yindo/Drop-Shielded
1
0
Fork 0
mirror of https://github.com/BillyOutlast/Drop-Shielded.git synced 2026-02-04 03:01:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
42 Commits 1 Branch 0 Tags
50cfe5cf0b6f4984e948cf3ab82d448ddc4b13da
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Doe 50cfe5cf0b getting rid of double postgres
2025-11-29 10:33:50 -05:00
nginx
moving to https
2025-11-28 21:37:19 -05:00
.env.example
adding gamevault alterntive
2025-11-29 10:21:48 -05:00
docker-compose.yaml
getting rid of double postgres
2025-11-29 10:33:50 -05:00
generate-certs.sh
moving to https
2025-11-28 21:37:19 -05:00
README.md
Add readme
2025-11-29 09:45:18 -05:00

README.md

Drop-Shielded

A secure, VPN-protected Drop media server setup using Docker Compose with Gluetun VPN tunnel, PostgreSQL database, and Nginx reverse proxy with SSL termination.

Features

  • 🔒 VPN Protection: All traffic routed through AirVPN using Gluetun
  • 🗄️ Database: PostgreSQL 14 with health checks
  • 🔐 SSL/HTTPS: Self-signed certificates with Nginx reverse proxy
  • 📁 Media Library: Configurable library paths for media storage
  • 🐳 Containerized: Fully containerized setup with Docker Compose

Architecture

Internet → AirVPN (Gluetun) → Nginx (SSL) → Drop Application
                           ↓
                      PostgreSQL Database

Prerequisites

  • Docker or Podman with Compose
  • AirVPN Wireguard configuration
  • OpenSSL (for certificate generation)

Quick Start

  1. Clone the repository

    git clone https://github.com/BillyOutlast/Drop-Shielded.git
cd Drop-Shielded

  2. Configure environment

    cp .env.example .env
# Edit .env with your configuration

  3. Generate SSL certificates

    bash ./generate-certs.sh

  4. Start the services

    docker-compose up -d
# or with Podman
podman-compose up -d

  5. Access your Drop server

    • URL: https://your-domain:your-port
    • Default: https://drop.airdns.org:3000

Configuration

Environment Variables

Copy .env.example to .env and configure:

Variable Description Example
DROP_AIRVPN_PORT External port for Drop access 3000
DROP_DDNS Your domain/DDNS hostname drop.airdns.org
WIREGUARD_PRIVATE_KEY Your AirVPN private key your-private-key
WIREGUARD_PRESHARED_KEY Your AirVPN preshared key your-preshared-key
WIREGUARD_ADDRESSES Your AirVPN IP addresses 10.99.99.99/32
POSTGRES_PASSWORD PostgreSQL password drop
POSTGRES_USER PostgreSQL username drop
POSTGRES_DB PostgreSQL database name drop
LIBRARY_PATH Path to your media library ./library
DROP_DATA_PATH Path to Drop data directory ./data

AirVPN Setup

  1. Log into your AirVPN account
  2. Generate a Wireguard configuration
  3. Extract the private key, preshared key, and addresses
  4. Add these to your .env file

SSL Certificates

The setup uses self-signed certificates generated by the included script:

./generate-certs.sh

This creates:

  • nginx/certs/server.crt - SSL certificate
  • nginx/certs/server.key - Private key
  • nginx/certs/server.pem - Certificate bundle

Library Configuration

Single Library

Use LIBRARY_PATH for a single media library:

LIBRARY_PATH=./library

Multiple Libraries

Uncomment and configure multiple library paths in docker-compose.yaml:

volumes:
  - ${LIBRARY_PATH_1}:/library/1
  - ${LIBRARY_PATH_2}:/library/2

Services

Gluetun VPN

  • Image: qmcgaw/gluetun
  • Purpose: VPN tunnel for all traffic
  • Network: Host for other containers

PostgreSQL

  • Image: postgres:14-alpine
  • Purpose: Database for Drop application
  • Health Check: Built-in readiness probe

Nginx

  • Image: nginx:alpine
  • Purpose: SSL termination and reverse proxy
  • Port: Configurable via DROP_AIRVPN_PORT

Drop

  • Image: ghcr.io/drop-oss/drop:latest
  • Purpose: Media server application
  • Dependencies: PostgreSQL health check

File Structure

Drop-Shielded/
├── docker-compose.yaml     # Main compose configuration
├── .env.example           # Environment template
├── .env                   # Your configuration (create from example)
├── generate-certs.sh      # SSL certificate generator
├── nginx/
│   ├── nginx.conf        # Nginx configuration
│   └── certs/            # SSL certificates (generated)
├── db/                   # PostgreSQL data
├── data/                 # Drop application data
├── gluetun/              # Gluetun configuration
└── library/              # Media library

Troubleshooting

VPN Connection Issues

  1. Verify your AirVPN credentials in .env
  2. Check Gluetun logs: docker-compose logs gluetun
  3. Ensure your AirVPN account is active

SSL Certificate Issues

  1. Regenerate certificates: bash ./generate-certs.sh
  2. Verify certificate permissions
  3. Check Nginx logs: docker-compose logs nginx

Database Connection Issues

  1. Wait for PostgreSQL to start completely
  2. Check health status: docker-compose ps
  3. Verify database credentials in .env

Port Access Issues

  1. Ensure DROP_AIRVPN_PORT is correctly configured
  2. Check firewall settings
  3. Verify VPN port forwarding

Security Notes

  • All traffic is routed through the VPN
  • Self-signed certificates provide encryption but will show browser warnings
  • Database is only accessible within the container network
  • Media libraries are mounted read-only where possible

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Test the configuration
  5. Submit a pull request

License

This project is open source. Please check individual component licenses:

Support

For issues related to:

Description
No description provided
Readme 55 KiB
Languages
Shell 100%