Self-hosted cloud server with a convenient web interface


droppy is a self-hosted cloud server with an interface similar to desktop file managers and has capabilites to edit files as well as view and playback media directly in the browser. It focuses on performance and intuitive usage. It can run both standalone or through express. To provide realtime updates, most communication is done through WebSockets. A demo is available here.

  • Fully responsive HTML5 interface
  • Multi-file and folder upload
  • Realtime updates of changes
  • Share public download links
  • Zip download of folders
  • Image and video gallery, audio player
  • Drag & drop and swipe gesture support
  • Fullscreen support
  • Edit text files in a heavily customized CodeMirror
  • Supports latest node.js/io.js (min: 0.10) and all modern browsers
$ [sudo] npm install -g droppy
$ droppy start

To store configuration and files, these two directories will be used:

  • ~/.droppy: configuration directory. Override with --configdir.
  • ~/.droppy/files: files directory. Override with --filesdir.

By default, the server listens on and http://[::]:8989. On first login, a prompt for username and password for the first account will appear.

Run droppy config to edit config/config.json, which is created with these defaults:

  "listeners" : [
          "host"     : ["", "::"],
          "port"     : 8989,
          "protocol" : "http"
  "debug"          : false,
  "keepAlive"      : 20000,
  "linkLength"     : 5,
  "logLevel"       : 2,
  "maxFileSize"    : 0,
  "public"         : false,
  "timestamps"     : true,
  "updateInterval" : 1000
  • listeners Array - Defines on which interfaces, port and protocols the server will listen. See listener options below. listeners has no effect when droppy is used as a module.
  • debug Boolean - When enabled, skips resource minification and enables CSS reloading.
  • keepAlive Number - The interval in milliseconds in which the server sends keepalive message over the websocket. These messages add some overhead but may be needed with proxies are involved. Set to 0 to disable keepalive messages.
  • linkLength Number - The amount of characters in a share link.
  • logLevel Number - Logging amount. 0 is no logging, 1 is errors, 2 is info (HTTP requests), 3 is debug (Websocket communication).
  • maxFileSize Number - The maximum file size in bytes a user can upload in a single file.
  • public Boolean - When enabled, no authentication is performed.
  • timestamps Boolean - When enabled, adds timestamps to log output.
  • updateInterval Number - Interval in which a single client can receive updates through changes in the file system, in milliseconds.

listeners defines on which interfaces, ports and protcol(s) the server will listen. For example:

"listeners": [
        "host"     : [ "", "::" ],
        "port"     : 80,
        "protocol" : "http"
        "host"     : "",
        "port"     : 443,
        "protocol" : "https",
        "key"      : "~/certs/tls.key",
        "cert"     : "~/certs/tls.crt",
        "ca"       : "~/certs/tls.ca",
        "dhparam"  : "~/certs/tls.dhparam",
        "hsts"     : 31536000

The above configuration will result in:

  • HTTP listening on all IPv4 and IPv6 interfaces, port 80.
  • HTTPS listening on all IPv4 interfaces, port 443, with 1 year of HSTS duration, using the provided SSL/TLS files.

A listener object accepts these options:

  • host String/Array - Network interface(s) to listen on. Required.
  • port Number/Array - Network port(s) to listen on. Required.
  • protocol String - Protocol to use, http or https. Required.

For SSL/TLS these additional options are available:

  • key String - Path to PEM-encoded SSL/TLS private key file. Required.
  • cert String - Path to PEM-encoded SSL/TLS certificate file. Required.
  • ca String - Path to PEM-encoded SSL/TLS intermediate certificate file.
  • dhparam String - Path to PEM-encoded SSL/TLS Diffie-Hellman parameters file. If not provided, new 2048 bit parameters will generated and saved for future use.
  • hsts Number - Length of the HSTS header in seconds. Set to 0 to disable HSTS.

Note: Unless given absolute, SSL/TLS paths are relative to the config folder. If your certificate file includes an concatenated intermediate certificate, it will be detected and used, there's no need to specify ca in this case.

droppy can be used with express like this:

var app    = require("express")();
var droppy = require("droppy")({
  configdir: "~/droppy/config"
  filesdir: "~/droppy/files",
  log: "~/droppy/log",
  logLevel: 0
app.use("/", droppy).listen(process.env.PORT || 8989);

See the commented express example for a working example.

  • options {object}: Options. Extends config.json. In addition to above listed options, configdir, filesdir and log are present on the API.

Returns function onRequest(req, res). All arguments are optional.

For correct filenames of shared links, use --content-disposition or add this to ~/.wgetrc:

content-disposition = on

© 2012-2015 silverwind, distributed under BSD licence