-
-
Notifications
You must be signed in to change notification settings - Fork 69
Home
Knut Ahlers edited this page Aug 16, 2023
·
6 revisions
- The easiest option is to download the latest build from the Releases page.
- You also can use the Docker image provided at
luzifer/ots:latest
orluzifer/ots:<version>
In order to do a local build you need to have NodeJS LTS and latest Golang installed.
Execute the build-local
target using make
:
$ make build-local # Dynamically linked
$ CGO_ENABLED=0 make build-local # Statically linked
To run the binary you for example could use a systemd service unit combined with an environment file:
# exa --tree /etc/ots
/etc/ots
├── assets
│ └── applogo.png
├── customize.yaml
└── env
# cat /etc/ots/env
CUSTOMIZE=/etc/ots/customize.yaml # Optional, see "Customization" in README
LISTEN=127.0.0.1:3000 # Port 3000 only on localhost
REDIS_URL=redis://default:mypasswordissecure@127.0.0.1:6379/0 # See README for details
SECRET_EXPIRY=604800 # 168h = 1w
STORAGE_TYPE=redis # "mem" or "redis" (See README)
# cat /etc/ots/customize.yaml
---
appLogo: 'applogo.png'
overlayFSPath: /etc/ots/assets
# See "Customization" in README for all options
...
# cat /etc/systemd/system/ots.service
[Unit]
Description=One-Time-Secret Service
After=network-online.target
Requires=network-online.target
[Service]
EnvironmentFile=/etc/ots/env
ExecStart=/usr/local/bin/ots
Restart=Always
RestartSecs=5
[Install]
WantedBy=multi-user.target
For the Docker image use your favorite scheduler or adapt the service unit.
To add transport-layer encryption for example set up an nginx with Let's Encrypt and add a proxy host in front of your instance:
# cat /etc/nginx/sites-available/ots.conf
server {
listen 80;
listen [::]:80;
server_name ots.example.com;
location / {
add_header X-Robots-Tag noindex;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:3000/;
}
}
If you're not familiar with nginx see these: