- Rust 81.6%
- HTML 12%
- CSS 6.4%
|
phin
257aa623eb
v0.5.0
- exif metadata stripping (img-parts, jpeg/png/webp)
- url uploads with queue, ssrf protection, rate limiting
- download pages (/d/{id}) with pending/ready/failed states
- inline file viewing with correct content-type
- file reporting system with admin panel
- server-side render timing in footer
- shared finalize/dedup logic (finalize.rs)
- single-transaction uploads (hash+insert atomic)
- crate bumps: sha1 0.11, redb 4, aes 0.9, ctr 0.10, ureq 3 +rustls
- updated config.toml.example, benchmarks
|
||
|---|---|---|
| docs | v0.5.0 | |
| src | v0.5.0 | |
| templates | v0.5.0 | |
| utils | add sysctl tuning, update systemd service | |
| .gitignore | v0.3.2 | |
| Cargo.toml | v0.5.0 | |
| config.toml.example | v0.5.0 | |
| README.md | v0.4.1 | |
hauserver2
high-performance file hosting backend in Rust. single binary, embedded database, AES-256 encryption, torrent generation, file deduplication. no accounts, no logs, no tracking.
features
- streaming upload/download (up to 300 GB)
- short URLs (
/f/aBcDeF/photo.jpg) - file deduplication via BLAKE3 hashing + symlinks
- AES-256-CTR encryption with key-in-URL sharing (128-bit counter)
- .torrent file generation
- per-file expiration
- multi-file upload (drag & drop, paste from clipboard, file picker)
- noscript-compatible (no JS required)
- JSON API responses (
Accept: application/json) - ShareX support (download .sxcu)
- concurrent upload limiting (OOM protection)
- embedded redb database (no external DB needed)
- master/slave mode with weighted auto-balancing
- abuse/legal page with configurable DMCA/EU templates
- warrant canary page
- security headers (CSP, Referrer-Policy, X-Content-Type-Options, X-Frame-Options)
- ~6 MB binary, zero runtime dependencies
setup
requires Rust and git. Linux only.
git clone https://codeberg.org/phin/hauserver2
cd hauserver2
cp config.toml.example config.toml
# edit config.toml — set base_url, storage_dir, etc.
cargo build --release
./target/release/hauserver2
the server creates a default config.toml if one doesn't exist.
nginx (recommended)
hauserver2 works standalone, but putting it behind nginx gives you TLS, rate limiting, and faster downloads (nginx serves unencrypted files directly via sendfile).
copy utils/hauserver2.nginxconf to your nginx sites and edit:
server_name- SSL cert paths
$storage_dir(must matchstorage_dirin config.toml)- uncomment
limit_reqlines for upload rate limiting (see comments in the config)
see docs/benchmark.md for performance numbers.
usage
browser
visit the site, select a file, done. options for encryption, torrent, and expiry are on the page. works without JavaScript.
API
# upload
curl -X PUT --data-binary @file.bin https://yoursite.com/upload/file.bin
# upload (JSON response for ShareX / scripts)
curl -X PUT -H "Accept: application/json" \
--data-binary @file.bin https://yoursite.com/upload/file.bin
# {"success":true,"url":"https://yoursite.com/f/aBcDeF/file.bin"}
# encrypted upload
curl -X PUT -H "X-Encrypt: 1" \
--data-binary @file.bin https://yoursite.com/upload/file.bin
# one-liner for .bashrc
hau() {
curl -X PUT --data-binary @"1ドル" \
"https://yoursite.com/upload/$(basename "1ドル")"
}
full API docs at /api on a running instance.
ShareX
download the .sxcu config from a running instance and open it in ShareX. note: i don't use ShareX — if the config is broken, please open an issue.
config
see config.toml.example for all options. key settings:
| option | default | description |
|---|---|---|
port |
4495 | listen port |
base_url |
http://localhost:4495 |
public URL for generated links |
storage_dir |
./files |
where uploads are stored |
db_path |
./hauserver2.redb |
embedded database file |
max_file_size_gb |
300 | max upload size |
buffer_size_kb |
1024 | upload buffer (tuned via benchmark) |
max_concurrent_uploads |
100 | concurrent upload limit (OOM protection) |
server_mode |
frontend_backend |
frontend_backend, backend_slave, or frontend_master |
rate limiting
hauserver2 relies on nginx for rate limiting. see utils/hauserver2.nginxconf for the recommended setup. add limit_req_zone to your main nginx.conf and uncomment the limit_req lines in the site config.
multi-node mode
for distributed deployments, set server_mode = "frontend_master" and configure slaves:
[server]
server_mode = "frontend_master"
slaves = [
{ url = "https://node1.example.com", weight = "auto" },
{ url = "https://node2.example.com", weight = "auto" },
]
clients upload directly to slaves (no proxying). slaves report free disk space via /weight for automatic load balancing.
performance
on a 3-vCPU Xeon @ 2.2GHz (see docs/benchmark.md):
- 41,000 req/s on index page
- 100 simultaneous 1MB uploads in 1.3 seconds
- 1.0 GB/s download throughput (direct), 3.6 GB/s behind nginx
roadmap
(削除) configurable short URL length (削除ここまで)(削除) ShareX custom uploader config (削除ここまで)(削除) JSON API responses (削除ここまで)(削除) file deduplication (削除ここまで)(削除) embedded database (redb) (削除ここまで)(削除) sendfile for unencrypted downloads (削除ここまで)(削除) concurrent upload limiting (削除ここまで)(削除) refactor code into separate files/modules (削除ここまで)- inline file viewing (correct Content-Type for images/video,
?downloadto force download) - client-side encryption (encrypt in browser before upload — server never sees plaintext)
- metadata stripping (auto-strip EXIF/GPS from images on upload)
- zero-knowledge encrypted file lists (share multiple encrypted files under one URL)
- s3-compatible storage backend (S3/MinIO/R2 instead of local disk)
(削除) multi-node auto-weighting (distribute uploads by node capacity/load) (削除ここまで)- better support for multiple frontends (shared DB, cross-node dedup, single download domain)
- onion service auto-configuration
(削除) multiple file upload per request (drag & drop, paste, multi-file picker) (削除ここまで)- file retention policies (auto-delete after X days of no downloads)
(削除) canary page (削除ここまで)
privacy by design
hauserver2 collects no logs by default. there are no accounts, no analytics, no tracking cookies, no fingerprinting. IP addresses are never written to disk or database. encrypted uploads use AES-256-CTR with a unique key per file — the server stores only ciphertext and cannot decrypt without the key in the URL.
fine-tuning
see utils/sysctl.conf for recommended kernel settings (TCP buffers, BBR, connection backlog, memory tuning):
cp utils/sysctl.conf /etc/sysctl.d/99-hauserver2.conf
sysctl -p /etc/sysctl.d/99-hauserver2.conf