yindo/Drop-Shielded
1
0
Fork 0
mirror of https://github.com/BillyOutlast/Drop-Shielded.git synced 2026-02-04 03:01:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Drop-Shielded/README.md
John Doe 2b2c6204a3 Add readme
2025-11-29 09:45:18 -05:00

201 lines
5.6 KiB
Markdown
Raw Permalink Blame History

# Drop-Shielded
A secure, VPN-protected Drop media server setup using Docker Compose with Gluetun VPN tunnel, PostgreSQL database, and Nginx reverse proxy with SSL termination.
## Features
- 🔒 **VPN Protection**: All traffic routed through AirVPN using Gluetun
- 🗄️ **Database**: PostgreSQL 14 with health checks
- 🔐 **SSL/HTTPS**: Self-signed certificates with Nginx reverse proxy
- 📁 **Media Library**: Configurable library paths for media storage
- 🐳 **Containerized**: Fully containerized setup with Docker Compose
## Architecture
```
Internet → AirVPN (Gluetun) → Nginx (SSL) → Drop Application
PostgreSQL Database
```
## Prerequisites
- Docker or Podman with Compose
- AirVPN Wireguard configuration
- OpenSSL (for certificate generation)
## Quick Start
1. **Clone the repository**
```bash
git clone https://github.com/BillyOutlast/Drop-Shielded.git
cd Drop-Shielded
```
2. **Configure environment**
```bash
cp .env.example .env
# Edit .env with your configuration
```
3. **Generate SSL certificates**
```bash
bash ./generate-certs.sh
```
4. **Start the services**
```bash
docker-compose up -d
# or with Podman
podman-compose up -d
```
5. **Access your Drop server**
- URL: `https://your-domain:your-port`
- Default: `https://drop.airdns.org:3000`
## Configuration
### Environment Variables
Copy `.env.example` to `.env` and configure:
| Variable | Description | Example |
|----------|-------------|---------|
| `DROP_AIRVPN_PORT` | External port for Drop access | `3000` |
| `DROP_DDNS` | Your domain/DDNS hostname | `drop.airdns.org` |
| `WIREGUARD_PRIVATE_KEY` | Your AirVPN private key | `your-private-key` |
| `WIREGUARD_PRESHARED_KEY` | Your AirVPN preshared key | `your-preshared-key` |
| `WIREGUARD_ADDRESSES` | Your AirVPN IP addresses | `10.99.99.99/32` |
| `POSTGRES_PASSWORD` | PostgreSQL password | `drop` |
| `POSTGRES_USER` | PostgreSQL username | `drop` |
| `POSTGRES_DB` | PostgreSQL database name | `drop` |
| `LIBRARY_PATH` | Path to your media library | `./library` |
| `DROP_DATA_PATH` | Path to Drop data directory | `./data` |
### AirVPN Setup
1. Log into your AirVPN account
2. Generate a Wireguard configuration
3. Extract the private key, preshared key, and addresses
4. Add these to your `.env` file
### SSL Certificates
The setup uses self-signed certificates generated by the included script:
```bash
./generate-certs.sh
```
This creates:
- `nginx/certs/server.crt` - SSL certificate
- `nginx/certs/server.key` - Private key
- `nginx/certs/server.pem` - Certificate bundle
### Library Configuration
#### Single Library
Use `LIBRARY_PATH` for a single media library:
```env
LIBRARY_PATH=./library
```
#### Multiple Libraries
Uncomment and configure multiple library paths in `docker-compose.yaml`:
```yaml
volumes:
- ${LIBRARY_PATH_1}:/library/1
- ${LIBRARY_PATH_2}:/library/2
```
## Services
### Gluetun VPN
- **Image**: `qmcgaw/gluetun`
- **Purpose**: VPN tunnel for all traffic
- **Network**: Host for other containers
### PostgreSQL
- **Image**: `postgres:14-alpine`
- **Purpose**: Database for Drop application
- **Health Check**: Built-in readiness probe
### Nginx
- **Image**: `nginx:alpine`
- **Purpose**: SSL termination and reverse proxy
- **Port**: Configurable via `DROP_AIRVPN_PORT`
### Drop
- **Image**: `ghcr.io/drop-oss/drop:latest`
- **Purpose**: Media server application
- **Dependencies**: PostgreSQL health check
## File Structure
```
Drop-Shielded/
├── docker-compose.yaml # Main compose configuration
├── .env.example # Environment template
├── .env # Your configuration (create from example)
├── generate-certs.sh # SSL certificate generator
├── nginx/
│ ├── nginx.conf # Nginx configuration
│ └── certs/ # SSL certificates (generated)
├── db/ # PostgreSQL data
├── data/ # Drop application data
├── gluetun/ # Gluetun configuration
└── library/ # Media library
```
## Troubleshooting
### VPN Connection Issues
1. Verify your AirVPN credentials in `.env`
2. Check Gluetun logs: `docker-compose logs gluetun`
3. Ensure your AirVPN account is active
### SSL Certificate Issues
1. Regenerate certificates: `bash ./generate-certs.sh`
2. Verify certificate permissions
3. Check Nginx logs: `docker-compose logs nginx`
### Database Connection Issues
1. Wait for PostgreSQL to start completely
2. Check health status: `docker-compose ps`
3. Verify database credentials in `.env`
### Port Access Issues
1. Ensure `DROP_AIRVPN_PORT` is correctly configured
2. Check firewall settings
3. Verify VPN port forwarding
## Security Notes
- All traffic is routed through the VPN
- Self-signed certificates provide encryption but will show browser warnings
- Database is only accessible within the container network
- Media libraries are mounted read-only where possible
## Contributing
1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Test the configuration
5. Submit a pull request
## License
This project is open source. Please check individual component licenses:
- [Drop](https://github.com/drop-oss/drop)
- [Gluetun](https://github.com/qdm12/gluetun)
- [PostgreSQL](https://www.postgresql.org/)
- [Nginx](https://nginx.org/)
## Support
For issues related to:
- **Drop application**: [Drop GitHub Issues](https://github.com/drop-oss/drop/issues)
- **VPN connectivity**: [Gluetun GitHub Issues](https://github.com/qdm12/gluetun/issues)
- **This setup**: [Create an issue](https://github.com/BillyOutlast/Drop-Shielded/issues)
Reference in New Issue View Git Blame Copy Permalink