Git Product home page Git Product logo

sftpbeamer's Introduction

SFTP Beamer

Build Status

SFTP Beamer is an open source web application, which is able to facilitate users to manipulate files between two SFTP/SSH servers.

Note: SFTP Beamer is still in development. The basic functionality is there and works, but it is still a bit rough around the edges, and we are currently working on improving stability and security. Contributions and issue reports are very welcome!

Table of Contents

  1. Introduction
  2. Functionality
  3. System Overview
  4. Security Considerations
  5. Development
  6. Deployment
  7. Docker Support
  8. Copyright
  9. License
  10. Contributors

Introduction

The SFTP Beamer is initially motivated by the Tryggve project. One of missions Tryggve project has is to help users easily use the existing services at the different Nordic countries. In Norway and Sweden, both of them have their own secure service for sensitive data. The built-in approach of importing/exporting data to/from the service is primitive and needs much manual labour, especially when manipulating data between the two services. In order to simplify this kind of task and make it user friendly, the SFTP Beamer comes out. But SFTP Beamer is not only designed to adapt for the secure services in Norway and Sweden, but also for a general server, which allows SFTP/SSH connection.

Functionality

The SFTP Beamer provides the following functions. After having connected to a server, right-click on the content area to show a functionality menu. For transfer, delete and rename functions, you have to left-click to select item(s) first. Besides, you are allowed to download a file or a folder as a zip file.

Functionality menu

  • Connect to two SFTP/SSH servers at the same time
  • Navigate the directory hierarchy
  • Upload multiple local files to SFTP/SSH server
  • Transfer multiple files/folders between two SFTP/SSH servers
  • Send email notification when data transfer is done
  • Delete multiple files/folders
  • Rename a file or folder
  • Create a folder
  • Download a file
  • Download a folder as a zip file

System Overview

In a word, SFTP Beamer as a web application is a proxy linking two remote SFTP/SSH servers.

The following image show how a user is using SFTP Beamer to interact with the two remote SFTP/SSH servers.

How SFTP Beamer links a user with the two SFTP/SSH servers

Security Considerations

Because one of purposes SFTP Beamer has is to transfer sensitive data through secure service, how to make this system much more security is very important. So far, there has been several applied features to secure the system.

  • The SFTP Beamer is using https.
  • The SFTP Beamer never keeps the credential a user is using to connect to a SFTP/SSH server.
  • The SFTP Beamer never caches the downloaded, uploaded or transferred data. The data will only pass by the memory of server where SFTP Beamer is running.
  • The SFTP Beamer is using session id to distinguish the different SFTP/SSH connections kept in the memory.

Development

The frontend of SFTP Beamer is based on JQuery, Bootstrap and several JQuery plugins, and the backend is developed by java and based on Vert.x framework. Besides, it's using Maven as a build tool. For the specific version requirement, please refer to requirements.

Deployment

Please refer to deployment guideline for more info.

Docker Support

Now, we support dockerizing our application. Pull the dockerfile to a docker host, and run the following command to create a docker image.

docker build -f dockerfile -t sftpbeamer .

After having a docker image, launch a docker container by running the following command. You need to mount two host's directories to container. In the /home/sftpbeamer/conf, you need to provide the customized app.info.json and sftp.beamer.properties files. Besides, you need to provide a hostname for the container, and this hostname should be set in the sftp.beamer.properties file.

docker run  -d --mount type=bind,source=/host/path,target=/home/sftpbeamer/conf --mount type=bind,source=/host/path,target=/home/sftpbeamer/logs -h container.sftpbeamer -p 80:8080 sftpbeamer

Copyright

Nordic e-Infrastructures Collaboration (NeIC)

License

MIT (see the LICENSE file for more info)

Contributors

sftpbeamer's People

Contributors

amgadhanafy avatar xiaxi-li avatar jhagberg avatar

Stargazers

avatar kinloly avatar Linus Östberg avatar Ben Hocking avatar

Watchers

James Cloos avatar Joel Hedlund avatar avatar avatar avatar avatar avatar Dejan Vitlacil avatar Thomas Röblitz avatar avatar

Forkers

samuell mrp321

sftpbeamer's Issues

Strong SSL for ngnix

the settings for nginx is not the best.
If you follow this guide you will get more secure settings.
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

You will also need to generate a Diffie-Hellman

cd /etc/ssl/certs
openssl dhparam -out dhparam.pem 4096

server {
        listen 80 default_server;
        listen [::]:80 default_server;

#       server_name _;
        return 301 https://$host$request_uri;

}

#HTTPS Server
server {
    listen 443;
    listen [::]:443 ssl http2;
    server_name smog29-215.cloud.uppmax.uu.se;

    error_log /var/log/nginx/sftpbeamer.access.log;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/smog29-215.cloud.uppmax.uu.se/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/smog29-215.cloud.uppmax.uu.se/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/smog29-215.cloud.uppmax.uu.se/fullchain.pem;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # do not use SSLv3 ref: POODLE
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-A
ES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-A
ES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES1
28-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
    ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
 # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $http_host;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forward-Proto http;
        proxy_set_header X-Nginx-Proxy true;

        proxy_redirect off;
    }
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.