uuxo/hmac-file-server
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases 4 Wiki Activity

removed useless networking monitoring option - release fixed 2.8

Browse Source
This commit is contained in:
Alexander Renz 2025-04-05 20:34:00 +02:00
parent cc1a629aff
commit 2769fd1a98
3 changed files with 298 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.MD
View File

@ -1,5 +1,4 @@
# HMAC File Server 2.6-Stable
# HMAC File Server 2.8-Stable
## Overview
The **HMAC File Server** ensures secure file uploads and downloads using HMAC authentication. It incorporates rate limiting, CORS support, retries, file versioning, and Unix socket support for enhanced flexibility. Redis integration provides efficient caching and session management. Prometheus metrics and a graceful shutdown mechanism ensure reliable and efficient file handling.

3
SHORT_RELEASE_NOTE.md
View File

@ -1,6 +1,7 @@
# Short Release Note
Key Highlights from 2.7-Stable:
Key Highlights from 2.8-Stable:
- Version check history added for improved tracking.
- Improved ISO-based storage for specialized use cases.
- Enhanced ClamAV scanning with concurrent workers.
- Auto-scaling workers for optimized performance.

308
wiki.md
View File

@ -28,6 +28,8 @@ This documentation provides detailed information on configuring, setting up, and
5. [Building for Different Architectures](#building-for-different-architectures)
6. [Additional Recommendations](#additional-recommendations)
7. [Notes](#notes)
8. [Using HMAC File Server for CI/CD Build Artifacts](#using-hmac-file-server-for-ci-cd-build-artifacts)
9. [Monitoring](#monitoring)
---
@ -681,8 +683,6 @@ To set up a reverse proxy for the HMAC File Server, you can use either Apache2 o
sudo systemctl restart nginx
```
You're correct—my statement included unnecessary comments about the configuration. Here's the fully revised configuration without comments or meta-discussion:
---
#### 3. ejabberd Configuration
@ -794,18 +794,6 @@ To build the HMAC File Server for different architectures, you can use the follo
GOOS=linux GOARCH=amd64 go build -o hmac-file-server-linux-amd64
```
### Building for macOS (x86_64)
```sh
GOOS=darwin GOARCH=amd64 go build -o hmac-file-server-darwin-amd64
```
### Building for Windows (x86_64)
```sh
GOOS=windows GOARCH=amd64 go build -o hmac-file-server-windows-amd64.exe
```
### Building for ARM (32-bit)
```sh
@ -818,6 +806,30 @@ GOOS=linux GOARCH=arm GOARM=7 go build -o hmac-file-server-linux-arm
GOOS=linux GOARCH=arm64 go build -o hmac-file-server-linux-arm64
```
### Building the Monitoring Tool
The monitoring tool (`monitor.go`) is located in the `server/cmd/monitor/` directory and is compiled separately from the main HMAC File Server. Below are the instructions for building the monitoring tool:
#### Building for Linux (x86_64)
```sh
GOOS=linux GOARCH=amd64 go build -o monitor-linux-amd64 ./server/cmd/monitor/monitor.go
```
#### Building for ARM (32-bit)
```sh
GOOS=linux GOARCH=arm GOARM=7 go build -o monitor-linux-arm ./server/cmd/monitor/monitor.go
```
#### Building for ARM (64-bit)
```sh
GOOS=linux GOARCH=arm64 go build -o monitor-linux-arm64 ./server/cmd/monitor/monitor.go
```
Once built, the monitoring tool can be executed independently to track system performance, Prometheus metrics, and active processes.
---
## Additional Recommendations
@ -832,3 +844,271 @@ GOOS=linux GOARCH=arm64 go build -o hmac-file-server-linux-arm64
- The HMAC File Server is designed to be flexible and configurable. Adjust the settings in the `config.toml` file to match your specific requirements and environment.
- For any issues or questions, refer to the project's GitHub repository and documentation.
## Using HMAC File Server for CI/CD Build Artifacts
This guide explains how to use [HMAC File Server](https://github.com/PlusOne/hmac-file-server) to securely upload and download build artifacts in CI/CD pipelines.
---
## Why Use HMAC File Server?
- Secure, HMAC-authenticated access
- Self-hosted, no third-party storage needed
- Configurable TTL, versioning, and deduplication
- Prometheus metrics for monitoring
- Easily integrated into GitHub Actions, GitLab CI, Jenkins, etc.
---
## Step 1: Set Up HMAC File Server
Clone and build the server:
```bash
git clone https://github.com/PlusOne/hmac-file-server.git
cd hmac-file-server
go build -o hmac-file-server
cp config.example.toml config.toml
mkdir -p /data/artifacts
./hmac-file-server -config config.toml
```
Update `config.toml` with:
```toml
[hmac]
secret = "your-secret-key"
[upload]
enabled = true
path = "/data/artifacts"
[download]
enabled = true
```
---
## Step 2: Generate Signed URLs
Use HMAC to generate signed URLs for secure upload/download.
### Upload Script
```bash
#!/bin/bash
FILE_PATH="./build/output.tar.gz"
FILENAME="output.tar.gz"
SECRET="your-secret-key"
BASE_URL="https://your-hmac-server.com"
TIMESTAMP=$(date +%s)
SIGNATURE=$(echo -n "$FILENAME$TIMESTAMP" | openssl dgst -sha256 -hmac "$SECRET" | sed 's/^.* //')
curl -X PUT "$BASE_URL/upload/$FILENAME?ts=$TIMESTAMP&sig=$SIGNATURE" --data-binary "@$FILE_PATH"
```
### Download Script
```bash
#!/bin/bash
FILENAME="output.tar.gz"
SECRET="your-secret-key"
BASE_URL="https://your-hmac-server.com"
TIMESTAMP=$(date +%s)
SIGNATURE=$(echo -n "$FILENAME$TIMESTAMP" | openssl dgst -sha256 -hmac "$SECRET" | sed 's/^.* //')
curl -O "$BASE_URL/download/$FILENAME?ts=$TIMESTAMP&sig=$SIGNATURE"
```
---
## Step 3: Integrate into CI/CD
### GitHub Actions Example
```yaml
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Build
run: |
mkdir -p build
echo "example artifact content" > build/output.tar.gz
- name: Upload Artifact to HMAC Server
run: bash scripts/upload-artifact.sh
```
---
## Optional Features
- **TTL**: Auto-delete artifacts after a set time
- **Deduplication**: Only store unique files
- **Versioning**: Track changes to files over time
- **Virus Scanning**: Integrate with ClamAV
---
## Monitoring
The HMAC File Server provides a built-in monitoring interface to track system performance, Prometheus metrics, and active processes. Below is an overview of the monitoring features:
### System Data
The monitoring interface displays key system metrics, including:
- **CPU Usage**: Current CPU usage percentage.
- **Memory Usage**: Current memory usage percentage.
- **CPU Cores**: Number of CPU cores available.
### Prometheus Metrics
The server exposes Prometheus metrics for tracking upload and download statistics:
- **hmac_file_server_upload_errors_total**: Total number of upload errors.
- **hmac_file_server_uploads_total**: Total number of successful uploads.
- **hmac_file_server_downloads_total**: Total number of successful downloads.
These metrics can be integrated with Prometheus and visualized using tools like Grafana.
### Process List
The monitoring interface also provides a list of active processes, including:
- Process ID (PID)
- CPU usage percentage
- Memory usage percentage
- Command or service name
This information helps in identifying resource-intensive processes and debugging performance issues.
### Example Monitoring Output
Below is an example of the monitoring interface output:
```
System Data
Metric Value
CPU Usage 2.78%
Memory Usage 26.49%
CPU Cores 4
Prometheus Metrics
hmac_file_server_upload_errors_total 1.00
hmac_file_server_uploads_total 4.00
hmac_file_server_downloads_total 15.00
Process List
PID CPU MEM COMMAND
907752 0.12 2.69 /lib/systemd/systemd-journald
4055132 0.12 0.03 /usr/sbin/qemu-ga
2370782 0.11 0.00 kworker/0:2-wg-crypt-wg1
2371119 0.10 0.08 bash
2371096 0.10 0.14 sshd: root@pts/0
2369170 0.09 0.00 kworker/0:0-mm_percpu_wq
2371240 0.07 0.00 kworker/0:1-wg-crypt-wg1
2371099 0.06 0.13 systemd --user
868714 0.05 0.59 php-fpm: pool www
```
For more details on integrating Prometheus metrics, refer to the [Prometheus documentation](https://prometheus.io/docs/).
---
## License
HMAC File Server is open-source and MIT licensed.
---
## Resources
- [HMAC File Server GitHub Repo](https://github.com/PlusOne/hmac-file-server)
- [Configuration Docs](https://github.com/PlusOne/hmac-file-server/wiki)
## Version 3.0 Release Note
Version 2.8 is the last release before we begin integrating additional features and focusing on further stability patches.
## CI/CD with HMAC File Server Summary
Sure! Here is a brief guide on how to use the HMAC File Server in your CI/CD pipeline:
---
### 1. Server Setup
```bash
git clone https://github.com/PlusOne/hmac-file-server.git
cd hmac-file-server
go build -o hmac-file-server
cp config.example.toml config.toml
mkdir -p /data/artifacts
./hmac-file-server -config config.toml
```
Update config.toml:
```toml
[hmac]
secret = "your-secret-key"
[upload]
enabled = true
path = "/data/artifacts"
[download]
enabled = true
```
---
### 2. Upload & Download with HMAC
#### Upload Script
```bash
FILE="output.tar.gz"
TS=$(date +%s)
SIG=$(echo -n "$FILE$TS" | openssl dgst -sha256 -hmac "$SECRET" | sed 's/^.* //')
curl -X PUT "$URL/upload/$FILE?ts=$TS&sig=$SIG" --data-binary "@build/$FILE"
```
#### Download Script
```bash
TS=$(date +%s)
SIG=$(echo -n "$FILE$TS" | openssl dgst -sha256 -hmac "$SECRET" | sed 's/^.* //')
curl -O "$URL/download/$FILE?ts=$TS&sig=$SIG"
```
---
### 3. Using in CI/CD (GitHub Actions)
```yaml
- name: Build
run: |
mkdir -p build
echo "artifact" > build/output.tar.gz
- name: Upload
env:
SECRET: ${{ secrets.HMAC_SECRET }}
run: bash scripts/upload.sh
```
---
### Advantages
- Secure (HMAC)
- Self-hosted
- Easy to integrate
- No dependencies on third-party providers