# Drop-Shielded

A secure, VPN-protected Drop media server setup using Docker Compose with Gluetun VPN tunnel, PostgreSQL database, and Nginx reverse proxy with SSL termination.

## Features

- 🔒 **VPN Protection**: All traffic routed through AirVPN using Gluetun
- 🗄️ **Database**: PostgreSQL 14 with health checks
- 🔐 **SSL/HTTPS**: Self-signed certificates with Nginx reverse proxy
- 📁 **Media Library**: Configurable library paths for media storage
- 🐳 **Containerized**: Fully containerized setup with Docker Compose

## Architecture

```
Internet → AirVPN (Gluetun) → Nginx (SSL) → Drop Application
                           ↓
                      PostgreSQL Database
```

## Prerequisites

- Docker or Podman with Compose
- AirVPN Wireguard configuration
- OpenSSL (for certificate generation)

## Quick Start

1. **Clone the repository**
   ```bash
   git clone https://github.com/BillyOutlast/Drop-Shielded.git
   cd Drop-Shielded
   ```

2. **Configure environment**
   ```bash
   cp .env.example .env
   # Edit .env with your configuration
   ```

3. **Generate SSL certificates**
   ```bash
   bash ./generate-certs.sh
   ```

4. **Start the services**
   ```bash
   docker-compose up -d
   # or with Podman
   podman-compose up -d
   ```

5. **Access your Drop server**
   - URL: `https://your-domain:your-port`
   - Default: `https://drop.airdns.org:3000`

## Configuration

### Environment Variables

Copy `.env.example` to `.env` and configure:

| Variable | Description | Example |
|----------|-------------|---------|
| `DROP_AIRVPN_PORT` | External port for Drop access | `3000` |
| `DROP_DDNS` | Your domain/DDNS hostname | `drop.airdns.org` |
| `WIREGUARD_PRIVATE_KEY` | Your AirVPN private key | `your-private-key` |
| `WIREGUARD_PRESHARED_KEY` | Your AirVPN preshared key | `your-preshared-key` |
| `WIREGUARD_ADDRESSES` | Your AirVPN IP addresses | `10.99.99.99/32` |
| `POSTGRES_PASSWORD` | PostgreSQL password | `drop` |
| `POSTGRES_USER` | PostgreSQL username | `drop` |
| `POSTGRES_DB` | PostgreSQL database name | `drop` |
| `LIBRARY_PATH` | Path to your media library | `./library` |
| `DROP_DATA_PATH` | Path to Drop data directory | `./data` |

### AirVPN Setup

1. Log into your AirVPN account
2. Generate a Wireguard configuration
3. Extract the private key, preshared key, and addresses
4. Add these to your `.env` file

### SSL Certificates

The setup uses self-signed certificates generated by the included script:

```bash
./generate-certs.sh
```

This creates:
- `nginx/certs/server.crt` - SSL certificate
- `nginx/certs/server.key` - Private key
- `nginx/certs/server.pem` - Certificate bundle

### Library Configuration

#### Single Library
Use `LIBRARY_PATH` for a single media library:
```env
LIBRARY_PATH=./library
```

#### Multiple Libraries
Uncomment and configure multiple library paths in `docker-compose.yaml`:
```yaml
volumes:
  - ${LIBRARY_PATH_1}:/library/1
  - ${LIBRARY_PATH_2}:/library/2
```

## Services

### Gluetun VPN
- **Image**: `qmcgaw/gluetun`
- **Purpose**: VPN tunnel for all traffic
- **Network**: Host for other containers

### PostgreSQL
- **Image**: `postgres:14-alpine`
- **Purpose**: Database for Drop application
- **Health Check**: Built-in readiness probe

### Nginx
- **Image**: `nginx:alpine`
- **Purpose**: SSL termination and reverse proxy
- **Port**: Configurable via `DROP_AIRVPN_PORT`

### Drop
- **Image**: `ghcr.io/drop-oss/drop:latest`
- **Purpose**: Media server application
- **Dependencies**: PostgreSQL health check

## File Structure

```
Drop-Shielded/
├── docker-compose.yaml     # Main compose configuration
├── .env.example           # Environment template
├── .env                   # Your configuration (create from example)
├── generate-certs.sh      # SSL certificate generator
├── nginx/
│   ├── nginx.conf        # Nginx configuration
│   └── certs/            # SSL certificates (generated)
├── db/                   # PostgreSQL data
├── data/                 # Drop application data
├── gluetun/              # Gluetun configuration
└── library/              # Media library
```

## Troubleshooting

### VPN Connection Issues
1. Verify your AirVPN credentials in `.env`
2. Check Gluetun logs: `docker-compose logs gluetun`
3. Ensure your AirVPN account is active

### SSL Certificate Issues
1. Regenerate certificates: `bash ./generate-certs.sh`
2. Verify certificate permissions
3. Check Nginx logs: `docker-compose logs nginx`

### Database Connection Issues
1. Wait for PostgreSQL to start completely
2. Check health status: `docker-compose ps`
3. Verify database credentials in `.env`

### Port Access Issues
1. Ensure `DROP_AIRVPN_PORT` is correctly configured
2. Check firewall settings
3. Verify VPN port forwarding

## Security Notes

- All traffic is routed through the VPN
- Self-signed certificates provide encryption but will show browser warnings
- Database is only accessible within the container network
- Media libraries are mounted read-only where possible

## Contributing

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test the configuration
5. Submit a pull request

## License

This project is open source. Please check individual component licenses:
- [Drop](https://github.com/drop-oss/drop)
- [Gluetun](https://github.com/qdm12/gluetun)
- [PostgreSQL](https://www.postgresql.org/)
- [Nginx](https://nginx.org/)

## Support

For issues related to:
- **Drop application**: [Drop GitHub Issues](https://github.com/drop-oss/drop/issues)
- **VPN connectivity**: [Gluetun GitHub Issues](https://github.com/qdm12/gluetun/issues)
- **This setup**: [Create an issue](https://github.com/BillyOutlast/Drop-Shielded/issues)