X-Git-Url: https://jfr.im/git/uguu.git/blobdiff_plain/3ffab18a49a38dfc56bf55f307de6837fcc87e61..25a798afecaede9a36f1b266dffadd77ac0c2d01:/README.md

diff --git a/README.md b/README.md
index 9b3296a..8d413d8 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
-# Uguu
+# What is Uguu?
 
-uguu is a simple file uploading and sharing platform.
+Uguu is a simple temporary file uploading and sharing platform where files get deleted after X amount of time.
 
 ## Features
 
@@ -20,30 +20,26 @@ See the real world example at [uguu.se](https://uguu.se).
 
 ## Requirements
 
-Original development environment is Nginx + PHP7.3 + SQLite, but is confirmed to
-work with Apache 2.4 and newer PHP versions.
+Original development environment is Nginx + PHP5.3 + SQLite, but is confirmed to
+work with Apache 2.4 and newer PHP versions like PHP7.3.
 
 ## Install
 
 For the purposes of this guide, we won't cover setting up Nginx, PHP, SQLite,
 Node, or NPM. So we'll just assume you already have them all running well.
 
+**NPM/Node is only needed to compile the files, Uguu runs on PHP.**
+
 ### Compiling
 
 First you must get a copy of the uguu code.  To do so, clone this git repo.
-You will need to recursively clone the repo to get the required PHP submodule,
-and the optional user panel submodule.
-```bash
-git clone --recursive https://github.com/nokonoko/uguu
-```
-If you don't want either of the submodules run the following command,
 ```bash
 git clone https://github.com/nokonoko/uguu
 ```
 
-Assuming you already have Node and NPM working, compilation is easy. If you would like any additional submodules, or to exclude the default PHP submodule, use the `MODULES="..."` variable.
+Assuming you already have Node and NPM working, compilation is easy.
 
-Run the following commands to do so.
+Run the following commands to do so, please configure `dist.json` before you compile.
 ```bash
 cd uguu/
 make
@@ -62,14 +58,26 @@ file size, are found in `dist.json`.  Changes made here will
 only take effect after rebuilding the site pages.  This may be done by running
 `make` from the root of the site directory.
 
-Back-end related settings, such as database configuration, and path for uploaded files, are found in `static/php/includes/settings.inc.php`.  Changes made here take effect immediately.
+Back-end related settings, such as database configuration, and path for uploaded files, are found in `includes/settings.inc.php`.  Changes made here take effect immediately. Change the following settings:
+```php
+define('UGUU_DB_CONN', 'sqlite:/path/to/db/uguu.sq3');
+define('UGUU_FILES_ROOT', '/path/to/file/');
+define('UGUU_URL', 'https://subdomainforyourfiles.your.site');
+```
 
 If you intend to allow uploading files larger than 2 MB, you may also need to
 increase POST size limits in `php.ini` and webserver configuration. For PHP,
 modify `upload_max_filesize` and `post_max_size` values. The configuration
 option for nginx webserver is `client_max_body_size`.
 
-Edit checkdb.sh and checkfiles.sh to the proper paths then add them to your crontab:
+Edit checkdb.sh and checkfiles.sh to the proper paths:
+```bash
+sqlite3 /path/to/db/uguu.sq3 "DELETE FROM files WHERE date <= strftime('%s', datetime('now', '-1 day'));"
+```
+```bash
+find /path/to/files/ -mmin +1440 -exec rm -f {} \;
+```
+Then add them to your crontab:
 ```bash
 0,30 * * * * bash /path/to/checkfiles.sh
 0,30 * * * * bash /path/to/checkdb.sh
@@ -77,7 +85,15 @@ Edit checkdb.sh and checkfiles.sh to the proper paths then add them to your cron
 
 These scripts check if DB entries and files are older then 24 hours and if they are deletes them.
 
-Example nginx configs can be found in confs/.
+## MIME/EXT Blocking
+
+Blocking certain filetypes from being uploaded can be changed by editing the following settings in `includes/settings.inc.php`:
+```php
+define('CONFIG_BLOCKED_EXTENSIONS', serialize(['exe', 'scr', 'com', 'vbs', 'bat', 'cmd', 'htm', 'html', 'jar', 'msi', 'apk', 'phtml']));
+define('CONFIG_BLOCKED_MIME', serialize(['application/msword', 'text/html', 'application/x-dosexec', 'application/java', 'application/java-archive', 'application/x-executable', 'application/x-mach-binary']));
+```
+
+By default the most common malicious filetypes are blocked.
 
 ## Using SQLite as DB engine
 
@@ -88,12 +104,12 @@ First create a directory for the database, e.g. `mkdir /var/db/uguu`.
 Then, create a new SQLite database from the schema, e.g. `sqlite3 /var/db/uguu/uguu.sq3 -init /home/uguu/sqlite_schema.sql`.
 Then, finally, ensure the permissions are correct, e.g.
 ```bash
-chown nginx:nginx /var/db/uguu
+chown www-data:www-data /var/db/uguu
 chmod 0750 /var/db/uguu
 chmod 0640 /var/db/uguu/uguu.sq3
 ```
 
-Finally, edit `php/includes/settings.inc.php` to indicate this is the database engine you would like to use.  Make the changes outlined below
+Finally, edit `includes/settings.inc.php` to indicate this is the database engine you would like to use.  Make the changes outlined below
 ```php
 define('UGUU_DB_CONN', '[stuff]'); ---> define('UGUU_DB_CONN', 'sqlite:/var/db/uguu/uguu.sq3');
 define('UGUU_DB_USER', '[stuff]'); ---> define('UGUU_DB_USER', null);
@@ -102,15 +118,74 @@ define('UGUU_DB_PASS', '[stuff]'); ---> define('UGUU_DB_PASS', null);
 
 *NOTE: The directory where the SQLite database is stored, must be writable by the web server user*
 
-### Apache
+## Nginx example config
+
+I won't cover settings everything up, here are some Nginx examples. Use [Letsencrypt](https://letsencrypt.org) to obain a SSL cert.
 
-If you are running Apache and want to compress your output when serving files,
-add to your `.htaccess` file:
+Main domain:
+```
+server{
+    
+    listen	        443 ssl;
+    server_name		www.yourdomain.com yourdomain.com;
+
+    ssl on;
+    ssl_certificate /path/to/fullchain.pem;
+    ssl_certificate_key /path/toprivkey.pem;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;    
+
+    root /path/to/uguu/dist/;
+    autoindex		off;
+    access_log      off;
+    index index.html index.php;  
+
+    location ~* \.(ico|css|js|ttf)$ {
+    expires 7d;
+    }
+
+    location ~* \.php$ {
+    fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
+    fastcgi_intercept_errors on;
+    fastcgi_index index.php;
+    fastcgi_split_path_info ^(.+\.php)(.*)$;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    }
+}
+```
 
-    AddOutputFilterByType DEFLATE text/html text/plain text/css application/javascript application/x-javascript application/json
+Subdomain serving files (do not enable PHP here):
+```
+server{
+    listen          443 ssl;
+    server_name     www.subdomain.serveryourfiles.com subdomain.serveryourfiles.com;
+
+    ssl on;
+    ssl_certificate /path/to/fullchain.pem;
+    ssl_certificate_key /path/to/privkey.pem;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    
+    root            /path/where/uploaded/files/are/stored/;
+    autoindex       off;
+    access_log	    off;
+    index           index.html;
+}
+```
 
-Remember to enable `deflate_module` and `filter_module` modules in your Apache
-configuration file.
+To redirect HTTP to HTTPS make a config for each domain like so:
+```
+server {
+    listen 80;
+    server_name www.domain.com domain.com; 
+    return 301 https://domain.com$request_uri;
+}
+```
+
+## API
+To upload using curl or make a tool you can post using: 
+```
+curl -i -F files[]=@yourfile.jpeg https://uguu.se/upload.php (JSON Response)
+```
 
 ## Getting help
 
@@ -118,7 +193,7 @@ Hit me up at [@nekunekus](https://twitter.com/nekunekus) or email me at neku@pom
 
 ## Credits
 
-Uguu is based off [Pomf](http://github.com/pomf/pomf).
+Uguu is based on [Pomf](http://github.com/pomf/pomf).
 
 ## License