Browse Source

add config sample

kiru 2 months ago
parent
commit
20f553753f
3 changed files with 171 additions and 30 deletions
  1. 103
    0
      config.sample.js
  2. 68
    0
      pomf.conf
  3. 0
    30
      real-ip-from-cf

+ 103
- 0
config.sample.js View File

@@ -0,0 +1,103 @@
1
+module.exports = {
2
+
3
+	/*
4
+		If set to true the user will need to specify the auto-generated token
5
+		on each API call, meaning random strangers wont be able to use the service
6
+		unless they have the token lolisafe provides you with.
7
+		If it's set to false, then upload will be public for anyone to use.
8
+	*/
9
+	private: false,
10
+
11
+	// If true, users will be able to create accounts and access their uploaded files
12
+	enableUserAccounts: true,
13
+
14
+	/*
15
+		Here you can decide if you want lolisafe to serve the files or if you prefer doing so via nginx.
16
+		The main difference between the two is the ease of use and the chance of analytics in the future.
17
+		If you set it to `true`, the uploaded files will be located after the host like:
18
+			https://gang.moe/yourFile.jpg
19
+
20
+		If you set it to `false`, you need to set nginx to directly serve whatever folder it is you are serving your
21
+		downloads in. This also gives you the ability to serve them, for example, like this:
22
+			https://files.lolisafe.moe/yourFile.jpg
23
+
24
+		Both cases require you to type the domain where the files will be served on the `domain` key below.
25
+		Which one you use is ultimately up to you.
26
+	*/
27
+	serveFilesWithNode: true,
28
+	domain: 'https://gang.moe',
29
+
30
+	// Port on which to run the server
31
+	port: 9999,
32
+
33
+	// Pages to process for the frontend
34
+	pages: ['home', 'auth', 'donation', 'dashboard', 'faq'],
35
+
36
+	// Add file extensions here which should be blocked
37
+	blockedExtensions: [
38
+		'.jar',
39
+		'.exe',
40
+		'.exec',
41
+		'.msi',
42
+		'.com',
43
+		'.bat',
44
+		'.cmd',
45
+		'.nt',
46
+		'.scr',
47
+		'.ps1',
48
+		'.psm1',
49
+		'.sh',
50
+		'.bash',
51
+		'.bsh',
52
+		'.csh',
53
+		'.bash_profile',
54
+		'.bashrc',
55
+		'.profile'
56
+	],
57
+
58
+	// Uploads config
59
+	uploads: {
60
+
61
+		// Folder where images should be stored
62
+		folder: 'uploads',
63
+
64
+		/*
65
+			Max file size allowed. Needs to be in MB
66
+			Note: When maxSize is greater than 1 MiB, you must set the client_max_body_size to the same as maxSize.
67
+		*/
68
+		maxSize: '200MB',
69
+
70
+		// The length of the random generated name for the uploaded files
71
+		fileLength: 8,
72
+
73
+		/*
74
+			This option will limit how many times it will try to generate random names
75
+			for uploaded files. If this value is higher than 1, it will help in cases
76
+			where files with the same name already exists (higher chance with shorter file name length).
77
+		*/
78
+		maxTries: 1,
79
+
80
+		/*
81
+			NOTE: Thumbnails are only for the admin panel and they require you
82
+			to install a separate binary called ffmpeg (https://ffmpeg.org/) for video files
83
+		*/
84
+		generateThumbnails: true,
85
+
86
+		/*
87
+			Allows users to download a .zip file of all files in an album.
88
+			The file is generated when the user clicks the download button in the view
89
+			and is re-used if the album has not changed between download requests
90
+		*/
91
+		generateZips: true
92
+	},
93
+
94
+	// Folder where to store logs
95
+	logsFolder: 'logs',
96
+
97
+	// The following values shouldn't be touched
98
+	database: {
99
+		client: 'sqlite3',
100
+		connection: { filename: './database/db' },
101
+		useNullAsDefault: true
102
+	}
103
+}

+ 68
- 0
pomf.conf View File

@@ -0,0 +1,68 @@
1
+upstream backend {
2
+	server 127.0.0.1:9999; # Change to the port you specified on lolisafe
3
+}
4
+
5
+map $sent_http_content_type $charset {
6
+	~^text/ utf-8;
7
+}
8
+
9
+server {
10
+	listen 80;
11
+	listen [::]:80;
12
+	server_name gang.moe;
13
+	return 301 https://$server_name$request_uri;
14
+}
15
+
16
+server {
17
+	listen 443 ssl http2;
18
+	listen [::]:443 ssl http2;
19
+
20
+	server_name gang.moe;
21
+	server_tokens off;
22
+
23
+	ssl_certificate /path/to/your/fullchain.pem;
24
+	ssl_certificate_key /path/to/your/privkey.pem;
25
+	ssl_trusted_certificate /path/to/your/fullchain.pem;
26
+
27
+    # Add TLSv1.0 to support older devices
28
+    ssl_protocols TLSv1.2 TLSv1.3;
29
+    # Uncomment line below if you want to support older devices (Before Android 4.4.2, IE 8, etc.)
30
+    # ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
31
+    ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
32
+    ssl_prefer_server_ciphers on;
33
+    # In case of an old server with an OpenSSL version of 1.0.2 or below,
34
+    # leave only prime256v1 or comment out the following line.
35
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
36
+    ssl_stapling on;
37
+    ssl_stapling_verify o
38
+
39
+	client_max_body_size 200M; # Change this to the max file size you want to allow
40
+
41
+	charset $charset;
42
+	charset_types *;
43
+
44
+	# Uncomment if you are running lolisafe behind CloudFlare.
45
+	# This requires NGINX compiled from source with:
46
+	#	--with-http_realip_module
47
+	#include /path/to/lolisafe/real-ip-from-cf;
48
+
49
+	location / {
50
+		add_header Access-Control-Allow-Origin *;
51
+		root /path/to/your/uploads/folder;
52
+		try_files $uri @proxy;
53
+	}
54
+
55
+	location @proxy {
56
+		proxy_set_header X-Real-IP $remote_addr;
57
+		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
58
+		proxy_set_header Host $http_host;
59
+		proxy_set_header X-NginX-Proxy true;
60
+		proxy_pass http://backend;
61
+		proxy_redirect off;
62
+		proxy_http_version 1.1;
63
+		proxy_set_header Upgrade $http_upgrade;
64
+		proxy_set_header Connection "upgrade";
65
+		proxy_redirect off;
66
+		proxy_set_header X-Forwarded-Proto $scheme;
67
+	}
68
+}

+ 0
- 30
real-ip-from-cf View File

@@ -1,30 +0,0 @@
1
-# https://www.cloudflare.com/ips/
2
-
3
-# IPv4 Ranges
4
-# https://www.cloudflare.com/ips-v4/
5
-set_real_ip_from 103.21.244.0/22;
6
-set_real_ip_from 103.22.200.0/22;
7
-set_real_ip_from 103.31.4.0/22;
8
-set_real_ip_from 104.16.0.0/12;
9
-set_real_ip_from 108.162.192.0/18;
10
-set_real_ip_from 131.0.72.0/22;
11
-set_real_ip_from 141.101.64.0/18;
12
-set_real_ip_from 162.158.0.0/15;
13
-set_real_ip_from 172.64.0.0/13;
14
-set_real_ip_from 173.245.48.0/20;
15
-set_real_ip_from 188.114.96.0/20;
16
-set_real_ip_from 190.93.240.0/20;
17
-set_real_ip_from 197.234.240.0/22;
18
-set_real_ip_from 198.41.128.0/17;
19
-
20
-# IPv6 Ranges
21
-# https://www.cloudflare.com/ips-v6/
22
-set_real_ip_from 2400:cb00::/32;
23
-set_real_ip_from 2405:8100::/32;
24
-set_real_ip_from 2405:b500::/32;
25
-set_real_ip_from 2606:4700::/32;
26
-set_real_ip_from 2803:f800::/32;
27
-set_real_ip_from 2c0f:f248::/32;
28
-set_real_ip_from 2a06:98c0::/29;
29
-
30
-real_ip_header CF-Connecting-IP;

Loading…
Cancel
Save