Subscribe Convection: self-hosted secure file exchange in Rails
June 8, 2010
Introducing Convection, an open-source (MIT License) project of Logical Reality Design. Need to swap files with clients or collaborators, but don't want to (or can't) trust those files to Amazon or sendbigfiles.com? Want fine-grained control over which users can see which files? Try Convection.
Lots of file exchange services exist, for example SendBigFiles.com etc. However, all of these services are hosted on someone else's hardware, and most of them share files by transferring URLs -- usually via email -- without good access control or authorization schemes.
We built Convection because a client needed to transfer files with other companies, but they needed to host the system themselves because the contracts they hold with their own clients require them not to store data on services that they don't control. The specifications Convection was built around were:
- Hosted on our own server.
- Downloads require a login, and files cannot be shared by email.
- Users must log in to download files or see available files.
- User accounts can be grouped, groups can be managed.
- Files can be shared with an entire group.
- Files uploaded by users default to minimal permission - visible only to the uploader and to admins.
- All communications over SSL. (we made this optional)
Installing and hosting Convection
To run Convection, you will need a webserver capable of running a Ruby on Rails application, and a database. Setting such a thing up is beyond the scope of this post. If you have a Dreamhost account, you can set up a Rails-capable domain with a couple of clicks in their web panel. In addition to the server, you will need to set up a database (we have only tested MySQL, but Convection should work with any SQL database for which Rails/ActiveRecord has a supported adapter, including PostgreSQL and Oracle), and initialize the database with these two commands:
> rake db:migrate RAILS_ENV=production > rake db:seed RAILS_ENV=production
This will generate the tables necessary for Convection to run, and create a pair of initial demo users "admin" and "user", both with password "foobar".
If you are setting up a server yourself, there are plenty of guides to deploying Rails on the web. Much of our own guide to deploying CruiseControl.rb can be used to set up any Rails application on Slicehost or any other Ubuntu Linux hosting provider.
Let me know if you're trying to deploy Convection and having trouble: if we know people are using it we may put effort into making it easier to deploy and install, and write a more thorough guide.
A few other links that may help you with deploying a Rails application, depending on your environment:
If you Google around you may find plenty of other links relevant to your particular environment.
Configuring Convection
If you log into your running Convection application as an administrator (initial user "admin", password "foobar"), an Admin Tools utility will appear in the right hand column. From here, you can access tools for creating users, and groups, and the general site configuration.
In general site config, you can set your site name and logo, set whether or not the site requires SSL access (Note: your server must already support SSL!) outgoing email and email notification preferences, add Google analytics, and an assortment of other site configuration operations that are mostly self-explanatory.
Upload progress bar: experimental feature.
If your site hosts large uploads that take a while to transfer, you can try our experimental tools to provide an upload progress bar to the user. This tool will only work if your site is served by Apache, and requires installing and configuring an optional module for Apache.
To enable this tool, follow the instructions in the README file and associated links, and turn on the progress bar setting in site preferences.
Helping us improve Convection
Convection is currently in version 1.1.4 and has been in production in two places (that we know of) for about five months as of June 8, 2010.
Please let us know if you are using Convection and enjoy it (or don't). Feel free to request features or alterations, but Convection is open source, so also please consider contributing if you have ideas!
I’m looking at using something to share files from my home server/dyndns setup, and convection looks incredibly promising. Is there any further place for users to get or collect information, like which ruby/rails version it runs with, which common problems people run into and how they work around them?
Kind regards
Philipp
@Philipp: Convection currently runs in Rails 2.3.5, though would probably upgrade to Rails 2.3.8 quite smoothly. I believe Rails is vendored, so on any standard deployment environment you should be able to run it without worrying about the version.
There isn’t much of a community support setup yet, but because of your query I may go set up a google groups mailing list for it shortly. If/when I set that up, I’ll post it back here so you can see the update.
I installed Convection 1.1.4 and tried to use it. What I do not understand: how can I share files. As an admin, I have access to all files, but users only can see the files, they uploaded themselves.
Kind regards
Thomas
@Thomas: To share a file with others, go to the file’s edit page. If you are logged in as an admin, you will see a yellow sidebar labeled “Admin Tool: Permissions”. In that box, you can set which groups can view/download a file, and which groups and edit/delete a file. To share a file with all users, click the “view/download” checkbox next to “All Users”. To share a file with only some users, you create a group and assign the users to that group. Then, that group will show up in the Permissions box when you edit files, and you can give that group access to the file.
Let me know if this helps!
@Evan: Thanks. I was there several times, but I never looked at the sidebar but only at the file properties.
Add A Comment