micke/amity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
177 commits 1 branch 0 tags 5.4 MiB
Find a file
Exact
Micke Nordin 40ab93ae0d Use HTTP-01 challenge only for ACME certificates 
TLS-ALPN-01 requires direct TLS passthrough which doesn't work
behind nginx ingress or other reverse proxies that terminate TLS.
Force HTTP-01 challenge type for better compatibility.
2025-12-30 16:22:45 +01:00
debian Fix storage settings not reflecting changes in admin UI 2025-12-28 14:41:42 +01:00
examples Add Kubernetes deployment example with Kustomize 2025-12-29 14:22:04 +01:00
migrations Add OIDC support for external providers and as identity provider 2025-12-30 00:34:47 +01:00
src Use HTTP-01 challenge only for ACME certificates 2025-12-30 16:22:45 +01:00
static Add SSE-C encryption support for S3 storage backends 2025-12-29 14:21:54 +01:00
templates Fix OIDC Resource Server implementation 2025-12-30 02:21:09 +01:00
tests/docker Add multi-database support and Docker Compose test environment 2025-12-27 22:32:29 +01:00
.gitignore Add storage backend migration feature 2025-12-28 23:14:57 +01:00
Cargo.lock Add OIDC support for external providers and as identity provider 2025-12-30 00:34:47 +01:00
Cargo.toml Add OIDC support for external providers and as identity provider 2025-12-30 00:34:47 +01:00
config.example.toml Remove Python implementation, keep only Rust 2025-12-27 00:16:02 +01:00
docker-compose.test.yml Add WOPI/Collabora Online integration for document editing 2025-12-29 12:15:26 +01:00
Dockerfile Add multi-database support and Docker Compose test environment 2025-12-27 22:32:29 +01:00
Makefile Fix docs port numbers and update Makefile docker target 2025-12-29 23:17:26 +01:00
README.md Update README with comprehensive documentation 2025-12-29 15:30:46 +01:00

README.md

Amity

A lightweight Open Cloud Mesh (OCM) file sharing server written in Rust, with WebDAV, SFTP, and federated sharing support.

Features

Core

  • OCM Federation - Share files with users on other OCM-compatible servers (ownCloud, Nextcloud, etc.)
  • WebDAV - Access files via any WebDAV client
  • SFTP/SSH - Secure file transfer with SSH key or password authentication
  • Web Interface - Upload, browse, share, and manage files from your browser

Storage Backends

  • Filesystem - Local disk storage
  • S3 - Amazon S3 or S3-compatible storage (MinIO, Garage, Wasabi, etc.)
  • WebDAV - Remote WebDAV server as backend
  • Multiple Backends - Configure multiple storage backends and assign users to different backends
  • Storage Migration - Move files between backends with progress tracking
  • SSE-C Encryption - Server-side encryption with customer-provided keys for S3 backends

Document Editing

  • Collabora Online - Edit documents, spreadsheets, and presentations in the browser via WOPI integration
  • Real-time Collaboration - Multiple users can edit documents simultaneously

Database Backends

  • SQLite (development/small deployments)
  • PostgreSQL (recommended for production)
  • MySQL/MariaDB (production)

Security

  • TLS with Let's Encrypt (ACME) or static certificates
  • HTTP Signature verification for OCM requests
  • SSE-C encryption at rest for S3 storage
  • Secure session management

User Experience

  • Light/Dark/System theme support
  • Per-user storage backend selection
  • Admin UI for all configuration

Quick Start

Docker Compose (Recommended)

See the examples directory for various deployment configurations:

Example Database Storage Collabora Use Case
simple-local SQLite Filesystem No Personal use, testing
full-s3-mariadb MariaDB S3 (Garage) Yes Production
full-webdav-postgres PostgreSQL WebDAV Yes Existing WebDAV infra
ha-cluster MariaDB Galera Garage (3x) Yes High availability
kubernetes MariaDB Galera Garage (3x) Yes Cloud-native HA 
cd examples/simple-local
docker compose up -d

Access at http://localhost:8080. Check logs for the initial admin password.

Building from Source

Prerequisites

  • Rust 1.75 or later
  • OpenSSL development libraries
cargo build --release

The binary will be at target/release/amity.

Debian Package

dpkg-buildpackage -b -us -uc
sudo dpkg -i ../amity_*.deb

The package installs:

  • Binary: /usr/bin/amity
  • Config: /etc/amity/config.example.toml
  • Data: /var/lib/amity/
  • Systemd service: amity.service

Configuration

The config file (config.toml) contains only the database connection URL. All other settings are managed via the Admin UI and stored in the database.

sudo cp /etc/amity/config.example.toml /etc/amity/config.toml
sudo editor /etc/amity/config.toml

Example config.toml:

# SQLite (default)
database_url = "sqlite:///var/lib/amity/amity.db?mode=rwc"

# PostgreSQL
# database_url = "postgres://amity:password@localhost/amity"

# MySQL/MariaDB
# database_url = "mysql://amity:password@localhost/amity"

Running

amity serve

Or with systemd:

sudo systemctl enable amity
sudo systemctl start amity

On first run, a temporary admin password is logged to the console.

Storage Backends

Amity supports multiple storage backends that can be configured via Admin > Storage.

Filesystem

Store files on local disk:

Backend Type: Filesystem
Root Directory: /var/lib/amity/data/files

S3 / S3-Compatible

Store files in Amazon S3 or compatible services (Garage, MinIO, Wasabi):

Backend Type: S3
Bucket: my-bucket
Region: us-east-1
Endpoint: https://s3.amazonaws.com (or custom endpoint)
Access Key ID: AKIA...
Secret Access Key: ****
Path Style: Enable for most S3-compatible services

SSE-C Encryption

Enable server-side encryption with customer-provided keys:

  1. Check "Enable server-side encryption (SSE-C)"
  2. Either auto-generate a key or provide your own base64-encoded 256-bit key
  3. Important: If the key is lost, encrypted data cannot be recovered

SSE-C is supported by:

  • AWS S3
  • Garage
  • MinIO (with MINIO_SSE_CUSTOMER_ENABLED=on)

WebDAV

Use a remote WebDAV server as storage:

Backend Type: WebDAV
Endpoint: https://example.com/dav/
Username: (optional)
Password: (optional)

Per-User Storage

Assign specific users to different storage backends via Admin > Users > Edit User.

Storage Migration

Move files between backends via Admin > Storage > Migration:

  1. Select source and target backends
  2. Optionally limit to a single user
  3. Optionally delete source files after copy
  4. Monitor progress in real-time

Collabora Integration

Enable document editing with Collabora Online:

  1. Deploy Collabora CODE (see examples)
  2. In Admin > Settings, set:
    • WOPI Enabled: Yes
    • Collabora URL: http://collabora:9980 (internal) or public URL

Supported formats: .docx, .xlsx, .pptx, .odt, .ods, .odp, and more.

Client Access

WebDAV

Connect with any WebDAV client:

URL: https://yourdomain.com/dav/
Username: your-username
Password: your-password

SFTP

Connect via SFTP (default port 9022):

sftp -P 9022 user@yourdomain.com

Or with SSH key authentication.

Web Interface

Access at https://yourdomain.com/ to:

  • Upload and download files
  • Create folders
  • Share files with federated users
  • Edit documents (with Collabora)
  • Manage shares and friends

OCM Federation

Share files with users on other OCM-compatible servers:

  1. Add Friends: Exchange invite strings with users on other servers
  2. Share Files: Right-click a file and select "Share", then choose a friend
  3. Access Shares: Shared files appear in "Remote Shares" section

Invite strings contain:

  • Your username and server
  • A cryptographic token for authentication
  • Server capabilities

CLI Commands

# Start the server
amity serve

# Migrate from Python Amity
amity migrate

# Manage settings
amity config list
amity config get server.host
amity config set server.port 8080

Environment Variables

Override config file settings:

  • DATABASE_URL - Database connection string
  • AMITY_HOST - HTTP server bind address
  • AMITY_PORT - HTTP server port

Deployment

See examples/README.md for detailed deployment guides:

  • Docker Compose - Single server to HA cluster
  • Kubernetes - Cloud-native with Kustomize and SealedSecrets
  • Bare Metal - Use backend-only example for database/storage, run Amity directly

Production Checklist

  • Use PostgreSQL or MariaDB (not SQLite)
  • Enable TLS (ACME or static certificates)
  • Configure external URL correctly
  • Set up backup for database and storage
  • Use SSE-C encryption for sensitive data on S3
  • Configure proper session cookie security

License

This project is licensed under the GNU Affero General Public License v3.0 only (AGPL-3.0-only).

See https://www.gnu.org/licenses/agpl-3.0.en.html for details.