cryptomator-webdav
Docker 应用程序 from beastieg's Repository
概述
Cryptomator WebDAV allows you to serve a locally stored Cryptomator vault over a secure WebDAV (https) connection, allowing access to decrypted files through third party WebDav tools such as rclone, Mountain Duck, CyberDuck etc.
Setting the Cryptomator Vault Password:
The password for the vault can either be set directly through the Cryptomator Vault Password variable, or can be stored in a local file and shared through the Cryptomator Vault Password File setting.
Only one is needed.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/vault.pass'
Optional Signed Certificate:
An optional signed certificate can be passed to the container, e.g. from LetsEncrypt.
Set the "Optional: Signed Certificate" variable to the full path of your certificate file, containing both your cert and the key in one .pem file.
Note: Unraid only shows directories in its drop down by default, manually type the full path to the file in the variable box, e.g. '/mnt/user/appdata/cryptomator-webdav/mycert.pem'
File Permissions:
Cryptomator-webdav runs as UID:99, GID:100 by default. This can be changed through the CRYPTOMATOR_UID and CRYPTOMATOR_GID variables.
Ensure vault files are read and writable by the IDs you set.
Ensure any vault password file provided is readable by these IDs.
More Secure File Permissions:
Most Unraid Community Applications containers run as UID:99, GID:100
In theory this would mean a rouge container could have read access to your encrypted files if the vault was shared with it.
To ensure a slightly more secure installation, it is recommended the container application is run as a separate Unraid user id, and vault files are only accessible by this user.
For example:
- Set CRYPTOMATOR_UID to your Unraid user id, e.g. 1000
- Ensure all vault files are only readable and writable by this user:
- chown -R 1000: /path/to/cryptomator/vault
- chmod -R u+rwX,g-rwx,o-rwx /path/to/cryptomator/vault
See the Cryptomator WebDAV github project for more details at https://github.com/greycubesgav/cryptomator-webdav
More details about Cryptomator can be found at https://cryptomator.org
要求
The native Cryptomator application (https://cryptomator.org/downloads/) should be used to create a new vault.
Then copy the entire vault directory and all sub-directories and files over to Unraid.
The decrypted vault files can then be edited through greycubesgav/cryptomator-webdav.
运行时参数
- 网络用户界面
https://[IP]:[PORT:8443]/vault/- 网络
bridge- 外壳
sh- 特权
- false
模板配置
Port the Cryptomator WebDAV share will be available at.
- 目标
- 8443
- 默认值
- 18081
The location of the local Cryptomator vault files.
- 目标
- /vault
- 默认值
- /mnt/cryptomator_vault
The Cryptomator password for the vault. Note: is visible in docker env. Use password file for more secure option.
- 目标
- CRYPTOMATOR_VAULT_PASS
- 默认值
- strongpass
Optionally set the location of a local file containing the Cryptomator vault password.
- 目标
- /vault.pass
- 默认值
- /mnt/user/appdata/cryptomator-webdav/vault.pass
Optional: A fully signed cert with key embeded to be used by stunnel. e.g. /mnt/user/appdata/cryptomator-webdav/mycert.pem
- 目标
- /etc/stunnel/stunnel.pem
User ID to run cryptomator-cli as
- 目标
- CRYPTOMATOR_UID
- 默认值
- 99
Group ID to run cryptomator-cli as
- 目标
- CRYPTOMATOR_GID
- 默认值
- 100
Umask run cryptomator-cli as. Helps protect any new files created from loose permissions.
- 目标
- CRYPTOMATOR_UMASK
- 默认值
- 0077
下载统计数据
详细信息
greycubesgav/cryptomator-webdav在Unraid 上运行 cryptomator-webdav 。
cryptomator-webdav 已被列入Unraid OS 的社区应用程序。探索Unraid ,构建灵活的家庭服务器、NAS 或家庭实验室。