yindo/Drop-Shielded
1
0
Fork 0
mirror of https://github.com/BillyOutlast/Drop-Shielded.git synced 2026-02-04 03:01:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
52 Commits 1 Branch 0 Tags
46efba9ed47bfd684effa867b56185c8256bb9ac
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Doe 46efba9ed4 changed port
2025-11-30 19:19:22 -05:00
nginx
changed port
2025-11-30 19:19:22 -05:00
.env.example
adding IGDB
2025-11-29 11:45:52 -05:00
docker-compose.yaml
adding IGDB
2025-11-29 11:45:52 -05:00
generate-certs.sh
moving to https
2025-11-28 21:37:19 -05:00
README.md
Add readme
2025-11-29 09:45:18 -05:00

README.md

Drop-Shielded

A secure, VPN-protected Drop media server setup using Docker Compose with Gluetun VPN tunnel, PostgreSQL database, and Nginx reverse proxy with SSL termination.

Features

  • 🔒 VPN Protection: All traffic routed through AirVPN using Gluetun
  • 🗄️ Database: PostgreSQL 14 with health checks
  • 🔐 SSL/HTTPS: Self-signed certificates with Nginx reverse proxy
  • 📁 Media Library: Configurable library paths for media storage
  • 🐳 Containerized: Fully containerized setup with Docker Compose

Architecture

Internet → AirVPN (Gluetun) → Nginx (SSL) → Drop Application
                           ↓
                      PostgreSQL Database

Prerequisites

  • Docker or Podman with Compose
  • AirVPN Wireguard configuration
  • OpenSSL (for certificate generation)

Quick Start

  1. Clone the repository

    git clone https://github.com/BillyOutlast/Drop-Shielded.git
cd Drop-Shielded

  2. Configure environment

    cp .env.example .env
# Edit .env with your configuration

  3. Generate SSL certificates

    bash ./generate-certs.sh

  4. Start the services

    docker-compose up -d
# or with Podman
podman-compose up -d

  5. Access your Drop server

    • URL: https://your-domain:your-port
    • Default: https://drop.airdns.org:3000

Configuration

Environment Variables

Copy .env.example to .env and configure:

Variable Description Example
DROP_AIRVPN_PORT External port for Drop access 3000
DROP_DDNS Your domain/DDNS hostname drop.airdns.org
WIREGUARD_PRIVATE_KEY Your AirVPN private key your-private-key
WIREGUARD_PRESHARED_KEY Your AirVPN preshared key your-preshared-key
WIREGUARD_ADDRESSES Your AirVPN IP addresses 10.99.99.99/32
POSTGRES_PASSWORD PostgreSQL password drop
POSTGRES_USER PostgreSQL username drop
POSTGRES_DB PostgreSQL database name drop
LIBRARY_PATH Path to your media library ./library
DROP_DATA_PATH Path to Drop data directory ./data

AirVPN Setup

  1. Log into your AirVPN account
  2. Generate a Wireguard configuration
  3. Extract the private key, preshared key, and addresses
  4. Add these to your .env file

SSL Certificates

The setup uses self-signed certificates generated by the included script:

./generate-certs.sh

This creates:

  • nginx/certs/server.crt - SSL certificate
  • nginx/certs/server.key - Private key
  • nginx/certs/server.pem - Certificate bundle

Library Configuration

Single Library

Use LIBRARY_PATH for a single media library:

LIBRARY_PATH=./library

Multiple Libraries

Uncomment and configure multiple library paths in docker-compose.yaml:

volumes:
  - ${LIBRARY_PATH_1}:/library/1
  - ${LIBRARY_PATH_2}:/library/2

Services

Gluetun VPN

  • Image: qmcgaw/gluetun
  • Purpose: VPN tunnel for all traffic
  • Network: Host for other containers

PostgreSQL

  • Image: postgres:14-alpine
  • Purpose: Database for Drop application
  • Health Check: Built-in readiness probe

Nginx

  • Image: nginx:alpine
  • Purpose: SSL termination and reverse proxy
  • Port: Configurable via DROP_AIRVPN_PORT

Drop

  • Image: ghcr.io/drop-oss/drop:latest
  • Purpose: Media server application
  • Dependencies: PostgreSQL health check

File Structure

Drop-Shielded/
├── docker-compose.yaml     # Main compose configuration
├── .env.example           # Environment template
├── .env                   # Your configuration (create from example)
├── generate-certs.sh      # SSL certificate generator
├── nginx/
│   ├── nginx.conf        # Nginx configuration
│   └── certs/            # SSL certificates (generated)
├── db/                   # PostgreSQL data
├── data/                 # Drop application data
├── gluetun/              # Gluetun configuration
└── library/              # Media library

Troubleshooting

VPN Connection Issues

  1. Verify your AirVPN credentials in .env
  2. Check Gluetun logs: docker-compose logs gluetun
  3. Ensure your AirVPN account is active

SSL Certificate Issues

  1. Regenerate certificates: bash ./generate-certs.sh
  2. Verify certificate permissions
  3. Check Nginx logs: docker-compose logs nginx

Database Connection Issues

  1. Wait for PostgreSQL to start completely
  2. Check health status: docker-compose ps
  3. Verify database credentials in .env

Port Access Issues

  1. Ensure DROP_AIRVPN_PORT is correctly configured
  2. Check firewall settings
  3. Verify VPN port forwarding

Security Notes

  • All traffic is routed through the VPN
  • Self-signed certificates provide encryption but will show browser warnings
  • Database is only accessible within the container network
  • Media libraries are mounted read-only where possible

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Test the configuration
  5. Submit a pull request

License

This project is open source. Please check individual component licenses:

Support

For issues related to:

Description
No description provided
Readme 55 KiB
Languages
Shell 100%