LAB/DumbWareio_DumbDrop
1
0
Fork 0
mirror of https://github.com/DumbWareio/DumbDrop.git synced 2026-01-09 06:11:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
DumbWareio_DumbDrop/docker-compose.yml
abite ff8f813f49
Merge commit from fork 
* Enhance IP spoofing protection and proxy trust config

Adds secure IP extraction utility to prevent X-Forwarded-For header spoofing, updates rate limiter and authentication to use real client IP, and introduces TRUST_PROXY and TRUSTED_PROXY_IPS configuration options. Documentation and tests updated to reflect new security measures and usage guidance for reverse proxy deployments.

* Update package.json
2025-11-09 20:59:28 -08:00

39 lines
2.8 KiB
YAML
Raw Permalink Blame History

services:
dumbdrop:
image: dumbwareio/dumbdrop:latest
# build: .
container_name: dumbdrop
restart: unless-stopped
ports:
- 3000:3000
volumes:
# Replace "./local_uploads" ( before the colon ) with the path where the files land
- ./local_uploads:/app/uploads
environment: # Environment variables for the DumbDrop service
# Explicitly set upload directory inside the container
UPLOAD_DIR: /app/uploads
DUMBDROP_TITLE: DumbDrop # The title shown in the web interface
MAX_FILE_SIZE: 1024 # Maximum file size in MB
DUMBDROP_PIN: 123456 # Optional PIN protection (4-10 digits, leave empty to disable)
AUTO_UPLOAD: true # Upload without clicking button
BASE_URL: http://localhost:3000 # The base URL for the application, You must update this to the url you use to access your site
# Comma-separated list of allowed origins for CORS
# (default: '*' if empty, replace with your base_url if you want to restrict only to base_url)
# When adding multiple origins, base_url will be included by default and does not need to the list
# ALLOWED_IFRAME_ORIGINS: #DEPRECATED and will be used as ALLOWED_ORIGINS if SET
# ALLOWED_ORIGINS: http://internalip:port,https://subdomain.example.com
# Additional available environment variables (commented out with defaults)
# PORT: 3000 # Server port (default: 3000)
# NODE_ENV: production # Node environment (development/production) - when not using production ALLOWED_ORIGINS will be set to '*' by default
# DEBUG: false # Debug mode for verbose logging (default: false in production, true in development)
# APPRISE_URL: "" # Apprise notification URL for upload notifications (default: none)
# APPRISE_MESSAGE: "New file uploaded - {filename} ({size}), Storage used {storage}" # Notification message template with placeholders: {filename}, {size}, {storage}
# APPRISE_SIZE_UNIT: "Auto" # Size unit for notifications (B, KB, MB, GB, TB, or Auto)
# ALLOWED_EXTENSIONS: ".jpg,.jpeg,.png,.pdf,.doc,.docx,.txt" # Comma-separated list of allowed file extensions (default: all allowed)
# Reverse Proxy / Security Settings (IMPORTANT: Read documentation before enabling)
# TRUST_PROXY: false # Set to 'true' ONLY if behind a trusted reverse proxy (Nginx, Caddy, Traefik, etc.)
# TRUSTED_PROXY_IPS: 172.17.0.1,10.0.0.1 # Optional: Comma-separated list of trusted proxy IPs for additional security
# WARNING: Enabling TRUST_PROXY without a proper reverse proxy allows attackers to bypass rate limiting!
Reference in New Issue View Git Blame Copy Permalink