Skip to main content

Global view

Introduction

CryptnDrive is a secured web file sharing system providing end to end encryption through native web browser encryption of contents. This manual is split in 3 parts : the architecture of the system, the installation of the web server and finally the configuration of the system.

If you already have an instance and just want to change the configuration parameters, please jump directly to the Configuration chapter.

Architecture

Technical architecture

::: notes

The different components of the Transfer system are the following:

  • A web access server in charge of communications between other components,
  • A database storing all encrypted and unencrypted data (the metadata).
  • Users web browsers.

:::

Constraints

  • Server or VM
    • A linux distribution (redhat, centos, debian, ubuntu, suse, slackware, ...). Certified on Debian 8 and Centos 7.
      • No specific CPU requirements
      • At least 60MB of RAM per users connected simultaneously
      • Disk according to the expected size of the storage (typically 2GB / user with an account)
      • The server must be able to send mails either through a local smtp server or through a remote one (we detail the configuration after)
      • ssh root access for software installation, the www-data (for debian based distribution) or www (for rpm distributions) account will be used
      • Apache 2.2 or later installed and functional, used in reverse-proxy for access to the nodejs server. Reverse proxy ensures ssl encryption of communications with browsers.
      • A valid SSL certificate for clients' web browsers
      • Nodejs 6.9.X or 6.10.X installed or installable
    • Network constraints:
      • Port 80 (http) and 443 (https) must be accessible from the outside. A redirect is done from the port 80 to the port 443 (in the apache configuration).
      • Port 22 (ssh) must be accessible from the outside
      • If the mongodb database is on a third-party server, we recommend a dedicated and reserved network interface for this purpose, ssh access and monitoring.

Multiple instance installation on a single server

It is possible to have multiple instance running on a single server. Typically an instance on https://drive.thecompany.com and other ones such as https://transfer.thecompany.com and https://transfer.company-drive.com. In this case, separated database will be used in the mongodb server as well as separated nodejs servers for each subdomain.