gosh is a simple HTTP file sharing server on which users can upload their files without login or authentication. All files have a maximum lifetime and are then purged.
/
pagecurl
or the likeLast-Modified
/ If-Modified-Since
and HTTP status code 304http://example.org/gosh/
chroot
ed, privilege dropped, fork
+exec
ed daemonseccomp-bpf
filtered on Linuxpledge
promised on OpenBSDGo is required in a recent version; currently 1.19 or later.
git clone https://github.com/oxzi/gosh.git
cd gosh
go build
NOTE: THIS SECTION IS CURRENTLY OUTDATED
On a NixOS system one can configure gosh as a module.
Have look at the example in contrib/nixos/
.
# Example configuration to proxy gosh with nginx with a valid HTTPS certificate.
{ config, pkgs, ... }:
{
imports = [ /path/to/contrib/nixos/ ]; # TODO: copy or link the contrib/nixos/default.nix
services = {
gosh = {
enable = true;
contactMail = "abuse@example.com";
listenAddress = "127.0.0.1:30100";
maxFilesize = "64MiB";
maxLifetime = "1w";
mimeMap = [
{ from = "text/html"; to = "text/plain"; }
];
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts."gosh.example.com" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.gosh.listenAddress}/";
};
};
};
}
On a NixOS system one can also configure goshy
as a program.
Have look at the example in contrib/nixos/goshy.nix
.
# Example configuration to proxy gosh with nginx with a valid HTTPS certificate.
{ config, pkgs, ... }:
{
imports = [ /path/to/contrib/nixos/goshy.nix ]; # TODO: copy or link the contrib/nixos/goshy.nix
programs.goshy = {
enable = true;
instance = "https://gosh.example.com";
defaults = {
burnAfterReading = true;
printOnlyUrl = false;
expiryPeriod = "161s";
};
};
}
Start by compiling gosh
for OpenBSD as described in the generic instructions above.
Then, prepare your system by creating an user, directories and a configuration.
go build
doas cp gosh /usr/local/sbin/gosh
doas groupadd _gosh
doas useradd -g _gosh -s /sbin/nologin -d /var/empty _gosh
doas mkdir -p /etc/gosh/store
doas cp gosh.yml /etc/gosh/
doas chown -R _gosh:_gosh /etc/gosh/
doas chmod 0700 /etc/gosh/store/
doas -u _gosh vi /etc/gosh/gosh.yml
# store.path to "/etc/gosh/store"
# webserver.listen.protocol to "unix"
# webserver.listen.bound to "/var/www/run/gosh.sock"
# webserver.protocol to "fcgi"
# webserver.item_config to whatever you find reasonable
# webserver.contact to some real email address
doas cp contrib/openbsd/gosh /etc/rc.d/gosh
doas rcctl start gosh
doas rcctl enable gosh
Finally, alter your /etc/httpd.conf
to contain a server
block like the following one:
server "example.org" {
listen on * tls port 443
tls {
certificate "/etc/ssl/example.org.crt"
key "/etc/ssl/private/example.org.key"
}
connection max request body 67108864 # 64M
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/*" {
fastcgi socket "/run/gosh.sock"
}
}
Don't forget to rcctl reload httpd
your configuration changes.
Usage of ./gosh:
-config string
YAML configuration file
-verbose
Verbose logging
Please take a look at the provided example configuration in gosh.yml
.
Create a copy, modify it and run gosh with it.
sudo ./gosh -config gosh.yml -verbose
Files can be submitted via HTTP POST with common tools, e.g., with curl
.
# Upload foo.png
curl -F 'file=@foo.png' http://our-server.example/
# Burn after reading:
curl -F 'file=@foo.png' -F 'burn=1' http://our-server.example/
# Set a custom expiry date, e.g., one day:
curl -F 'file=@foo.png' -F 'time=1d' http://our-server.example/
# Or all together:
curl -F 'file=@foo.png' -F 'time=1d' -F 'burn=1' http://our-server.example/
# Print only URL as response:
curl -F 'file=@foo.png' http://our-server.example/?onlyURL
For use with the Weechat-Android relay client, simply add the ?onlyURL
GET parameter to the URL and enter in the settings under file sharing with no further changes.
A fish
function and a bash
script allow handily uploading a file to the server of your choice which need to be manually set.
An own installation and deployment of goshd
is not necessary to use tools.
contrib/bash/
The bash script is feature complete compared to the possibilities provided by using curl
or the web interface.
To be able to use the script, add goshy
to your PATH, make it executable and set the GOSH_INSTANCE
environment variable.
For learning the usage run goshy -h
.
contrib/fish/
The fish function only provides the capability to upload a file and a flag for burn after reading.
To be able to use the function, copy it's content to ~/.config/fish/config.fish
.
Of course, there are already similar projects, for example:
There is also darn, a gosh fork which enables server-side file encryption. Back in time, this code was merged into gosh. However, for the sake of simplicity and because I don't like to trust a remote server, this has been removed again.