Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
turn almost any device into a file server with resumable uploads/downloads using any web browser
👉 Get started! or visit the read-only demo server 👀 running from a basement in finland
📷 screenshots: browser // upload // unpost // thumbnails // search // fsearch // zip-DL // md-viewer
🎬 videos: upload // cli-upload // race-the-beam
g or 田 to toggle grid-view instead of the file listingzip or tar filesF2 to bring up the rename UI--ftp 3921--tftp 3969.hist/up2k.db, default) or somewhere else-e2t to index tags on uploadnix profile install github:9001/copyparty8 GiB/s download, 1 GiB/s upload
just run copyparty-sfx.py -- that's it! 🎉
python3 -m pip install --user -U copypartyenable thumbnails (images/audio/video), media indexing, and audio transcoding by installing some recommended deps:
apk add py3-pillow ffmpegapt install --no-install-recommends python3-pil ffmpegdnf install python3-pillow ffmpeg --allowerasingpkg install py39-sqlite3 py39-pillow ffmpegport install py-Pillow ffmpegbrew install pillow ffmpegpython -m pip install --user -U Pillow
winget or Microsoft Store (it breaks $PATH)Pillow and only needs ffmpegrunning copyparty without arguments (for example doubleclicking it on Windows) will give everyone read/write access to the current folder; you may want accounts and volumes
or see some usage examples for inspiration, or the complete windows example
some recommended options:
-e2dsa enables general file indexing-e2ts enables audio metadata indexing (needs either FFprobe or Mutagen)-v /mnt/music:/music:r:rw,foo -a foo:bar shares /mnt/music as /music, readable by anyone, and read-write for user foo, password bar
:r:rw,foo with :r,foo to only make the folder readable by foo and nobody else--help-accounts) for the syntax and other permissionsmake it accessible over the internet by starting a cloudflare quicktunnel like so:
first download cloudflared and then start the tunnel with cloudflared tunnel --url http://127.0.0.1:3923
as the tunnel starts, it will show a URL which you can share to let anyone browse your stash or upload files to you
since people will be connecting through cloudflare, run copyparty with --xff-hdr cf-connecting-ip to detect client IPs correctly
you may also want these, especially on servers:
and remember to open the ports you want; here's a complete example including every feature copyparty has to offer:
firewall-cmd --permanent --add-port={80,443,3921,3923,3945,3990}/tcp # --zone=libvirt
firewall-cmd --permanent --add-port=12000-12099/tcp # --zone=libvirt
firewall-cmd --permanent --add-port={69,1900,3969,5353}/udp # --zone=libvirt
firewall-cmd --reload
(69:tftp, 1900:ssdp, 3921:ftp, 3923:http/https, 3945:smb, 3969:tftp, 3990:ftps, 5353:mdns, 12000:passive-ftp)
also see comparison to similar software
PS: something missing? post any crazy ideas you've got as a feature request or discussion 🤙
small collection of user feedback
good enough, surprisingly correct, certified good software, just works, why, wow this is better than nextcloud
project goals / philosophy
general notes:
browser-specific:
about:memory and click Minimize memory usageserver-os-specific:
/usr/libexec/platform-pythonserver notes:
roughly sorted by chance of encounter
general:
--th-ff-jpg may fix video thumbnails on some FFmpeg versions (macos, some linux)--th-ff-swr may fix audio thumbnails on some FFmpeg versionsup2k.db (filesystem index) is on a samba-share or network disk, you'll get unpredictable behavior if the share is disconnected for a bit
--hist or the hist volflag (-v [...]:c,hist=/tmp/foo) to place the db on a local disk insteadpython 3.4 and older (including 2.7):
python 2.7 on Windows:
-e2dif you have a new exciting bug to share, see reporting bugs
same order here too
Chrome issue 1317069 -- if you try to upload a folder which contains symlinks by dragging it into the browser, the symlinked files will not get uploaded
Chrome issue 1352210 -- plaintext http may be faster at filehashing than https (but also extremely CPU-intensive)
Chrome issue 383568268 -- filereaders in webworkers can OOM / crash the browser-tab
Firefox issue 1790500 -- entire browser can crash after uploading ~4000 small files
Android: music playback randomly stops due to battery usage settings
iPhones: the volume control doesn't work because apple doesn't want it to
AudioContext will probably never be a viable workaround as apple introduces new issues faster than they fix current onesiPhones: the preload feature (in the media-player-options tab) can cause a tiny audio glitch 20sec before the end of each song, but disabling it may cause worse iOS bugs to appear instead
Windows: folders cannot be accessed if the name ends with .
Windows: msys2-python 3.8.6 occasionally throws RuntimeError: release unlocked lock when leaving a scoped mutex in up2k
VirtualBox: sqlite throws Disk I/O Error when running in a VM and the up2k database is in a vboxsf
--hist or the hist volflag (-v [...]:c,hist=/tmp/foo) to place the db inside the vm insteadUbuntu: dragging files from certain folders into firefox or chrome is impossible
snap connections firefox for the allowlist, removable-media permits all of /mnt and /media apparentlyupgrade notes
1.9.16 (2023-11-04):
--stats/prometheus: cpp_bans renamed to cpp_active_bans, and that + cpp_uptime are gauges1.6.0 (2023-01-29):
POST instead of GETGET and HEAD must pass cors validation1.5.0 (2022-12-03): new chunksize formula for files larger than 128 GiB
"frequently" asked questions
is it possible to block read-access to folders unless you know the exact URL for a particular file inside?
g permission, see the examples therechmod 111 music will make it possible to access files and folders inside the music folder but not list the immediate contents -- also works with other software, not just copypartycan I link someone to a password-protected volume/file by including the password in the URL?
?pw=hunter2 to the end; replace ? with & if there are parameters in the URL already, meaning it contains a ? near the endhow do I stop .hist folders from appearing everywhere on my HDD?
.hist folder is created inside each volume for the filesystem index, thumbnails, audio transcodes, and markdown document history. Use the --hist global-option or the hist volflag to move it somewhere else; see database locationcan I make copyparty download a file to my server if I give it a URL?
firefox refuses to connect over https, saying "Secure Connection Failed" or "SEC_ERROR_BAD_SIGNATURE", but the usual button to "Accept the Risk and Continue" is not shown
cert9.db somewhere in your firefox profile folderthe server keeps saying thank you for playing when I try to access the website
copyparty seems to think I am using http, even though the URL is https
X-Forwarded-Proto: https header; this could be because your reverse-proxy itself is confused. Ensure that none of the intermediates (such as cloudflare) are terminating https before the traffic hits your entrypointi want to learn python and/or programming and am considering looking at the copyparty source code in that occasion
_| _ __ _ _|_
(_| (_) | | (_) |_
per-folder, per-user permissions - if your setup is getting complex, consider making a config file instead of using arguments
systemctl reload copyparty or more conveniently using the [reload cfg] button in the control-panel (if the user has a/admin in any volume)
[global] config section requires a restart to take effecta quick summary can be seen using --help-accounts
configuring accounts/volumes with arguments:
-a usr:pwd adds account usr with password pwd-v .::r adds current-folder . as the webroot, readable by anyone
-v src:dst:perm:perm:... so local-path, url-path, and one or more permissions to set-v .::r,usr1,usr2:rw,usr3,usr4 = usr1/2 read-only, 3/4 read-writepermissions:
r (read): browse folder contents, download files, download as zip/tar, see filekeys/dirkeysw (write): upload files, move/copy files into this folderm (move): move files/folders from this folderd (delete): delete files/folders. (dots): user can ask to show dotfiles in directory listingsg (get): only download files, cannot see folder contents or zip/tarG (upget): same as g except uploaders get to see their own filekeys (see fk in examples below)h (html): same as g except folders return their index.html, and filekeys are not necessary for index.htmla (admin): can see upload time, uploader IPs, config-reloadA ("all"): same as rwmda. (read/write/move/delete/admin/dotfiles)examples:
-a u1:p1 -a u2:p2 -a u3:p3/srv the root of the filesystem, read-only by anyone: -v /srv::r/mnt/music available at /music, read-only for u1 and u2, read-write for u3: -v /mnt/music:music:r,u1,u2:rw,u3
music folder exists, but cannot open it/mnt/incoming available at /inc, write-only for u1, read-move for u2: -v /mnt/incoming:inc:w,u1:rm,u2
inc folder exists, but cannot open itu1 can open the inc folder, but cannot see the contents, only upload new files to itu2 can browse it and move files from /inc into any folder where u2 has write-access/mnt/ss available at /i, read-write for u1, get-only for everyone else, and enable filekeys: -v /mnt/ss:i:rw,u1:g:c,fk=4
c,fk=4 sets the fk (filekey) volflag to 4, meaning each file gets a 4-character accesskeyu1 can upload files, browse the folder, and see the generated filekeysg permission with wg would let anonymous users upload files, but not see the required filekey to access itg permission with wG would let anonymous users upload files, receiving a working direct link in returnanyone trying to bruteforce a password gets banned according to --ban-pw; default is 24h ban for 9 failed attempts in 1 hour
hiding specific subfolders by mounting another volume on top of them
for example -v /mnt::r -v /var/empty:web/certs:r mounts the server folder /mnt as the webroot, but another volume is mounted at /web/certs -- so visitors can only see the contents of /mnt and /mnt/web (at URLs / and /web), but not /mnt/web/certs because URL /web/certs is mapped to /var/empty
unix-style hidden files/folders by starting the name with a dot
anyone can access these if they know the name, but they normally don't appear in directory listings
a client can request to see dotfiles in directory listings if global option -ed is specified, or the volume has volflag dots, or the user has permission .
dotfiles do not appear in search results unless one of the above is true, and the global option / volflag dotsrch is set
accessing a copyparty server using a web-browser
the main tabs in the ui
[🔎] search by size, date, path/name, mp3-tags ...[🧯] unpost: undo/delete accidental uploads[🚀] and [🎈] are the uploaders[📂] mkdir: create directories[📝] new-md: create a new markdown document[📟] send-msg: either to server-log or into textfiles if --urlform save[🎺] audio-player config options[⚙️] general client config optionsthe browser has the following hotkeys (always qwerty)
? show hotkeys helpB toggle breadcrumbs / navpaneI/K prev/next folderM parent folder (or unexpand current)V toggle folders / textfiles in the navpaneG toggle list / grid view -- same as 田 bottom-rightT toggle thumbnails / iconsESC close various thingsctrl-K delete selected files/foldersctrl-X cut selected files/foldersctrl-C copy selected files/folders to clipboardctrl-V paste (move/copy)Y download selected filesF2 rename selected file/folderUp/Down move cursorUp/Down select and move cursorUp/Down move cursor and scroll viewportSpace toggle file selectionCtrl-A toggle select allI/K prev/next textfileS toggle selection of open fileM close textfileJ/L prev/next songU/O skip 10sec back/forward0..9 jump to 0%..90%P play/pause (also starts playing the folder)Y download fileJ/L, Left/Right prev/next fileHome/End first/last fileF toggle fullscreenS toggle selectionR rotate clockwise (shift=ccw)Y download fileEsc close viewerU/O skip 10sec back/forward0..9 jump to 0%..90%P/K/Space play/pauseM muteC continue playing next videoV loop entire file[ loop range (start)] loop range (end)A/D adjust tree widthS toggle multiselectA/D zoom^s save^h header^k autoformat table^u jump to next unicode character^e toggle editor / preview^up, ^down jump paragraphsswitching between breadcrumbs or navpane
click the 🌲 or pressing the B hotkey to toggle between breadcrumbs path (default), or a navpane (tree-browser sidebar thing)
[+] and [-] (or hotkeys A/D) adjust the size[🎯] jumps to the currently open folder[📃] toggles between showing folders and textfiles[📌] shows the name of all parent folders in a docked panel[a] toggles automatic widening as you go deeper[↵] toggles wordwrap[👀] show full name on hover (if wordwrap is off)press g or 田 to toggle grid-view instead of the file listing and t toggles icons / thumbnails
--grid or per-volume with volflag grid?imgs to a link, or disable with ?imgs=0
it does static images with Pillow / pyvips / FFmpeg, and uses FFmpeg for video files, so you may want to --no-thumb or maybe just --no-vthumb depending on how dangerous your users are
dthumb for all, or dvthumb / dathumb / dithumb for video/audio/images onlyaudio files are converted into spectrograms using FFmpeg unless you --no-athumb (and some FFmpeg builds may need --th-ff-swr)
images with the following names (see --th-covers) become the thumbnail of the folder they're in: folder.png, folder.jpg, cover.png, cover.jpg
cover.png and folder.jpg exist in a folder, it will pick the first matching --th-covers entry (folder.jpg).folder.jpg and so), and then fallback on the first picture in the folder (if it has any pictures at all)enabling multiselect lets you click files to select them, and then shift-click another file for range-select
multiselect is mostly intended for phones/tablets, but the sel option in the [⚙️] settings tab is better suited for desktop use, allowing selection by CTRL-clicking and range-selection with SHIFT-click, all without affecting regular clicking
sel option can be made default globally with --gsel or per-volume with volflag gseldownload folders (or file selections) as zip or tar files
select which type of archive you want in the [⚙️] config tab:
| name | url-suffix | description |
|---|---|---|
tar | ?tar | plain gnutar, works great with curl | tar -xv |
pax | ?tar=pax | pax-format tar, futureproof, not as fast |
tgz | ?tar=gz | gzip compressed gnu-tar (slow), for curl | tar -xvz |
txz | ?tar=xz | gnu-tar with xz / lzma compression (v.slow) |
zip | ?zip=utf8 | works everywhere, glitchy filenames on win7 and older |
zip_dos | ?zip | traditional cp437 (no unicode) to fix glitchy filenames |
zip_crc | ?zip=crc | cp437 with crc32 computed early for truly ancient software |
3 (0=fast, 9=best), change with ?tar=gz:91 (0=fast, 9=best), change with ?tar=xz:92 (1=fast, 9=best), change with ?tar=bz2:9up2k.db and dir.txt is always excludedcurl foo?zip=utf8 | bsdtar -xv
zip_crc will take longer to download since the server has to read each file twice
you can also zip a selection of files or folders by clicking them in the browser, that brings up a selection editor and zip button in the bottom right
cool trick: download a folder by appending url-params ?tar&opus or ?tar&mp3 to transcode all audio files (except aac|m4a|mp3|ogg|opus|wma) to opus/mp3 before they're added to the archive
&j / &w produce jpeg/webm thumbnails/spectrograms instead of the original audio/video/images (&p for audio waveforms)
--th-maxage=9999999 or --th-clean=0drag files/folders into the web-browser to upload
dragdrop is the recommended way, but you may also:
when uploading files through dragdrop or CTRL-V, this initiates an upload using up2k; there are two browser-based uploaders available:
[🎈] bup, the basic uploader, supports almost every browser since netscape 4.0[🚀] up2k, the good / fancy oneNB: you can undo/delete your own uploads with [🧯] unpost (and this is also where you abort unfinished uploads, but you have to refresh the page first)
up2k has several advantages:
it is perfectly safe to restart / upgrade copyparty while someone is uploading to it!
all known up2k clients will resume just fine 💪
see up2k for details on how it works, or watch a demo video
protip: you can avoid scaring away users with contrib/plugins/minimal-up2k.js which makes it look much simpler
protip: if you enable favicon in the [⚙️] settings tab (by typing something into the textbox), the icon in the browser tab will indicate upload progress -- also, the [🔔] and/or [🔊] switches enable visible and/or audible notifications on upload completion
the up2k UI is the epitome of polished intuitive experiences:
[🏃] analysis of other files should continue while one is uploading[🥔] shows a simpler UI for faster uploads from slow devices[🎲] generate random filenames during upload[📅] preserve last-modified timestamps; server times will match yours[🔎] switch between upload and file-search mode
[🔎] if you add files by dragging them into the browserand then theres the tabs below it,
[ok] is the files which completed successfully[ng] is the ones that failed / got rejected (already exists, ...)[done] shows a combined list of [ok] and [ng], chronological order[busy] files which are currently hashing, pending-upload, or uploading
[done] and [que] for context[que] is all the files that are still queuednote that since up2k has to read each file twice, [🎈] bup can theoretically be up to 2x faster in some extreme cases (files bigger than your ram, combined with an internet connection faster than the read-speed of your HDD, or if you're uploading from a cuo2duo)
if you are resuming a massive upload and want to skip hashing the files which already finished, you can enable turbo in the [⚙️] config tab, but please read the tooltip on that button
if the server is behind a proxy which imposes a request-size limit, you can configure up2k to sneak below the limit with server-option --u2sz (the default is 96 MiB to support Cloudflare)
dropping files into the browser also lets you see if they exist on the server
when you drag/drop files into the browser, you will see two dropzones: Upload and Search
on a phone? toggle the
[🔎]switch green before tapping the big yellow Search button to select your files
the files will be hashed on the client-side, and each hash is sent to the server, which checks if that file exists somewhere
files go into [ok] if they exist (and you get a link to where it is), otherwise they land in [ng]
undo/delete accidental uploads
you can unpost even if you don't have regular move/delete access, however only for files uploaded within the past --unpost seconds (default 12 hours) and the server must be running with -e2d
uploads can be given a lifetime, after which they expire / self-destruct
the feature must be enabled per-volume with the lifetime upload rule which sets the upper limit for how long a file gets to stay on the server
clients can specify a shorter expiration time using the up2k ui -- the relevant options become visible upon navigating into a folder with lifetimes enabled -- or by using the life upload modifier
specifying a custom expiration time client-side will affect the timespan in which unposts are permitted, so keep an eye on the estimates in the up2k ui
download files while they're still uploading (demo video) -- it's almost like peer-to-peer
requires the file to be uploaded using up2k (which is the default drag-and-drop uploader), alternatively the command-line program
the control-panel shows the ETA for all incoming files , but only for files being uploaded into volumes where you have read-access
cut/paste, rename, and delete files/folders (if you have permission)
file selection: click somewhere on the line (not the link itself), then:
space to toggle
up/down to move
shift-up/down to move-and-select
ctrl-shift-up/down to also scroll
shift-click another line for range-select
cut: select some files and ctrl-x
copy: select some files and ctrl-c
paste: ctrl-v in another folder
rename: F2
you can copy/move files across browser tabs (cut/copy in one tab, paste in another)
share a file or folder by creating a temporary link
when enabled in the server settings (--shr), click the bottom-right share button to share the folder you're currently in, or alternatively:
this feature was made with identity providers in mind -- configure your reverseproxy to skip the IdP's access-control for a given URL prefix and use that to safely share specific files/folders sans the usual auth checks
when creating a share, the creator can choose any of the following options:
0 or blank means infinitesemi-intentional limitations:
e2d is set, and/or at least one volume on the server has volflag e2dspecify --shr /foobar to enable this feature; a toplevel virtual folder named foobar is then created, and that's where all the shares will be served from
foobar is just an exampleshr: /foobar inside the [global] section insteadusers can delete their own shares in the controlpanel, and a list of privileged users (--shr-adm) are allowed to see and/or delet any share on the server
after a share has expired, it remains visible in the controlpanel for --shr-rt minutes (default is 1 day), and the owner can revive it by extending the expiration time there
security note: using this feature does not mean that you can skip the accounts and volumes section -- you still need to restrict access to volumes that you do not intend to share with unauthenticated users! it is not sufficient to use rules in the reverseproxy to restrict access to just the /share folder.
select some files and press F2 to bring up the rename UI
quick explanation of the buttons,
[✅ apply rename] confirms and begins renaming[❌ cancel] aborts and closes the rename window[↺ reset] reverts any filename changes back to the original name[decode] does a URL-decode on the filename, fixing stuff like & and %20[advanced] toggles advanced modeadvanced mode: rename files based on rules to decide the new names, based on the original name (regex), or based on the tags collected from the file (artist/title/...), or a mix of both
in advanced mode,
[case] toggles case-sensitive regexregex is the regex pattern to apply to the original filename; any files which don't match will be skippedformat is the new filename, taking values from regex capturing groups and/or from file tags
presets lets you save rename rules for lateravailable functions:
$lpad(text, length, pad_char)$rpad(text, length, pad_char)so,
say you have a file named meganeko - Eclipse - 07 Sirius A.mp3 (absolutely fantastic album btw) and the tags are: Album:Eclipse, Artist:meganeko, Title:Sirius A, tn:7
you could use just regex to rename it:
regex = (.*) - (.*) - ([0-9]{2}) (.*)format = (3). (1) - (4)output = 07. meganeko - Sirius A.mp3or you could use just tags:
format = $lpad((tn),2,0). (artist) - (title).(ext)output = 7. meganeko - Sirius A.mp3or a mix of both:
regex = - ([0-9]{2})format = (1). (artist) - (title).(ext)output = 07. meganeko - Sirius A.mp3the metadata keys you can use in the format field are the ones in the file-browser table header (whatever is collected with -mte and -mtp)
monitor a folder with your RSS reader , optionally recursive
must be enabled per-volume with volflag rss or globally with --rss
the feed includes itunes metadata for use with podcast readers such as AntennaPod
a feed example: https://cd.ocv.me/a/d2/d22/?rss&fext=mp3
url parameters:
pw=hunter2 for password authrecursive to also include subfolderstitle=foo changes the feed title (default: folder name)fext=mp3,opus only include mp3 and opus files (default: all)nf=30 only show the first 30 results (default: 250)sort=m sort by mtime (file last-modified), newest first (default)
u = upload-time; NOTE: non-uploaded files have upload-time 0n = filenamea = filesizeM = oldest file firstplays almost every audio format there is (if the server has FFmpeg installed for on-demand transcoding)
the following audio formats are usually always playable, even without FFmpeg: aac|flac|m4a|mp3|ogg|opus|wav
some hilights:
click the play link next to an audio file, or copy the link target to share it (optionally with a timestamp to start playing from, like that example does)
open the [🎺] media-player-settings tab to configure it,
[🔀] shuffles the files inside each folder[preload] starts loading the next track when it's about to end, reduces the silence between songs[full] does a full preload by downloading the entire next file; good for unreliable connections, bad for slow connections[~s] toggles the seekbar waveform display[/np] enables buttons to copy the now-playing info as an irc message[os-ctl] makes it possible to control audio playback from the lockscreen of your device (enables mediasession)[seek] allows seeking with lockscreen controls (buggy on some devices)[art] shows album art on the lockscreen[🎯] keeps the playing song scrolled into view (good when using the player as a taskbar dock)[⟎] shrinks the playback controls[uncache] may fix songs that won't play correctly due to bad files in browser cache[loop] keeps looping the folder[next] plays into the next folder[flac] converts flac and wav files into opus (if supported by browser) or mp3[aac] converts aac and m4a files into opus (if supported by browser) or mp3[oth] converts all other known formats into opus (if supported by browser) or mp3
aac|ac3|aif|aiff|alac|alaw|amr|ape|au|dfpwm|dts|flac|gsm|it|m4a|mo3|mod|mp2|mp3|mpc|mptm|mt2|mulaw|ogg|okt|opus|ra|s3m|tak|tta|ulaw|wav|wma|wv|xm|xpkcan also boost the volume in general, or increase/decrease stereo width (like crossfeed just worse)
has the convenient side-effect of reducing the pause between songs, so gapless albums play better with the eq enabled (just make it flat)
not available on iPhones / iPads because AudioContext currently breaks background audio playback on iOS (15.7.8)
due to phone / app settings, android phones may randomly stop playing music when the power saver kicks in, especially at the end of an album -- you can fix it by disabling power saving in the app settings of the browser you use for music streaming (preferably a dedicated one)
and there are two editors
there is a built-in extension for inline clickable thumbnails;
<!-- th --> somewhere in the doc!th[l](your.jpg) where l means left-align (r = right-align)--- clears the float / inliningother notes,
dynamic docs with serverside variable expansion to replace stuff like {{self.ip}} with the client's IP, or {{srv.htime}} with the current time on the server
see ./srv/expand/ for usage and examples
you can link a particular timestamp in an audio file by adding it to the URL, such as &20 / &20s / &1m20 / &t=1:20 after the .../#af-c8960dab
enabling the audio equalizer can help make gapless albums fully gapless in some browsers (chrome), so consider leaving it on with all the values at zero
get a plaintext file listing by adding ?ls=t to a URL, or a compact colored one with ?ls=v (for unix terminals)
if you are using media hotkeys to switch songs and are getting tired of seeing the OSD popup which Windows doesn't let you disable, consider ./contrib/media-osd-bgone.ps1
click the bottom-left π to open a javascript prompt for debugging
files named .prologue.html / .epilogue.html will be rendered before/after directory listings unless --no-logues
files named descript.ion / DESCRIPT.ION are parsed and displayed in the file listing, or as the epilogue if nonstandard
files named README.md / readme.md will be rendered after directory listings unless --no-readme (but .epilogue.html takes precedence)
PREADME.md / preadme.md is shown above directory listings unless --no-readme or .prologue.htmlREADME.md and *logue.html can contain placeholder values which are replaced server-side before embedding into directory listings; see --help-exp
search by size, date, path/name, mp3-tags, ...
when started with -e2dsa copyparty will scan/index all your files. This avoids duplicates on upload, and also makes the volumes searchable through the web-ui:
size/date/directory-path/filename, or...path/name queries are space-separated, AND'ed together, and words are negated with a - prefix, so for example:
shibayan -bossa finds all files where one of the folders contain shibayan but filters out any results where bossa exists somewhere in the pathdemetori styx gives you good stuffthe raw field allows for more complex stuff such as ( tags like *nhato* or tags like *taishi* ) and ( not tags like *nhato* or not tags like *taishi* ) which finds all songs by either nhato or taishi, excluding collabs (terrible example, why would you do that)
for the above example to work, add the commandline argument -e2ts to also scan/index tags from music files, which brings us over to:
using arguments or config files, or a mix of both:
-c some.conf) can set additional commandline arguments; see ./docs/example.conf and ./docs/example2.confkill -s USR1 (same as systemctl reload copyparty) to reload accounts and volumes from config files without restarting
[reload cfg] button in the control-panel if the user has a/admin in any volume[global] config section requires a restart to take effectNB: as humongous as this readme is, there is also a lot of undocumented features. Run copyparty with --help to see all available global options; all of those can be used in the [global] section of config files, and everything listed in --help-flags can be used in volumes as volflags.
docker run --rm -it copyparty/ac --helpannounce enabled services on the LAN (pic) -- -z enables both mdns and ssdp
--z-on / --z-off' limits the feature to certain networksLAN domain-name and feature announcer
uses multicast dns to give copyparty a domain which any machine on the LAN can use to access it
all enabled services (webdav, ftp, smb) will appear in mDNS-aware file managers (KDE, gnome, macOS, ...)
the domain will be partybox.local if the machine's hostname is partybox unless --name specifies something else
and the web-UI will be available at http://partybox.local:3923/
:3923 so you can use http://partybox.local/ instead then see listen on port 80 and 443windows-explorer announcer
uses ssdp to make copyparty appear in the windows file explorer on all machines on the LAN
doubleclicking the icon opens the "connect" page which explains how to mount copyparty as a local filesystem
if copyparty does not appear in windows explorer, use --zsv to see why:
print a qr-code (screenshot) for quick access, great between phones on android hotspots which keep changing the subnet
--qr enables it--qrs does https instead of http--qrl lootbox/?pw=hunter2 appends to the url, linking to the lootbox folder with password hunter2--qrz 1 forces 1x zoom instead of autoscaling to fit the terminal size
it uses the server hostname if mdns is enabled, otherwise it'll use your external ip (default route) unless --qri specifies a specific ip-prefix or domain
an FTP server can be started using --ftp 3921, and/or --ftps for explicit TLS (ftpes)
--ftp-pr 12000-13000
ftp and ftps, the port-range will be divided in halfsome recommended FTP / FTPS clients; wark = example password:
tls=false explicit_tls=truelftp -u k,wark -p 3921 127.0.0.1 -e lslftp -u k,wark -p 3990 127.0.0.1 -e 'set ssl:verify-certificate no; ls'with read-write support, supports winXP and later, macos, nautilus/gvfs ... a great way to access copyparty straight from the file explorer in your OS
click the connect button in the control-panel to see connection instructions for windows, linux, macos
general usage:
on macos, connect from finder:
in order to grant full write-access to webdav clients, the volflag daw must be set and the account must also have delete-access (otherwise the client won't be allowed to replace the contents of existing files, which is how webdav works)
using the GUI (winXP or later):
http://192.168.123.1:3923/
Sign up for online storage hyperlink instead and put the URL therethe webdav client that's built into windows has the following list of bugs; you can avoid all of these by connecting with rclone instead:
--dav-auth to force password-auth for all webdav clients<>:"/\|?*), or names ending with .a TFTP server (read/write) can be started using --tftp 3969 (you probably want ftp instead unless you are actually communicating with hardware from the 90s (in which case we should definitely hang some time))
that makes this the first RTX DECT Base that has been updated using copyparty 🎉
69 (nice)most clients expect to find TFTP on port 69, but on linux and macos you need to be root to listen on that. Alternatively, listen on 3969 and use NAT on the server to forward 69 to that port;
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 69 -j REDIRECT --to-port 3969some recommended TFTP clients:
curl --tftp-blksize 1428 tftp://127.0.0.1:3969/firmware.bincurl --tftp-blksize 1428 -T firmware.bin tftp://127.0.0.1:3969/tftp.exe (you probably already have it)
tftp -i 127.0.0.1 put firmware.bintftp-hpa, atftp
atftp --option "blksize 1428" 127.0.0.1 3969 -p -l firmware.bin -r firmware.bintftp -v -m binary 127.0.0.1 3969 -c put firmware.binunsafe, slow, not recommended for wan, enable with --smb for read-only or --smbw for read-write
click the connect button in the control-panel to see connection instructions for windows, linux, macos
dependencies: python3 -m pip install --user -U impacket==0.11.0
some BIG WARNINGS specific to SMB/CIFS, in decreasing importance:
--smb-port (see below) and prisonparty
--smbw must be given to allow write-access from smband some minor issues,
--smb-nwa-1 but then you get unacceptably poor performance instead/?reload=cfg) does not include the [global] section (commandline args)-i interface only (default = :: = 0.0.0.0 = all)known client bugs:
--smb1 is much faster than smb2 (default) because it keeps rescanning folders on smb2
<>:"/\|?*), or names ending with .the smb protocol listens on TCP port 445, which is a privileged port on linux and macos, which would require running copyparty as root. However, this can be avoided by listening on another port using --smb-port 3945 and then using NAT on the server to forward the traffic from 445 to there;
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 445 -j REDIRECT --to-port 3945authenticate with one of the following:
$username, password $password$password, password ktweaking the ui
--sort or per-volume with the sort volflag; specify one or more comma-separated columns to sort by, and prefix the column name with - for reverse sort
href ext sz ts tags/.up_at tags/Circle tags/.tn tags/Artist tags/Title--sort tags/Circle,tags/.tn,tags/Artist,tags/Title,href-e2d -mte +.up_at and then --sort tags/.up_atsee ./docs/rice for more, including how to add stuff (css/<meta>/...) to the html <head> tag, or to add your own translation
discord and social-media embeds
can be enabled globally with --og or per-volume with volflag og
note that this disables hotlinking because the opengraph spec demands it; to sneak past this intentional limitation, you can enable opengraph selectively by user-agent, for example --og-ua '(Discord|Twitter|Slack)bot' (or volflag og_ua)
you can also hotlink files regardless by appending ?raw to the url
if you want to entirely replace the copyparty response with your own jinja2 template, give the template filepath to --og-tpl or volflag og_tpl (all members of HttpCli are available through the this object)
enable symlink-based upload deduplication globally with --dedup or per-volume with volflag dedup
by default, when someone tries to upload a file that already exists on the server, the upload will be politely declined, and the server will copy the existing file over to where the upload would have gone
if you enable deduplication with --dedup then it'll create a symlink instead of a full copy, thus reducing disk space usage
--safe-dedup=1 because you have other software tampering with your files, so you want to entirely disable detection of duplicate data instead, then you can specify --no-clone globally or noclone as a volflagwarning: when enabling dedup, you should also:
-e2dsa or volflag e2dsa (see file indexing section below); strongly recommended--hardlink-only to use hardlink-based deduplication instead of symlinks; see explanation belowit will not be safe to rename/delete files if you only enable dedup and none of the above; if you enable indexing then it is not necessary to also do hardlinks (but you may still want to)
by default, deduplication is done based on symlinks (symbolic links); these are tiny files which are pointers to the nearest full copy of the file
you can choose to use hardlinks instead of softlinks, globally with --hardlink-only or volflag hardlinkonly;
advantages of using hardlinks:
advantages of using symlinks (default):
warning: if you edit the contents of a deduplicated file, then you will also edit all other copies of that file! This is especially surprising with hardlinks, because they look like regular files, but that same file exists in multiple locations
global-option --xlink / volflag xlink additionally enables deduplication across volumes, but this is probably buggy and not recommended
enable music search, upload-undo, and better dedup
file indexing relies on two database tables, the up2k filetree (-e2d) and the metadata tags (-e2t), stored in .hist/up2k.db. Configuration can be done through arguments, volflags, or a mix of both.
through arguments:
-e2d enables file indexing on upload-e2ds also scans writable folders for new files on startup-e2dsa also scans all mounted volumes (including readonly ones)-e2t enables metadata indexing on upload-e2ts also scans for tags in all files that don't have tags yet-e2tsr also deletes all existing tags, doing a full reindex-e2v verifies file integrity at startup, comparing hashes from the db-e2vu patches the database with the new hashes from the filesystem-e2vp panics and kills copyparty insteadthe same arguments can be set as volflags, in addition to d2d, d2ds, d2t, d2ts, d2v for disabling:
-v ~/music::r:c,e2ds,e2tsr does a full reindex of everything on startup-v ~/music::r:c,d2d disables all indexing, even if any -e2* are on-v ~/music::r:c,d2t disables all -e2t* (tags), does not affect -e2d*-v ~/music::r:c,d2ds disables on-boot scans; only index new uploads-v ~/music::r:c,d2ts same except only affecting tagsnote:
.up_at metadata key, either globally with -e2d -mte +.up_at or per-volume with volflags e2d,mte=+.up_at (will have a ~17% performance impact on directory listings)e2tsr is probably always overkill, since e2ds/e2dsa would pick up any file modifications and e2ts would then reindex those, unless there is a new copyparty version with new parsers and the release note says otherwise-e2ds or higherto save some time, you can provide a regex pattern for filepaths to only index by filename/path/size/last-modified (and not the hash of the file contents) by setting --no-hash '\.iso$' or the volflag :c,nohash=\.iso$, this has the following consequences:
similarly, you can fully ignore files/folders using --no-idx [...] and :c,noidx=\.iso$
if you set --no-hash [...] globally, you can enable hashing for specific volumes using flag :c,nohash=
to exclude certain filepaths from search-results, use --srch-excl or volflag srch_excl instead of --no-idx, for example --srch-excl 'password|logs/[0-9]'
avoid traversing into other filesystems using --xdev / volflag :c,xdev, skipping any symlinks or bind-mounts to another HDD for example
and/or you can --xvol / :c,xvol to ignore all symlinks leaving the volume's top directory, but still allow bind-mounts pointing elsewhere
xvol if they point into another volume where the user has the same level of accessthese options will reduce performance; unlikely worst-case estimates are 14% reduction for directory listings, 35% for download-as-tar
as of copyparty v1.7.0 these options also prevent file access at runtime -- in previous versions it was just hints for the indexer
filesystem monitoring; if copyparty is not the only software doing stuff on your filesystem, you may want to enable periodic rescans to keep the index up to date
argument --re-maxage 60 will rescan all volumes every 60 sec, same as volflag :c,scan=60 to specify it per-volume
uploads are disabled while a rescan is happening, so rescans will be delayed by --db-act (default 10 sec) when there is write-activity going on (uploads, renames, ...)
set upload rules using volflags, some examples:
:c,sz=1k-3m sets allowed filesize between 1 KiB and 3 MiB inclusive (suffixes: b, k, m, g):c,df=4g block uploads if there would be less than 4 GiB free disk space afterwards:c,vmaxb=1g block uploads if total volume size would exceed 1 GiB afterwards:c,vmaxn=4k block uploads if volume would contain more than 4096 files afterwards:c,nosub disallow uploading into subdirectories; goes well with rotn and rotf::c,rotn=1000,2 moves uploads into subfolders, up to 1000 files in each folder before making a new one, two levels deep (must be at least 1):c,rotf=%Y/%m/%d/%H enforces files to be uploaded into a structure of subfolders according to that date format
/foo/bar the path would be rewritten to /foo/bar/2021/08/06/23 for example:c,lifetime=300 delete uploaded files when they become 5 minutes oldyou can also set transaction limits which apply per-IP and per-volume, but these assume -j 1 (default) otherwise the limits will be off, for example -j 4 would allow anywhere between 1x and 4x the limits you set depending on which processing node the client gets routed to
:c,maxn=250,3600 allows 250 files over 1 hour from each IP (tracked per-volume):c,maxb=1g,300 allows 1 GiB total over 5 minutes from each IP (tracked per-volume)notes:
vmaxb and vmaxn requires either the e2ds volflag or -e2dsa global-optionfiles can be autocompressed on upload, either on user-request (if config allows) or forced by server-config
gz allows gz compressionxz allows lzma compressionpk forces compression on all filespk requests compression with server-default algorithmgz or xz requests compression with a specific algorithmxz requests xz compressionthings to note,
gz and xz arguments take a single optional argument, the compression level (range 0 to 9)pk volflag takes the optional argument ALGORITHM,LEVEL which will then be forced for all uploads, for example gz,9 or xz,0some examples,
-v inc:inc:w:c,pk=xz,0-v inc:inc:w:c,pk-v inc:inc:w:c,gz/inc?pk or /inc?gz or /inc?gz=4:c,magic enables filetype detection for nameless uploads, same as --magic
python3 -m pip install --user -U python-magicpython3 -m pip install --user -U python-magic-binin-volume (.hist/up2k.db, default) or somewhere else
copyparty creates a subfolder named .hist inside each volume where it stores the database, thumbnails, and some other stuff
this can instead be kept in a single place using the --hist argument, or the hist= volflag, or a mix of both:
--hist ~/.cache/copyparty -v ~/music::r:c,hist=- sets ~/.cache/copyparty as the default place to put volume info, but ~/music gets the regular .hist subfolder (- restores default behavior)note:
.hist subdirectory/c/temp means C:\temp but use regular paths for --hist
-v C:\Users::r and -v /c/users::r both workset -e2t to index tags on upload
-mte decides which tags to index and display in the browser (and also the display order), this can be changed per-volume:
-v ~/music::r:c,mte=title,artist indexes and displays title followed by artistif you add/remove a tag from mte you will need to run with -e2tsr once to rebuild the database, otherwise only new files will be affected
but instead of using -mte, -mth is a better way to hide tags in the browser: these tags will not be displayed by default, but they still get indexed and become searchable, and users can choose to unhide them in the [⚙️] config pane
-mtm can be used to add or redefine a metadata mapping, say you have media files with foo and bar tags and you want them to display as qux in the browser (preferring foo if both are present), then do -mtm qux=foo,bar and now you can -mte artist,title,qux
tags that start with a . such as .bpm and .dur(ation) indicate numeric value
see the beautiful mess of a dictionary in mtag.py for the default mappings (should cover mp3,opus,flac,m4a,wav,aif,)
--no-mutagen disables Mutagen and uses FFprobe instead, which...
--mtag-to sets the tag-scan timeout; very high default (60 sec) to cater for zfs and other randomly-freezing filesystems. Lower values like 10 are usually safe, allowing for faster processing of tricky files
provide custom parsers to index additional tags, also see ./bin/mtag/README.md
copyparty can invoke external programs to collect additional metadata for files using mtp (either as argument or volflag), there is a default timeout of 60sec, and only files which contain audio get analyzed by default (see ay/an/ad below)
-mtp .bpm=~/bin/audio-bpm.py will execute ~/bin/audio-bpm.py with the audio file as argument 1 to provide the .bpm tag, if that does not exist in the audio metadata-mtp key=f,t5,~/bin/audio-key.py uses ~/bin/audio-key.py to get the key tag, replacing any existing metadata tag (f,), aborting if it takes longer than 5sec (t5,)-v ~/music::r:c,mtp=.bpm=~/bin/audio-bpm.py:c,mtp=key=f,t5,~/bin/audio-key.py both as a per-volume config wow this is getting uglybut wait, there's more! -mtp can be used for non-audio files as well using the a flag: ay only do audio files (default), an only do non-audio files, or ad do all files (d as in dontcare)
-mtp ext=an,~/bin/file-ext.py runs ~/bin/file-ext.py to get the ext tag only if file is not audio (an)-mtp arch,built,ver,orig=an,eexe,edll,~/bin/exe.py runs ~/bin/exe.py to get properties about windows-binaries only if file is not audio (an) and file extension is exe or dllp flag to set processing order
-mtp foo=p1,~/a.py runs before -mtp foo=p2,~/b.py and will forward all the tags detected so far as json to the stdin of b.pyc0 disables capturing of stdout/stderr, so copyparty will not receive any tags from the process at all -- instead the invoked program is free to print whatever to the console, just using copyparty as a launcher
c1 captures stdout only, c2 only stderr, and c3 (default) captures bothkt killing the entire process tree (default), km just the main process, or kn let it continue running until copyparty is terminatedif something doesn't work, try --mtag-v for verbose error messages
trigger a program on uploads, renames etc (examples)
you can set hooks before and/or after an event happens, and currently you can hook uploads, moves/renames, and deletes
there's a bunch of flags and stuff, see --help-hooks
if you want to write your own hooks, see devnotes
the older, more powerful approach (examples):
-v /mnt/inc:inc:w:c,mte=+x1:c,mtp=x1=ad,kn,/usr/bin/notify-send
so filesystem location /mnt/inc shared at /inc, write-only for everyone, appending x1 to the list of tags to index (mte), and using /usr/bin/notify-send to "provide" tag x1 for any filetype (ad) with kill-on-timeout disabled (kn)
that'll run the command notify-send with the path to the uploaded file as the first and only argument (so on linux it'll show a notification on-screen)
note that this is way more complicated than the new event hooks but this approach has the following advantages:
note that it will occupy the parsing threads, so fork anything expensive (or set kn to have copyparty fork it for you) -- otoh if you want to intentionally queue/singlethread you can combine it with --mtag-mt 1
redefine behavior with plugins (examples)
replace 404 and 403 errors with something completely different (that's it for now)
autologin based on IP range (CIDR) , using the global-option --ipu
for example, if everyone with an IP that starts with 192.168.123 should automatically log in as the user spartacus, then you can either specify --ipu=192.168.123.0/24=spartacus as a commandline option, or put this in a config file:
[global]
ipu: 192.168.123.0/24=spartacus
repeat the option to map additional subnets
be careful with this one! if you have a reverseproxy, then you definitely want to make sure you have real-ip configured correctly, and it's probably a good idea to nullmap the reverseproxy's IP just in case; so if your reverseproxy is sending requests from 172.24.27.9 then that would be --ipu=172.24.27.9/32=
replace copyparty passwords with oauth and such
you can disable the built-in password-based login system, and instead replace it with a separate piece of software (an identity provider) which will then handle authenticating / authorizing of users; this makes it possible to login with passkeys / fido2 / webauthn / yubikey / ldap / active directory / oauth / many other single-sign-on contraptions
some popular identity providers are Authelia (config-file based) and authentik (GUI-based, more complex)
there is a docker-compose example which is hopefully a good starting point (alternatively see ./docs/idp.md if you're the DIY type)
a more complete example of the copyparty configuration options look like this
but if you just want to let users change their own passwords, then you probably want user-changeable passwords instead
if permitted, users can change their own passwords in the control-panel
not compatible with identity providers
must be enabled with --chpw because account-sharing is a popular usecase
--chpw-no name1,name2,name3,...to perform a password reset, edit the server config and give the user another password there, then do a config reload or server restart
the custom passwords are kept in a textfile at filesystem-path --chpw-db, by default chpw.json in the copyparty config folder
if you run multiple copyparty instances with different users you almost definitely want to specify separate DBs for each instance
if password hashing is enabled, the passwords in the db are also hashed
connecting to an aws s3 bucket and similar
there is no built-in support for this, but you can use FUSE-software such as rclone / geesefs / JuiceFS to first mount your cloud storage as a local disk, and then let copyparty use (a folder in) that disk as a volume
you may experience poor upload performance this way, but that can sometimes be fixed by specifying the volflag sparse to force the use of sparse files; this has improved the upload speeds from 1.5 MiB/s to over 80 MiB/s in one case, but note that you are also more likely to discover funny bugs in your FUSE software this way, so buckle up
someone has also tested geesefs in combination with gocryptfs with surprisingly good results, getting 60 MiB/s upload speeds on a gbit line, but JuiceFS won with 80 MiB/s using its built-in encryption
you may improve performance by specifying larger values for --iobuf / --s-rd-sz / --s-wr-sz
tell search engines you don't wanna be indexed, either using the good old robots.txt or through copyparty settings:
--no-robots adds HTTP (X-Robots-Tag) and HTML (<meta>) headers with noindex, nofollow globally[...]:c,norobots does the same thing for that single volume[...]:c,robots ALLOWS search-engine crawling for that volume, even if --no-robots is set globallyalso, --force-js disables the plain HTML folder listing, making things harder to parse for search engines
you can change the default theme with --theme 2, and add your own themes by modifying browser.css or providing your own css to --css-browser, then telling copyparty they exist by increasing --themes
0. classic dark | 
2. flat pm-monokai | 
4. vice |
1. classic light | 
3. flat light
| 
5. hotdog stand |
the classname of the HTML tag is set according to the selected theme, which is used to set colors as css variables ++
html.a, second theme (2 and 3) is html.bhtml.y is set, otherwise html.z ishtml.b, html.z, html.bz to specify rulessee the top of ./copyparty/web/browser.css where the color variables are set, and there's layout-specific stuff near the bottom
if you want to change the fonts, see ./docs/rice/
see running on windows for a fancy windows setup
python copyparty-sfx.py with copyparty.exe if you're using the exe editionallow anyone to download or upload files into the current folder:
python copyparty-sfx.py
enable searching and music indexing with -e2dsa -e2ts
start an FTP server on port 3921 with --ftp 3921
announce it on your LAN with -z so it appears in windows/Linux file managers
anyone can upload, but nobody can see any files (even the uploader):
python copyparty-sfx.py -e2dsa -v .::w
block uploads if there's less than 4 GiB free disk space with --df 4
show a popup on new uploads with --xau bin/hooks/notify.py
anyone can upload, and receive "secret" links for each upload they do:
python copyparty-sfx.py -e2dsa -v .::wG:c,fk=8
anyone can browse (r), only kevin (password okgo) can upload/move/delete (A) files:
python copyparty-sfx.py -e2dsa -a kevin:okgo -v .::r:A,kevin
read-only music server:
python copyparty-sfx.py -v /mnt/nas/music:/music:r -e2dsa -e2ts --no-robots --force-js --theme 2
...with bpm and key scanning
-mtp .bpm=f,audio-bpm.py -mtp key=f,audio-key.py
...with a read-write folder for kevin whose password is okgo
-a kevin:okgo -v /mnt/nas/inc:/inc:rw,kevin
...with logging to disk
-lo log/cpp-%Y-%m%d-%H%M%S.txt.xz
become a real webserver which people can access by just going to your IP or domain without specifying a port
if you're on windows, then you just need to add the commandline argument -p 80,443 and you're done! nice
if you're on macos, sorry, I don't know
if you're on Linux, you have the following 4 options:
option 1: set up a reverse-proxy -- this one makes a lot of sense if you're running on a proper headless server, because that way you get real HTTPS too
option 2: NAT to port 3923 -- this is cumbersome since you'll need to do it every time you reboot, and the exact command may depend on your linux distribution:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3923
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 3923
option 3: disable the security policy which prevents the use of 80 and 443; this is probably fine:
setcap CAP_NET_BIND_SERVICE=+eip $(realpath $(which python))
python copyparty-sfx.py -p 80,443
option 4: run copyparty as root (please don't)
running copyparty next to other websites hosted on an existing webserver such as nginx, caddy, or apache
you can either:
--rp-loc=/stuff to tell copyparty where it is mounted -- has a slight performance cost and higher chance of bugs
incorrect --rp-loc or webserver config; expected vpath starting with [...] it's likely because the webserver is stripping away the proxy location from the request URLs -- see the ProxyPass in the apache example belowwhen running behind a reverse-proxy (this includes services like cloudflare), it is important to configure real-ip correctly, as many features rely on knowing the client's IP. Look out for red and yellow log messages which explain how to do this. But basically, set --xff-hdr to the name of the http header to read the IP from (usually x-forwarded-for, but cloudflare uses cf-connecting-ip), and then --xff-src to the IP of the reverse-proxy so copyparty will trust the xff-hdr. Note that --rp-loc in particular will not work at all unless you do this
some reverse proxies (such as Caddy) can automatically obtain a valid https/tls certificate for you, and some support HTTP/2 and QUIC which could be a nice speed boost, depending on a lot of factors
for improved security (and a 10% performance boost) consider listening on a unix-socket with -i unix:770:www:/tmp/party.sock (permission 770 means only members of group www can access it)
example webserver configs:
teaching copyparty how to see client IPs when running behind a reverse-proxy, or a WAF, or another protection service such as cloudflare
if you (and maybe everybody else) keep getting a message that says thank you for playing, then you've gotten banned for malicious traffic. This ban applies to the IP address that copyparty thinks identifies the shady client -- so, depending on your setup, you might have to tell copyparty where to find the correct IP
for most common setups, there should be a helpful message in the server-log explaining what to do, but see docs/xff.md if you want to learn more, including a quick hack to just make it work (which is not recommended, but hey...)
metrics/stats can be enabled at URL /.cpr/metrics for grafana / prometheus / etc (openmetrics 1.0.0)
must be enabled with --stats since it reduces startup time a tiny bit, and you probably want -e2dsa too
the endpoint is only accessible by admin accounts, meaning the a in rwmda in the following example commandline: python3 -m copyparty -a ed:wark -v /mnt/nas::rwmda,ed --stats -e2dsa
follow a guide for setting up node_exporter except have it read from copyparty instead; example /etc/prometheus/prometheus.yml below
scrape_configs:
- job_name: copyparty
metrics_path: /.cpr/metrics
basic_auth:
password: wark
static_configs:
- targets: ['192.168.123.1:3923']
currently the following metrics are available,
cpp_uptime_seconds time since last copyparty restartcpp_boot_unixtime_seconds same but as an absolute timestampcpp_active_dl number of active downloadscpp_http_conns number of open http(s) connectionscpp_http_reqs number of http(s) requests handledcpp_sus_reqs number of 403/422/malicious requestscpp_active_bans number of currently banned IPscpp_total_bans number of IPs banned since last restartthese are available unless --nos-vst is specified:
cpp_db_idle_seconds time since last database activity (upload/rename/delete)cpp_db_act_seconds same but as an absolute timestampcpp_idle_vols number of volumes which are idle / readycpp_busy_vols number of volumes which are busy / indexingcpp_offline_vols number of volumes which are offline / unavailablecpp_hashing_files number of files queued for hashing / indexingcpp_tagq_files number of files queued for metadata scanningcpp_mtpq_files number of files queued for plugin-based analysisand these are available per-volume only:
cpp_disk_size_bytes total HDD sizecpp_disk_free_bytes free HDD spaceand these are per-volume and total:
cpp_vol_bytes size of all files in volumecpp_vol_files number of filescpp_dupe_bytes disk space presumably saved by deduplicationcpp_dupe_files number of dupe filescpp_unf_bytes currently unfinished / incoming uploadssome of the metrics have additional requirements to function correctly,
cpp_vol_* requires either the e2ds volflag or -e2dsa global-optionthe following options are available to disable some of the metrics:
--nos-hdd disables cpp_disk_* which can prevent spinning up HDDs--nos-vol disables cpp_vol_* which reduces server startup time--nos-vst disables volume state, reducing the worst-case prometheus query time by 0.5 sec--nos-dup disables cpp_dupe_* which reduces the server load caused by prometheus queries--nos-unf disables cpp_unf_* for no particular purposenote: the following metrics are counted incorrectly if multiprocessing is enabled with -j: cpp_http_conns, cpp_http_reqs, cpp_sus_reqs, cpp_active_bans, cpp_total_bans
you'll never find a use for these:
change the association of a file extension
using commandline args, you can do something like --mime gif=image/jif and --mime ts=text/x.typescript (can be specified multiple times)
in a config-file, this is the same as:
[global]
mime: gif=image/jif
mime: ts=text/x.typescript
run copyparty with --mimes to list all the default mappings
buggy feature? rip it out by setting any of the following environment variables to disable its associated bell or whistle,
| env-var | what it does |
|---|---|
PRTY_NO_IFADDR | disable ip/nic discovery by poking into your OS with ctypes |
PRTY_NO_IPV6 | disable some ipv6 support (should not be necessary since windows 2000) |
PRTY_NO_LZMA | disable streaming xz compression of incoming uploads |
PRTY_NO_MP | disable all use of the python multiprocessing module (actual multithreading, cpu-count for parsers/thumbnailers) |
PRTY_NO_SQLITE | disable all database-related functionality (file indexing, metadata indexing, most file deduplication logic) |
PRTY_NO_TLS | disable native HTTPS support; if you still want to accept HTTPS connections then TLS must now be terminated by a reverse-proxy |
PRTY_NO_TPOKE | disable systemd-tmpfilesd avoider |
example: PRTY_NO_IFADDR=1 python3 copyparty-sfx.py
the party might be closer than you think
if your distro/OS is not mentioned below, there might be some hints in the «on servers» section
now available on aur maintained by @icxes
it comes with a systemd service and expects to find one or more config files in /etc/copyparty.d/
does not exist yet; using the copr-pypi builds is NOT recommended because updates can be delayed by several months
nix profile install github:9001/copyparty
requires a flake-enabled installation of nix
some recommended dependencies are enabled by default; override the package if you want to add/remove some features/deps
ffmpeg-full was chosen over ffmpeg-headless mainly because we need withWebp (and withOpenmpt is also nice) and being able to use a cached build felt more important than optimizing for size at the time -- PRs welcome if you disagree 👍
for this setup, you will need a flake-enabled installation of NixOS.
{
# add copyparty flake to your inputs
inputs.copyparty.url = "github:9001/copyparty";
# ensure that copyparty is an allowed argument to the outputs function
outputs = { self, nixpkgs, copyparty }: {
nixosConfigurations.yourHostName = nixpkgs.lib.nixosSystem {
modules = [
# load the copyparty NixOS module
copyparty.nixosModules.default
({ pkgs, ... }: {
# add the copyparty overlay to expose the package to the module
nixpkgs.overlays = [ copyparty.overlays.default ];
# (optional) install the package globally
environment.systemPackages = [ pkgs.copyparty ];
# configure the copyparty module
services.copyparty.enable = true;
})
];
};
};
}
copyparty on NixOS is configured via services.copyparty options, for example:
services.copyparty = {
enable = true;
# directly maps to values in the [global] section of the copyparty config.
# see `copyparty --help` for available options
settings = {
i = "0.0.0.0";
# use lists to set multiple values
p = [ 3210 3211 ];
# use booleans to set binary flags
no-reload = true;
# using 'false' will do nothing and omit the value when generating a config
ignored-flag = false;
};
# create users
accounts = {
# specify the account name as the key
ed = {
# provide the path to a file containing the password, keeping it out of /nix/store
# must be readable by the copyparty service user
passwordFile = "/run/keys/copyparty/ed_password";
};
# or do both in one go
k.passwordFile = "/run/keys/copyparty/k_password";
};
# create a volume
volumes = {
# create a volume at "/" (the webroot), which will
"/" = {
# share the contents of "/srv/copyparty"
path = "/srv/copyparty";
# see `copyparty --help-accounts` for available options
access = {
# everyone gets read-access, but
r = "*";
# users "ed" and "k" get read-write
rw = [ "ed" "k" ];
};
# see `copyparty --help-flags` for available options
flags = {
# "fk" enables filekeys (necessary for upget permission) (4 chars long)
fk = 4;
# scan for new files every 60sec
scan = 60;
# volflag "e2d" enables the uploads database
e2d = true;
# "d2t" disables multimedia parsers (in case the uploads are malicious)
d2t = true;
# skips hashing file contents if path matches *.iso
nohash = "\.iso$";
};
};
};
# you may increase the open file limit for the process
openFilesLimit = 8192;
};
the passwordFile at /run/keys/copyparty/ could for example be generated by agenix, or you could just dump it in the nix store instead if that's acceptable
TLDR: yes
ie = internet-explorer, ff = firefox, c = chrome, iOS = iPhone/iPad, Andr = Android
| feature | ie6 | ie9 | ie10 | ie11 | ff 52 | c 49 | iOS | Andr |
|---|---|---|---|---|---|---|---|---|
| browse files | yep | yep | yep | yep | yep | yep | yep | yep |
| thumbnail view | - | yep | yep | yep | yep | yep | yep | yep |
| basic uploader | yep | yep | yep | yep | yep | yep | yep | yep |
| up2k | - | - | *1 | *1 | yep | yep | yep | yep |
| make directory | yep | yep | yep | yep | yep | yep | yep | yep |
| send message | yep | yep | yep | yep | yep | yep | yep | yep |
| set sort order | - | yep | yep | yep | yep | yep | yep | yep |
| zip selection | - | yep | yep | yep | yep | yep | yep | yep |
| file rename | - | yep | yep | yep | yep | yep | yep | yep |
| file cut/paste | - | yep | yep | yep | yep | yep | yep | yep |
| navpane | - | yep | yep | yep | yep | yep | yep | yep |
| image viewer | - | yep | yep | yep | yep | yep | yep | yep |
| video player | - | yep | yep | yep | yep | yep | yep | yep |
| markdown editor | - | - | *2 | *2 | yep | yep | yep | yep |
| markdown viewer | - | *2 | *2 | *2 | yep | yep | yep | yep |
| play mp3/m4a | - | yep | yep | yep | yep | yep | yep | yep |
| play ogg/opus | - | - | - | - | yep | yep | *3 | yep |
| = feature = | ie6 | ie9 | ie10 | ie11 | ff 52 | c 49 | iOS | Andr |
*1 yes, but extremely slow (ie10: 1 MiB/s, ie11: 270 KiB/s)*2 only able to do plaintext documents (no markdown rendering)*3 iOS 11 and newer, opus only, and requires FFmpeg on the serverquick summary of more eccentric web-browsers trying to view a directory index:
| browser | will it blend |
|---|---|
| links (2.21/macports) | can browse, login, upload/mkdir/msg |
| lynx (2.8.9/macports) | can browse, login, upload/mkdir/msg |
| w3m (0.5.3/macports) | can browse, login, upload at 100kB/s, mkdir/msg |
| netsurf (3.10/arch) | is basically ie6 with much better css (javascript has almost no effect) |
| opera (11.60/winxp) | OK: thumbnails, image-viewer, zip-selection, rename/cut/paste. NG: up2k, navpane, markdown, audio |
| ie4 and netscape 4.0 | can browse, upload with ?b=u, auth with &pw=wark |
| ncsa mosaic 2.7 | does not get a pass, pic1 - pic2 |
| SerenityOS (7e98457) | hits a page fault, works with ?b=u, file upload not-impl |
| nintendo 3ds | can browse, upload, view thumbnails (thx bnjmn) |
interact with copyparty using non-browser clients
javascript: dump some state into a file (two separate examples)
await fetch('//127.0.0.1:3923/', {method:"PUT", body: JSON.stringify(foo)});var xhr = new XMLHttpRequest(); xhr.open('POST', '//127.0.0.1:3923/msgs?raw'); xhr.send('foo');curl/wget: upload some files (post=file, chunk=stdin)
post(){ curl -F f=@"$1" http://127.0.0.1:3923/?pw=wark;}post movie.mkv (gives HTML in return)post(){ curl -F f=@"$1" 'http://127.0.0.1:3923/?want=url&pw=wark';}post movie.mkv (gives hotlink in return)post(){ curl -H pw:wark -H rand:8 -T "$1" http://127.0.0.1:3923/;}post movie.mkv (randomized filename)post(){ wget --header='pw: wark' --post-file="$1" -O- http://127.0.0.1:3923/?raw;}post movie.mkvchunk(){ curl -H pw:wark -T- http://127.0.0.1:3923/;}chunk <movie.mkvbash: when curl and wget is not available or too boring
(printf 'PUT /junk?pw=wark HTTP/1.1\r\n\r\n'; cat movie.mkv) | nc 127.0.0.1 3923(printf 'PUT / HTTP/1.1\r\n\r\n'; cat movie.mkv) >/dev/tcp/127.0.0.1/3923python: u2c.py is a command-line up2k client (webm)
FUSE: mount a copyparty server as a local filesystem
sharex (screenshot utility): see ./contrib/sharex.sxcu
contextlet (web browser integration); see contrib contextlet
igloo irc: Method: post Host: https://you.com/up/?want=url&pw=hunter2 Multipart: yes File parameter: f
copyparty returns a truncated sha512sum of your PUT/POST as base64; you can generate the same checksum locally to verify uploads:
b512(){ printf "$((sha512sum||shasum -a512)|sed -E 's/ .*//;s/(..)/\\x\1/g')"|base64|tr '+/' '-_'|head -c44;}
b512 <movie.mkv
you can provide passwords using header PW: hunter2, cookie cppwd=hunter2, url-param ?pw=hunter2, or with basic-authentication (either as the username or password)
NOTE: curl will not send the original filename if you use -T combined with url-params! Also, make sure to always leave a trailing slash in URLs unless you want to override the filename
sync folders to/from copyparty
the commandline uploader u2c.py with --dr is the best way to sync a folder to copyparty; verifies checksums and does files in parallel, and deletes unexpected files on the server after upload has finished which makes file-renames really cheap (it'll rename serverside and skip uploading)
alternatively there is rclone which allows for bidirectional sync and is way more flexible (stream files straight from sftp/s3/gcs to copyparty, ...), although there is no integrity check and it won't work with files over 100 MiB if copyparty is behind cloudflare
a remote copyparty server as a local filesystem; go to the control-panel and click connect to see a list of commands to do that
alternatively, some alternatives roughly sorted by speed (unreproducible benchmark), best first:
most clients will fail to mount the root of a copyparty server unless there is a root volume (so you get the admin-panel instead of a browser when accessing it) -- in that case, mount a specific volume instead
if you have volumes that are accessible without a password, then some webdav clients (such as davfs2) require the global-option --dav-auth to access any password-protected areas
upload to copyparty with one tap
'' 
'' 
the app is NOT the full copyparty server! just a basic upload client, nothing fancy yet
if you want to run the copyparty server on your android device, see install on android
there is no iPhone app, but the following shortcuts are almost as good:
defaults are usually fine - expect 8 GiB/s download, 1 GiB/s upload
below are some tweaks roughly ordered by usefulness:
-q disables logging and can help a bunch, even when combined with -lo to redirect logs to file--hist pointing to a fast location (ssd) will make directory listings and searches faster when -e2d or -e2t is set
--dedup enables deduplication and thus avoids writing to the HDD if someone uploads a dupe--safe-dedup 1 makes deduplication much faster during upload by skipping verification of file contents; safe if there is no other software editing/moving the files in the volumes--no-dirsz shows the size of folder inodes instead of the total size of the contents, giving about 30% faster folder listings--no-hash . when indexing a network-disk if you don't care about the actual filehashes and only want the names/tags searchable--iobuf and/or --s-rd-sz and/or --s-wr-sz may help; try setting all of them to 524288 or 1048576 or 4194304--no-htp --hash-mt=0 --mtag-mt=1 --th-mt=1 minimizes the number of threads; can help in some eccentric environments (like the vscode debugger)-j0 enables multiprocessing (actual multithreading), can reduce latency to 20+80/numCores percent and generally improve performance in cpu-intensive workloads, for example:
-e2d is enabled, -j2 gives 4x performance for directory listings; -j4 gives 16x-j0 (TODO make issue)when uploading files,
chrome is recommended (unfortunately), at least compared to firefox:
if you're cpu-bottlenecked, or the browser is maxing a cpu core:
[🚀] up2k ui-tab (or closing it)
[🥔]there is a discord server with an @everyone for all important updates (at the lack of better ideas)
some notes on hardening
--rproxy 0 if your copyparty is directly facing the internet (not through a reverse-proxy)
nohtml
--help-bindsafety profiles:
option -s is a shortcut to set the following options:
--no-thumb disables thumbnails and audio transcoding to stop copyparty from running FFmpeg/Pillow/VIPS on uploaded files, which is a good idea if anonymous upload is enabled--no-mtag-ff uses mutagen to grab music tags instead of FFmpeg, which is safer and faster but less accurate--dotpart hides uploads from directory listings while they're still incoming--no-robots and --force-js makes life harder for crawlers, see hiding from googleoption -ss is a shortcut for the above plus:
--unpost 0, --no-del, --no-mv disables all move/delete support--hardlink creates hardlinks instead of symlinks when deduplicating uploads, which is less maintenance
--vague-403 returns a "404 not found" instead of "401 unauthorized" which is a common enterprise meme-nih removes the server hostname from directory listingsoption -sss is a shortcut for the above plus:
--no-dav disables webdav support--no-logues and --no-readme disables support for readme's and prologues / epilogues in directory listings, which otherwise lets people upload arbitrary (but sandboxed) <script> tags-lo cpp-%Y-%m%d-%H%M%S.txt.xz enables logging to disk-ls **,*,ln,p,r does a scan on startup for any dangerous symlinksother misc notes:
g instead of r, only accepting direct URLs to files
h instead of r makes copyparty behave like a traditional webserver with directory listing/index disabled, returning index.html instead
behavior that might be unexpected
.prologue.html / .epilogue.html / PREADME.md / README.md contents, for the purpose of showing a description on how to use the uploader for example<script>s which autorun (in a sandbox) for other visitors in a few ways;
README.md -- avoid with --no-readmesome.html to .epilogue.html -- avoid with either --no-logues or --no-dot-ren<script>s; attempts are made to prevent scripts from executing (unless -emp is specified) but this is not 100% bulletproof, so setting the nohtml volflag is still the safest choice
cross-site request config
by default, except for GET and HEAD operations, all requests must either:
Origin header at allOrigin matching the server domainPW with your password as valuecors can be configured with --acao and --acam, or the protections entirely disabled with --allow-csrf
prevent filename bruteforcing
volflag fk generates filekeys (per-file accesskeys) for all files; users which have full read-access (permission r) will then see URLs with the correct filekey ?k=... appended to the end, and g users must provide that URL including the correct key to avoid a 404
by default, filekeys are generated based on salt (--fk-salt) + filesystem-path + file-size + inode (if not windows); add volflag fka to generate slightly weaker filekeys which will not be invalidated if the file is edited (only salt + path)
permissions wG (write + upget) lets users upload files and receive their own filekeys, still without being able to see other uploads
share specific folders in a volume without giving away full read-access to the rest -- the visitor only needs the g (get) permission to view the link
volflag dk generates dirkeys (per-directory accesskeys) for all folders, granting read-access to that folder; by default only that folder itself, no subfolders
volflag dky disables the actual key-check, meaning anyone can see the contents of a folder where they have g access, but not its subdirectories
dk + dky gives the same behavior as if all users with g access have full read-access, but subfolders are hidden files (as if their names start with a dot), so dky is an alternative to renaming all the folders for that purpose, maybe just for some usersvolflag dks lets people enter subfolders as well, and also enables download-as-zip/tar
if you enable dirkeys, it is probably a good idea to enable filekeys too, otherwise it will be impossible to hotlink files from a folder which was accessed using a dirkey
dirkeys are generated based on another salt (--dk-salt) + filesystem-path and have a few limitations:
you can hash passwords before putting them into config files / providing them as arguments; see --help-pwhash for all the details
--ah-alg argon2 enables it, and if you have any plaintext passwords then it'll print the hashed versions on startup so you can replace them
optionally also specify --ah-cli to enter an interactive mode where it will hash passwords without ever writing the plaintext ones to disk
the default configs take about 0.4 sec and 256 MiB RAM to process a new password on a decent laptop
both HTTP and HTTPS are accepted by default, but letting a reverse proxy handle the https/tls/ssl would be better (probably more secure by default)
copyparty doesn't speak HTTP/2 or QUIC, so using a reverse proxy would solve that as well -- but note that HTTP/1 is usually faster than both HTTP/2 and HTTP/3
if cfssl is installed, copyparty will automatically create a CA and server-cert on startup
--crt-dir for distribution, see --help for the other --crt optionsca.pem into all your browsers/devicesfirefox 87 can crash during uploads -- the entire browser goes, including all other browser tabs, everything turns white
however you can hit F12 in the up2k tab and use the devtools to see how far you got in the uploads:
get a complete list of all uploads, organized by status (ok / no-good / busy / queued):
var tabs = { ok:[], ng:[], bz:[], q:[] }; for (var a of up2k.ui.tab) tabs[a.in].push(a); tabs
list of filenames which failed:
var ng = []; for (var a of up2k.ui.tab) if (a.in != 'ok') ng.push(a.hn.split('<a href=\"').slice(-1)[0].split('\">')[0]); ng
send the list of filenames to copyparty for safekeeping:
await fetch('/inc', {method:'PUT', body:JSON.stringify(ng,null,1)})
see devnotes
mandatory deps:
jinja2 (is built into the SFX)install these to enable bonus features
enable hashed passwords in config: argon2-cffi
enable ftp-server:
pyftpdlib (is built into the SFX)pyftpdlib pyopensslenable music tags:
mutagen (fast, pure-python, skips a few tags, makes copyparty GPL? idk)ffprobe (20x slower, more accurate, possibly dangerous depending on your distro and users)enable thumbnails of...
Pillow and/or pyvips and/or ffmpeg (requires py2.7 or py3.5+)ffmpeg and ffprobe somewhere in $PATHpyvips or ffmpeg or pyheif-pillow-opener (requires Linux or a C compiler)pyvips or ffmpeg or pillow-avif-pluginpyvips or ffmpegenable smb support (not recommended):
impacket==0.12.0pyvips gives higher quality thumbnails than Pillow and is 320% faster, using 270% more ram: sudo apt install libvips42 && python3 -m pip install --user -U pyvips
prevent loading an optional dependency , for example if:
set any of the following environment variables to disable its associated optional feature,
| env-var | what it does |
|---|---|
PRTY_NO_ARGON2 | disable argon2-cffi password hashing |
PRTY_NO_CFSSL | never attempt to generate self-signed certificates using cfssl |
PRTY_NO_FFMPEG | audio transcoding goes byebye, thumbnailing must be handled by Pillow/libvips |
PRTY_NO_FFPROBE | audio transcoding goes byebye, thumbnailing must be handled by Pillow/libvips, metadata-scanning must be handled by mutagen |
PRTY_NO_MUTAGEN | do not use mutagen for reading metadata from media files; will fallback to ffprobe |
PRTY_NO_PIL | disable all Pillow-based thumbnail support; will fallback to libvips or ffmpeg |
PRTY_NO_PILF | disable Pillow ImageFont text rendering, used for folder thumbnails |
PRTY_NO_PIL_AVIF | disable 3rd-party Pillow plugin for AVIF support |
PRTY_NO_PIL_HEIF | disable 3rd-party Pillow plugin for HEIF support |
PRTY_NO_PIL_WEBP | disable use of native webp support in Pillow |
PRTY_NO_PSUTIL | do not use psutil for reaping stuck hooks and plugins on Windows |
PRTY_NO_VIPS | disable all libvips-based thumbnail support; will fallback to Pillow or ffmpeg |
example: PRTY_NO_PIL=1 python3 copyparty-sfx.py
PRTY_NO_PIL saves ramPRTY_NO_VIPS saves ram and startup timePRTY_NO_FFMPEG + PRTY_NO_FFPROBE saves startup timesome bundled tools have copyleft dependencies, see ./bin/#mtag
these are standalone programs and will never be imported / evaluated by copyparty, and must be enabled through -mtp configs
the self-contained "binary" (recommended!) copyparty-sfx.py will unpack itself and run copyparty, assuming you have python installed of course
you can reduce the sfx size by repacking it; see ./docs/devnotes.md#sfx-repack
download copyparty.exe (win8+) or copyparty32.exe (win7+)
can be convenient on machines where installing python is problematic, however is not recommended -- if possible, please use copyparty-sfx.py instead
copyparty.exe runs on win8 or newer, was compiled on win10, does thumbnails + media tags, and is currently safe to use, but any future python/expat/pillow CVEs can only be remedied by downloading a newer version of the exe
dangerous: copyparty32.exe is compatible with windows7, which means it uses an ancient copy of python (3.7.9) which cannot be upgraded and should never be exposed to the internet (LAN is fine)
dangerous and deprecated: copyparty-winpe64.exe lets you run copyparty in WinPE and is otherwise completely useless
meanwhile copyparty-sfx.py instead relies on your system python which gives better performance and will stay safe as long as you keep your python install up-to-date
then again, if you are already into downloading shady binaries from the internet, you may also want my minimal builds of ffmpeg and ffprobe which enables copyparty to extract multimedia-info, do audio-transcoding, and thumbnails/spectrograms/waveforms, however it's much better to instead grab a recent official build every once ina while if you can afford the size
another emergency alternative, copyparty.pyz has less features, is slow, requires python 3.7 or newer, worse compression, and more importantly is unable to benefit from more recent versions of jinja2 and such (which makes it less secure)... lots of drawbacks with this one really -- but it does not unpack any temporary files to disk, so it may just work if the regular sfx fails to start because the computer is messed up in certain funky ways, so it's worth a shot if all else fails
run it by doubleclicking it, or try typing python copyparty.pyz in your terminal/console/commandline/telex if that fails
it is a python zipapp meaning it doesn't have to unpack its own python code anywhere to run, so if the filesystem is busted it has a better chance of getting somewhere
install Termux + its companion app Termux:API (see ocv.me/termux) and then copy-paste this into Termux (long-tap) all at once:
yes | pkg upgrade && termux-setup-storage && yes | pkg install python termux-api && python -m ensurepip && python -m pip install --user -U copyparty && { grep -qE 'PATH=.*\.local/bin' ~/.bashrc 2>/dev/null || { echo 'PATH="$HOME/.local/bin:$PATH"' >> ~/.bashrc && . ~/.bashrc; }; }
echo $?
after the initial setup, you can launch copyparty at any time by running copyparty anywhere in Termux -- and if you run it with --qr you'll get a neat qr-code pointing to your external ip
if you want thumbnails (photos+videos) and you're okay with spending another 132 MiB of storage, pkg install ffmpeg && python3 -m pip install --user -U pillow
vips for photo-thumbs instead, pkg install libvips && python -m pip install --user -U wheel && python -m pip install --user -U pyvips && (cd /data/data/com.termux/files/usr/lib/; ln -s libgobject-2.0.so{,.0}; ln -s libvips.so{,.42})ideas for context to include, and where to submit them
please get in touch using any of the following URLs:
in general, commandline arguments (and config file if any)
if something broke during an upload (replacing FILENAME with a part of the filename that broke):
journalctl -aS '48 hour ago' -u copyparty | grep -C10 FILENAME | tee bug.log
if there's a wall of base64 in the log (thread stacks) then please include that, especially if you run into something freezing up or getting stuck, for example OperationalError('database is locked') -- alternatively you can visit /?stack to see the stacks live, so http://127.0.0.1:3923/?stack for example
for build instructions etc, see ./docs/devnotes.md
see ./docs/TODO.md for planned features / fixes / changes
FAQs
Portable file server with accelerated resumable uploads, deduplication, WebDAV, FTP, zeroconf, media indexer, video thumbnails, audio transcoding, and write-only folders
We found that copyparty demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.