Subscribe Convection: self-hosted secure file exchange in Rails
June 8, 2010
Introducing Convection, an open-source (MIT License) project of Logical Reality Design. Need to swap files with clients or collaborators, but don't want to (or can't) trust those files to Amazon or sendbigfiles.com? Want fine-grained control over which users can see which files? Try Convection.
Lots of file exchange services exist, for example SendBigFiles.com etc. However, all of these services are hosted on someone else's hardware, and most of them share files by transferring URLs -- usually via email -- without good access control or authorization schemes.
We built Convection because a client needed to transfer files with other companies, but they needed to host the system themselves because the contracts they hold with their own clients require them not to store data on services that they don't control. The specifications Convection was built around were:
- Hosted on our own server.
- Downloads require a login, and files cannot be shared by email.
- Users must log in to download files or see available files.
- User accounts can be grouped, groups can be managed.
- Files can be shared with an entire group.
- Files uploaded by users default to minimal permission - visible only to the uploader and to admins.
- All communications over SSL. (we made this optional)
Installing and hosting Convection
To run Convection, you will need a webserver capable of running a Ruby on Rails application, and a database. Setting such a thing up is beyond the scope of this post. If you have a Dreamhost account, you can set up a Rails-capable domain with a couple of clicks in their web panel. In addition to the server, you will need to set up a database (we have only tested MySQL, but Convection should work with any SQL database for which Rails/ActiveRecord has a supported adapter, including PostgreSQL and Oracle), and initialize the database with these two commands:
> rake db:migrate RAILS_ENV=production > rake db:seed RAILS_ENV=production
This will generate the tables necessary for Convection to run, and create a pair of initial demo users "admin" and "user", both with password "foobar".
If you are setting up a server yourself, there are plenty of guides to deploying Rails on the web. Much of our own guide to deploying CruiseControl.rb can be used to set up any Rails application on Slicehost or any other Ubuntu Linux hosting provider.
Let me know if you're trying to deploy Convection and having trouble: if we know people are using it we may put effort into making it easier to deploy and install, and write a more thorough guide.
A few other links that may help you with deploying a Rails application, depending on your environment:
If you Google around you may find plenty of other links relevant to your particular environment.
Configuring Convection
If you log into your running Convection application as an administrator (initial user "admin", password "foobar"), an Admin Tools utility will appear in the right hand column. From here, you can access tools for creating users, and groups, and the general site configuration.
In general site config, you can set your site name and logo, set whether or not the site requires SSL access (Note: your server must already support SSL!) outgoing email and email notification preferences, add Google analytics, and an assortment of other site configuration operations that are mostly self-explanatory.
Upload progress bar: experimental feature.
If your site hosts large uploads that take a while to transfer, you can try our experimental tools to provide an upload progress bar to the user. This tool will only work if your site is served by Apache, and requires installing and configuring an optional module for Apache.
To enable this tool, follow the instructions in the README file and associated links, and turn on the progress bar setting in site preferences.
Helping us improve Convection
Convection is currently in version 1.1.4 and has been in production in two places (that we know of) for about five months as of June 8, 2010.
Please let us know if you are using Convection and enjoy it (or don't). Feel free to request features or alterations, but Convection is open source, so also please consider contributing if you have ideas!
I’m looking at using something to share files from my home server/dyndns setup, and convection looks incredibly promising. Is there any further place for users to get or collect information, like which ruby/rails version it runs with, which common problems people run into and how they work around them?
Kind regards
Philipp
@Philipp: Convection currently runs in Rails 2.3.5, though would probably upgrade to Rails 2.3.8 quite smoothly. I believe Rails is vendored, so on any standard deployment environment you should be able to run it without worrying about the version.
There isn’t much of a community support setup yet, but because of your query I may go set up a google groups mailing list for it shortly. If/when I set that up, I’ll post it back here so you can see the update.
I installed Convection 1.1.4 and tried to use it. What I do not understand: how can I share files. As an admin, I have access to all files, but users only can see the files, they uploaded themselves.
Kind regards
Thomas
@Thomas: To share a file with others, go to the file’s edit page. If you are logged in as an admin, you will see a yellow sidebar labeled “Admin Tool: Permissions”. In that box, you can set which groups can view/download a file, and which groups and edit/delete a file. To share a file with all users, click the “view/download” checkbox next to “All Users”. To share a file with only some users, you create a group and assign the users to that group. Then, that group will show up in the Permissions box when you edit files, and you can give that group access to the file.
Let me know if this helps!
@Evan: Thanks. I was there several times, but I never looked at the sidebar but only at the file properties.
I am a newbie to web development. would somebody be able to tell me what to do to install. Any help would be heartly appreciated.
@GS: To install, you will need a webserver capable of supporting a Ruby on Rails 2.x application that allows you to upload files to disk. There are a number of options, including cheap commercial hosting like Dreamhost.
If you are setting it up yourself, there are many options for building a Rails-capable webserver. I personally think a standard Apache server with Phusion Passenger installed is the easiest.
However, if you are very new to web dev, be prepared for a sharp learning curve. Stick to it, however, and you’ll get there. Do you have experience setting up Linux environments? If not, you may need to start there. Here’s a good guide to getting a full stack (linux -> apache -> passenger -> Rails) running on a Ubuntu server:
https://help.ubuntu.com/community/RubyOnRails
Also, here’s the Phusion Passenger install guide: http://www.modrails.com/install.html
I have been building websites for quite sometime now using joomla and wordpress and my server does support uploading using cpanelx. apache etc is already installed on the server All I have experience of is setting up a database, adding a user to it and then setting up joomla and working on it. I am only a student and am working side by side part-time. My client needs a solution throught which he can exchange files with his clients. This software looks good for his pupose. So is it possible to simple upload the files and run some script to install it? Something like joomla or wordpress?
@GS: Okay, you’re better off than i feared when you said “newbie to web development”.
Since convection is a Rails application, you will still need to do more than upload the files and run a script, however. Rails runs within its own in-memory application, and Apache needs to be told launch that application. The easiest way to do this is to install Phusion Passenger as a module to apache.
If your server already has rubygems (Ruby’s package manager) installed, there is a passenger gem that can walk you through this process very quickly. The instructions are in the modrails link above.
Then you’ll want to set up an Apache virtualhost for the application. Rails applications really want their own domain or sub-domain (i.e. file-exchange.yourdomain.com), rather than to run in a subdirectory of your existing site (yourdomain.com/file-exchange). It’s possible to do the latter, but I promise it’s not worth the hassle. There are a few minor tricks of writing a vhost file for a rails application: the most important one is that if you upload your rails application to, say, /web/files/convection, then you point apache’s DocumentRoot not to that directory, but to /web/files/convection/public. This is because everything outside the ‘public’ directory in a Rails application is used by Rails to run the site and is not meant to be visible to the public. This approach – relative to the one used by joomla – means you don’t have to worry so much about your file permissions from a security perspective. (Because things outside the public subdirectory are never even examined by Apache and can’t be served).
Once your server is up with a domain and vhost configured, and you’ve uploaded the files, you do need to create a database, and seed it with a few initial records (like the first admin account). Documentation on doing this can be found in the convection README. https://github.com/LRDesign/Convection
To edit the specifics of the database connection username, password, etc., edit the file config/database.yml in the uploaded copy of Convection.
It’s definitely not as easy to set up and deploy a Rails application as a PHP-based one like Joomla. This is the tradeoff we make for the much friendlier development environment of Rails. However, there are many good guides to deploying Rails around the ‘net, google will help you find them.
Another note after reading your post more carefull5y: if Cpanel is your *only* access to the server (i.e. if you can’t connect to the server with a sudo-capable shell account and edit your Apache configs), you probably cannot set up a Rails application.
Some managed, shared-hosting environments (like Dreamhost) solve this by providing a one-click “enable Passenger for Rails on this domain” in their control panel. But if you are really in a controlled environment and it doesn’t provide such an option, Rails applications may just not be an option for you. If it’s that sort of managed environment, I’d suggest contacting the hosting provider’s tech support and asking if they support Ruby on Rails.
Ok. Thanks a lot for you help. I will search google for more information on rails. But i think i understood the most part of it. I am so much in love with open source community for the support it provides. Thanks again.
So is there any any simple software that should just allow an admin to set up users and assign them folders so that the admin should have access to all the folders while the user should have access only to his own folder where he can upload and download files?
@GS: Not that i’m aware of … that need is why we wrote Convection in the first place. You could set up a bunch of FTP users and give each one an FTP directory, and put the admin in a group that had access to all of those directories, but that’s definitely a fiddly problem that would need to be maintained by hand.
But, new tools may have been written in the two years since we first decided Convection was necessary. If you find any other free tools that solve this problem, please let me know.
Add A Comment