mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

standardize on /dev/shm/party.sock; closes #229

Browse source
This commit is contained in:
ed 2025-07-28 20:29:40 +00:00
parent 5b98e104f2
commit cb019afecf
2 changed files with 8 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -2027,7 +2027,7 @@ some reverse proxies (such as [Caddy](https://caddyserver.com/)) can automatical
* **warning:** nginx-QUIC (HTTP/3) is still experimental and can make uploads much slower, so HTTP/1.1 is recommended for now * **warning:** nginx-QUIC (HTTP/3) is still experimental and can make uploads much slower, so HTTP/1.1 is recommended for now
* depending on server/client, HTTP/1.1 can also be 5x faster than HTTP/2 * depending on server/client, HTTP/1.1 can also be 5x faster than HTTP/2
for improved security (and a 10% performance boost) consider listening on a unix-socket with `-i unix:770:www:/tmp/party.sock` (permission `770` means only members of group `www` can access it) for improved security (and a 10% performance boost) consider listening on a unix-socket with `-i unix:770:www:/dev/shm/party.sock` (permission `770` means only members of group `www` can access it)
example webserver / reverse-proxy configs: example webserver / reverse-proxy configs:

13
copyparty/__main__.py
View file

@ -547,14 +547,15 @@ def get_sects():
when running behind a reverse-proxy, it's recommended to when running behind a reverse-proxy, it's recommended to
use unix-sockets for improved performance and security; use unix-sockets for improved performance and security;
\033[32m-i unix:770:www:\033[33m/tmp/a.sock\033[0m listens on \033[33m/tmp/a.sock\033[0m with \033[32m-i unix:770:www:\033[33m/dev/shm/party.sock\033[0m listens on
permissions \033[33m0770\033[0m; only accessible to members of the \033[33mwww\033[0m \033[33m/dev/shm/party.sock\033[0m with permissions \033[33m0770\033[0m;
group. This is the best approach. Alternatively, only accessible to members of the \033[33mwww\033[0m group.
This is the best approach. Alternatively,
\033[32m-i unix:777:\033[33m/tmp/a.sock\033[0m sets perms \033[33m0777\033[0m so anyone can \033[32m-i unix:777:\033[33m/dev/shm/party.sock\033[0m sets perms \033[33m0777\033[0m so anyone
access it; bad unless it's inside a restricted folder can access it; bad unless it's inside a restricted folder
\033[32m-i unix:\033[33m/tmp/a.sock\033[0m keeps umask-defined permissions \033[32m-i unix:\033[33m/dev/shm/party.sock\033[0m keeps umask-defined permission
(usually \033[33m0600\033[0m) and the same user/group as copyparty (usually \033[33m0600\033[0m) and the same user/group as copyparty
\033[33m-p\033[0m (tcp ports) is ignored for unix sockets \033[33m-p\033[0m (tcp ports) is ignored for unix sockets