpine:latest MAINTAINER "gitlab.com/pepa65 " -RUN apk update && apk add bash php php-fpm ffmpeg tzdata file && rm -rf /lib/apk/db +RUN apk update && apk add bash php php-fpm ffmpeg tzdata file ADD https://good4.eu/mailer /usr/bin/mailer -ADD https://good4.eu/caddy /usr/bin/caddy #ADD https://caddyserver.com/api/download?os=linux&arch=amd64&idempotency=74472262832423 /usr/bin/caddy +ADD https://good4.eu/caddy /usr/bin/caddy +COPY Caddyfile Dockerfile /root/ WORKDIR /var/www -COPY Caddyfile Dockerfile encode init stream vars ./ +COPY encode init stream vars mailhash ./ ENTRYPOINT ./init diff --git a/README.md b/README.md index 1fa08e5..049778f 100644 --- a/README.md +++ b/README.md @@ -6,23 +6,23 @@ ### Manual * Prepare a Linux server, set its timezone to the users' timezone (on deb-based systems: `dpkg-reconfigure tzdata`). -* On the server, `cd` to the place where you want the files (make sure that the webserver user (often `www-data`) has access to the location!). * Make sure the packages `git php-fpm ffmpeg` are installed (on deb-based systems: `apt install git php-fpm ffmpeg`). * Clone repo: `git clone https://gitlab.com/pepa65/streamupload`. -* `cd streamupload`. Now the output of `pwd` is the value for `$repopath`. -* Copy `_vars` to `vars` and set the variables - `to`, `user`, `password`, `smtp` and `port` in it in order to - receive mail notifications when the encodes are finished. +* Move the `streamupload` directory to a place that is accessible to the web + server, like: `mv streamupload /var/www` and `cd` to that place. Now the + output of `pwd` is the value for `$repopath`. +* Copy `_vars` to `vars` and `_mailhash` to `mailhash` and set the variables + in `vars` (webserver, SMTP-server) and `mailhash` (usernames, emails and + bcrypt-password-hashes). * Make a crontab-entry: "* * * * * $repopath/encode" (replace `$repopath`!). * Install the `mailer` binary by downloading it from the repo at https://https://github.com/pepa65/mailer/releases/latest and moving it to `/usr/local/bin` and make it executable: `chmod +x /usr/local/bin/mailer`. - If it's not installed, everything except the email will still work. + If it's not installed, everything (except the emails) will still work. * Run a php/webserver on `$repopath/uploadpage`: - Get it to restart on reboot. - - Setting up basicauth on the page is a good idea if others can get access! - Change the relevant `php.ini` to allow large file uploads: * `post_max_size` - Upper limit of uploaded video sizes, say `10G`. * `upload_max_filesize` - same value as `post_max_size`. @@ -31,32 +31,29 @@ If no webserver has been installed, an easy way to get going is to use Caddy from https://caddyserver.com/download and place the `caddy` binary in `/usr/local/bin` and make it executable: `chmod +x /usr/local/bin/caddy`. -For php functionality, install `php-fpm` (on deb-based systems: -`apt install php-fpm`) and make the config file `/root/Caddyfile` with: +Make the config file `/root/Caddyfile` like: ``` +{ + email $email +} + :80 { - basicauth { - $user $hashpassword - } log { - output file /var/www/web.log + output file $weblogfile } php_fastcgi unix//run/php/php-fpm.sock - request_header +X-User {http.auth.user.id} root * $repopath/uploadpage file_server } ``` * If the server IP has an DNS A record pointing to it, `:80` can be replaced - by the domainname with the A record. -* Replace `$user` with the desired username for authentication and replace - `$hashpassword` with the output of `caddy hash-password` which will - ask for the password to be used for authentication. Multiple users (on - separate lines) are allowed. + by the domainname with the A record, and it will be SSL-encrypted. +* Replace `$email` with an email for the SSL-certificates. +* Replace `$weblogfile` with a path for a webserver logfile. * Replace `$repopath` (see above in Install). * The value of `/run/php/php-fpm.sock` might need to be adjusted, depending on the system used, it needs to be the unix socket for php. -* Caddy can be started at boottime by including `@reboot /root/Caddy` as a +* Caddy can be started at boottime by including `@reboot /root/Caddy` as a line in root's crontab: `crontab -e` and make the file `/root/Caddy` with: ``` #!/usr/bin/env bash @@ -75,15 +72,17 @@ sleep 1 and make it executable: `chmod +x /root/Caddy`. ### Docker -After cloning this repo and `cd streamupload`, a docker image can be built -from the included `Dockerfile` by: `docker build -t streamupload .`. -In the case of running on a LAN and not having a DNS A record, start it with: +After cloning this repo, `cd streamupload`, and setting the variables in `vars` and +`mailhash`, a docker image can be built from the included `Dockerfile` by: +`docker build -t streamupload .`. In the case of running on a LAN and not having a +DNS A record, start it with: `docker run -d -p 8080:80 -v $PWD/uploadpage:/var/www/uploadpage streamupload`. In case of a domainname, replace `8080:80` by `443:443`. ## Usage * Get a streamkey for the target by scheduling a stream (supported are: Restream.io, YouTube.com, Facebook.com). -* Go to the server's IP address in the browser: `http://$ipaddress` or to the +* Go to the server's URL in the browser: `http://$ipaddress:8080` or to the domainname if available: `https://$domainname`. +* Log in with the username and passwors as prepared in `mailhash`. * Fill in the form, and click "Schedule Stream". diff --git a/_mailhash b/_mailhash index 1598fea..a20ddb1 100644 --- a/_mailhash +++ b/_mailhash @@ -1,3 +1,3 @@ -# Separated by TABs: user/mail/bcrypt-hash -# Get hash: php -r "echo password_hash('$password', PASSWORD_BCRYPT);" +# Separated by TABs: username / email / bcrypt-hash +# Get bcrypt-hash: php -r "echo password_hash('$password', PASSWORD_BCRYPT);" username e@ma.il $2y$10$XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX diff --git a/_vars b/_vars index 56c3fa2..f618250 100644 --- a/_vars +++ b/_vars @@ -1,18 +1,15 @@ ## Variables for the install script # All have to be filled in, except if they have a default +# Timezone for local user +tz='Asia/Bangkok' + # Interface for serving the page: ':80' or 'domain.name' # Defaults to ':80' interface='' -# Timezone for local user -tz='UTC' - -# Username / Email / Password/Hash (multiple users allowed) -# Must have at least one Username and Email with either Password or Hash -declare -A umail upw uhash -u='username' umail[$u]='email' upw[$u]='password' -u='username' umail[$u]='email' uhash[$u]='$(caddy hash-password)' +# Email for registering SSL-certificate +sslmail='(valid email)' # Variables for mailer user='(smtp login)' diff --git a/init b/init index e50dff0..6b07df8 100755 --- a/init +++ b/init @@ -15,21 +15,14 @@ crond line='SHELL=/bin/bash\n\n# Every minute\n* * * * * /var/www/encode\n\n# Streams' echo -e "$line" |crontab - +sed -i "s/%sslmail%/$sslmail/" /root/Caddyfile + [[ $interface ]] || interface=:80 -sed -i "s/%interface%/$interface/" Caddyfile +sed -i "s/%interface%/$interface/" /root/Caddyfile chmod +x /usr/bin/caddy /usr/bin/mailer -up= -shopt -s nullglob -for u in "${!upw[@]}" -do hash=${uhash[$u]} - [[ $hash ]] || hash=$(caddy hash-password --plaintext "${upw["$u"]}") - up+="\t\t$u $hash#" -done -sed "s/%userpw%/$(echo -en "$up")/" Caddyfile |tr '#' '\n' >/srv/c -mv /srv/c Caddyfile php-fpm8 -R -caddy start >caddy.log +caddy start --config /root/Caddyfile --adapter caddyfile >caddy.log sleep 9999d diff --git a/uploadpage/check.php b/uploadpage/check.php old mode 100644 new mode 100755 diff --git a/uploadpage/favicon.png b/uploadpage/favicon.png old mode 100644 new mode 100755 diff --git a/uploadpage/index.php b/uploadpage/index.php old mode 100644 new mode 100755 diff --git a/uploadpage/login.php b/uploadpage/login.php old mode 100644 new mode 100755 diff --git a/uploadpage/page.css b/uploadpage/page.css old mode 100644 new mode 100755 diff --git a/uploadpage/upload.php b/uploadpage/upload.php old mode 100644 new mode 100755