Self-hosted file/code/media sharing website. ~~~~~~~~~~~~~~~~~~~ Demo:


Development on this repository has been frozen.

Feel free to send a pull request if you are maintaining an active fork of this project to add a link to your repository in this readme.

Active Forks


Build Status

Self-hosted file/media sharing website.


You can see what it looks like using the demo:





  • Display common filetypes (image, video, audio, markdown, pdf)
  • Display syntax-highlighted code with in-place editing
  • Documented API with keys for restricting uploads
  • Torrent download of files using web seeding
  • File expiry, deletion key, file access key, and random filename options


Getting started

Using Docker

  1. Create directories files and meta and run chown -R 65534:65534 meta && chown -R 65534:65534 files
  2. Create a config file (example provided in repo), we'll refer to it as linx-server.conf in the following examples

Example running

docker run -p 8080:8080 -v /path/to/linx-server.conf:/data/linx-server.conf -v /path/to/meta:/data/meta -v /path/to/files:/data/files andreimarcu/linx-server -config /data/linx-server.conf

Example with docker-compose

version: '2.2'
    container_name: linx-server
    image: andreimarcu/linx-server
    command: -config /data/linx-server.conf
      - /path/to/files:/data/files
      - /path/to/meta:/data/meta
      - /path/to/linx-server.conf:/data/linx-server.conf
    network_mode: bridge
      - "8080:8080"
    restart: unless-stopped

Ideally, you would use a reverse proxy such as nginx or caddy to handle TLS certificates.

Using a binary release

  1. Grab the latest binary from the releases, then run go install
  2. Run linx-server -config path/to/linx-server.conf



All configuration options are accepted either as arguments or can be placed in a file as such (see example file linx-server.conf.example in repo):

bind =
sitename = myLinx
maxsize = 4294967296
maxexpiry = 86400
# ... etc

...and then run linx-server -config path/to/linx-server.conf


Option Description
bind = what to bind to (default is
sitename = myLinx the site name displayed on top (default is inferred from Host header)
siteurl = the site url (default is inferred from execution context)
selifpath = selif path relative to site base url (the "selif" in where files are accessed directly (default: selif)
maxsize = 4294967296 maximum upload file size in bytes (default 4GB)
maxexpiry = 86400 maximum expiration time in seconds (default is 0, which is no expiry)
allowhotlink = true Allow file hotlinking
contentsecuritypolicy = "..." Content-Security-Policy header for pages (default is "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';")
filecontentsecuritypolicy = "..." Content-Security-Policy header for files (default is "default-src 'none'; img-src 'self'; object-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self';")
refererpolicy = "..." Referrer-Policy header for pages (default is "same-origin")
filereferrerpolicy = "..." Referrer-Policy header for files (default is "same-origin")
xframeoptions = "..." X-Frame-Options header (default is "SAMEORIGIN")
remoteuploads = true (optionally) enable remote uploads (/upload?url=https://...)
nologs = true (optionally) disable request logs in stdout
force-random-filename = true (optionally) force the use of random filenames
custompagespath = custom_pages/ (optionally) specify path to directory containing markdown pages (must end in .md) that will be added to the site navigation (this can be useful for providing contact/support information and so on). For example, custom_pages/ will become My Page in the site navigation

Cleaning up expired files

When files expire, access is disabled immediately, but the files and metadata will persist on disk until someone attempts to access them. You can set the following option to run cleanup every few minutes. This can also be done using a separate utility found the linx-cleanup directory.

Option Description
cleanup-every-minutes = 5 How often to clean up expired files in minutes (default is 0, which means files will be cleaned up as they are accessed)

Require API Keys for uploads

Option Description
authfile = path/to/authfile (optionally) require authorization for upload/delete by providing a newline-separated file of scrypted auth keys
remoteauthfile = path/to/remoteauthfile (optionally) require authorization for remote uploads by providing a newline-separated file of scrypted auth keys
basicauth = true (optionally) allow basic authorization to upload or paste files from browser when -authfile is enabled. When uploading, you will be prompted to enter a user and password - leave the user blank and use your auth key as the password

A helper utility linx-genkey is provided which hashes keys to the format required in the auth files.

Storage backends

The following storage backends are available:

Name Notes Options
LocalFS Enabled by default, this backend uses the filesystem filespath = files/ -- Path to store uploads (default is files/)
metapath = meta/ -- Path to store information about uploads (default is meta/)
S3 Use with any S3-compatible provider.
This implementation will stream files through the linx instance (every download will request and stream the file from the S3 bucket). File metadata will be stored as tags on the object in the bucket.

For high-traffic environments, one might consider using an external caching layer such as described in this article.
s3-endpoint = https://... -- S3 endpoint
s3-region = us-east-1 -- S3 region
s3-bucket = mybucket -- S3 bucket to use for files and metadata
s3-force-path-style = true (optional) -- force path-style addresing (e.g.

Environment variables to provide:
AWS_ACCESS_KEY_ID -- the S3 access key
AWS_SECRET_ACCESS_KEY -- the S3 secret key
AWS_SESSION_TOKEN (optional) -- the S3 session token

SSL with built-in server

Option Description
certfile = path/to/your.crt Path to the ssl certificate (required if you want to use the https server)
keyfile = path/to/your.key Path to the ssl key (required if you want to use the https server)

Use with http proxy

Option Description
realip = true let linx-server know you (nginx, etc) are providing the X-Real-IP and/or X-Forwarded-For headers.

Use with fastcgi

Option Description
fastcgi = true serve through fastcgi


Linx-server supports being deployed in a subdirectory (ie. as well as on its own (

1. Using fastcgi

A suggested deployment is running nginx in front of linx-server serving through fastcgi. This allows you to have nginx handle the TLS termination for example.
An example configuration:

server {
    client_max_body_size 4096M;
    location / {
        include fastcgi_params;

And run linx-server with the fastcgi = true option.

2. Using the built-in https server

Run linx-server with the certfile = path/to/cert.file and keyfile = path/to/key.file options.

3. Using the built-in http server

Run linx-server normally.


Any help is welcome, PRs will be reviewed and merged accordingly.
The official IRC channel is #linx on

  1. go get -u
  2. cd $GOPATH/src/
  3. go build && ./linx-server


Copyright (C) 2015 Andrei Marcu

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see


Andrei Marcu,

  • Allow Basic authentication in browser

    Allow Basic authentication in browser

    Fix for #88

    This change allows setting new command line option -basicauth that allows sending files to authfile-enabled servers through browser. When this option is enabled, upload and paste page is shown even when -authfile option is present. After either uploading a file, or pasting text, an standard browser authentication window is shown. Username is ignored, and password is taken as Api-Key. If the password match entry in authfile, upload or paste is allowed. If not, it fails with Unauthorized message. Because browsers typically keep Authorization header, successive uploads don't require another password entry.

    Unfortunately, there's no indication for user that password is the field for api key.

    Please note that I do not have any experience in Go, and this was mostly done by reverse engineering already existing code. I tried to keep the changes as small as possible and everything should work as before if new command line options is not passed. I will be more than happy for guidance or tips how to improve the solution, or just straight up amends, if this is not adequate.

    opened by nivertius 12
  • Make the web page mobile friendly

    Make the web page mobile friendly

    Hello, I noticed that the upload page is zoomed out on mobile and I was able to make it nicer with minimal changes that don't affect the wider screens (desktop) appearance.

    | Before | After | |----------|--------| | before | after |

    opened by ssimono 6
  • allow limiting access by passwords

    allow limiting access by passwords

    fixes #194

    opened by stek29 6
  • Add support for go modules

    Add support for go modules


    opened by Thor77 4
  • Add linx-cleanup tool

    Add linx-cleanup tool

    This doesn't completely fix #116, but it makes setting up a cron job to do cleanup much more pleasant.

    I also dropped mercurial from the Dockerfile since it isn't needed anymore.

    opened by mutantmonkey 4
  • Add ability to short urls for uploaded content

    Add ability to short urls for uploaded content


    added the ability to short the urls for uploaded content with Google's URL Shortener. If needed there is also the option to use an API Key if the daily limit gets reached.

    Resolves #78 Related andreimarcu/linx-client#11


    • Added Go 1.6 to Travis
    • Updated hint.css to newest version
    • Added Clipboard.js for adding the shortened url to clipboard

    Thanks, Atrox

    opened by Atrox 3
  • Add option to force random filenames (fixes #86)

    Add option to force random filenames (fixes #86)

    • Hide the "randomize filename" checkbox on the index and the "filename" text box on the paste page
    • Update API documentation to show random filenames in examples
    • Don't force a random filename when overwriting with a valid delete key
    • If a filename already exists and a random filename is being used, keep generating new random filenames until one doesn't exist instead of using a counter
    opened by mutantmonkey 2
  • Corrected docker-compose

    Corrected docker-compose

    The volume mapping of the linx-server.conf file points in the container to a folder named "linx-server.conf" instead of the actual .conf file.

    opened by AlexKnowsIt 2
  • Add mime-type and extension handling for SVG files

    Add mime-type and extension handling for SVG files

    SVG files get a mime-type of image/svg+xml. SVG files with no filename get an extension of .svg.

    Fixes #229

    opened by Infinoid 2
  • Bump from 1.0.2 to 1.0.16

    Bump from 1.0.2 to 1.0.16

    Bumps from 1.0.2 to 1.0.16.

    Release notes

    Sourced from's releases.

    Prevent a HTML sanitization vulnerability


    A vulnerability was discovered by which allowed the contents of a style tag to be leaked unsanitized by bluemonday into the HTML output. Further it was demonstrated that if the form elements select and option were allowed by the policy that this could result in a successful XSS.

    You would only be vulnerable to if if you allowed style, select and option in your HTML sanitization policy:

    p := bluemonday.NewPolicy()
    html := p.Sanitize(`<select><option><style><script>alert(1)</script>`)

    bluemonday very strongly recommends not allowing the style element in a policy. It is fundamentally unsafe as we do not have a CSS sanitizer and the content is passed through unmodified.

    bluemonday has been updated to explicitly suppress style and script elements by default even if you do allow them by policy as these are considered unsafe. If you have a use-case for using bluemonday whilst trusting the input then you can assert this via p.AllowUnsafe(true) which will let style and script through if the policy also allows them.

    Note: the policies shipped with bluemonday are not vulnerable to this.

    Fix XSS vulnerability in HTML attribute parsing

    A well crafted HTML attribute had the potential to evade sanitization due to incorrect escaping of the attribute whilst serializing it.

    This version resolves that issue. In doing so it will also correctly use &amp; to separate query string values in URLs within HTML attributes (href, src, ...).

    Add SanitizeReaderToWriter(r io.Reader, w io.Writer)

    No release notes provided.

    Policies that accept regexps for matching are now additive

    Thanks to @​KN4CK3R for the contribution of a PR that results in multiple Matching() policies on the same attr and element no longer clobber the previous regexps.

    Improve data-uri base64 handling, and improve docs structure

    No release notes provided.

    Improve support for links on all elements

    Originally I had only concentrated the link validation on the elements that were safe to link. However people do want to allow some unsafe elements and yet still have the benefits of link validation and sanitization, i.e. allow iframe but still have the src safely validated... these changes allow that.

    Additionally I have added tests showing how AllowSchemesWithCustomPolicy can be used to globally allow only links to certain domains, and a test that shows how to apply the AllowAttributes().Matching().OnElements to only allow a given domain on specific elements (i.e. only allow an iframe if is is a YouTube embed).


    Adds a new func to allow HTML comments to be allowed. But does not allow CDATA comments which will be treated as plain HTML comments.

    Also updates the readme, and the versions of the dependencies that have also updated.

    Update x/net to latest version

    As per

    Restore support for go < 1.10

    No release notes provided.

    ... (truncated)

    • c788a2a Prevent a HTML sanitization vulnerability
    • 13d1799 go fmt with go 1.17
    • cada0f0 Merge pull request #128 from 6543-forks/ci-enforce-code-format
    • 7e9370a CI.restart()
    • be04ac9 enforce "lf" line ending
    • 9926455 Add "Check Code Formation" step to CI
    • 1b5510c add "fmt-check" make target
    • 1a86fcd go mod tidy && go fmt
    • f0057e2 Fix escaping of HTML attributes
    • c0a6f20 Spelling mistakes and whitespace are OK
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    opened by dependabot[bot] 0
Andrei Marcu
Andrei Marcu
The simple but elegant self-hosted file transfer & sharing solution

Looking for a new maintainer YouTransfer is looking for contributors who are willing to update out-dated packages, merge pull requests, resolve issues 1.5k Nov 22, 2021
Simple open source self-hosted file sharing solution.

PsiTransfer Simple open source self-hosted file sharing solution. It's an alternative to paid services like Dropbox, WeTransfer. No accounts, no login

Christoph Wiechert 877 Nov 19, 2021
Sharry is a self-hosted file sharing web application.

Sharry Sharry allows to share files with others in a simple way. It is a self-hosted web application. The basic concept is: upload files and get a url

null 290 Nov 22, 2021
The simple but elegant self-hosted file transfer & sharing solution

Looking for a new maintainer YouTransfer is looking for contributors who are willing to update out-dated packages, merge pull requests, resolve issues 1.5k Nov 25, 2021
:mailbox_with_mail: Simple, private file sharing. Mirror of

Send A fork of Mozilla's Firefox Send. Mozilla discontinued Send, this fork is a community effort to keep the project up-to-date and alive. Forked at

Tim Visée 1.8k Nov 30, 2021
High performance file syncing and sharing, with also Markdown WYSIWYG editing, Wiki, file label and other knowledge management features.

Introduction Seafile is an open source cloud storage system with privacy protection and teamwork features. Collections of files are called libraries.

null 9.1k Nov 30, 2021
Easy file sharing with server-side encryption, curl/httpie/wget compliant

goploader Introduction Goploader's ultimate goal is to make file sharing easy and painless. This project is composed of a server and a client, both wr

null 215 Nov 17, 2021
**ARCHIVED** Self-hosted file storage

Development on droppy has ceased because I don't have enough time or motivation to properly support it and because of its outdated technology stack, i

null 1.6k Nov 30, 2021 is the Official GitLab mirror of -- Merge requests should be made on GitLab (not on GitHub)

About Samba Samba is the standard Windows interoperability suite of programs for Linux and Unix. Samba is Free Software licensed under the GNU General

Samba Team 606 Nov 25, 2021
Simple, private file sharing from the makers of Firefox

Firefox Send Docs: FAQ, Encryption, Build, Docker, Metrics, More Table of Contents What it does Requirements Development Commands Configuration Locali

Mozilla 13.2k Nov 30, 2021
Easy and fast file sharing from the command-line. Easy and fast file sharing from the command-line. This code contains the server with everything you need to create your own instance. Tran

Dutchcoders 12.1k Nov 28, 2021
Web based p2p file sharing built on WebRTC Data Channels API

Farewell It's been 5 years since commercial browsers started supporting WebRTC . Peer5 is no longer able to keep Sharefest functional and operating, i

Peer5 1.7k Nov 20, 2021
Simple file uploading and sharing, source for the now shut down site

Moved Development of Pomf has been moved to, but the original code will still stay here as well if you fancy this outdate

Eric Johansson (neku) 474 Nov 17, 2021
Minimalist Drag & drop file sharing app (version 2.4 build 15)

BoZoN Official website : Roadmap page : Minimalist Drag & drop file sharing app ( ) Inst

Bronco 292 Nov 26, 2021
⬇️ File Upload/sharing application, used by thousands of webmasters since 2007.

Kleeja The powerful and easiest way to run File Upload/sharing Service on your website. Trusted by thousands of webmasters since 2007. ?? ?? Features

Kleeja 135 Nov 13, 2021
FileShelter is a “one-click” file sharing web application

FileShelter FileShelter is a self-hosted software that allows you to easily share files over the Internet. Just upload a file and get an URL back! The

Emeric POUPON 165 Nov 22, 2021
Simple file uploading and sharing

Pomf Pomf is a simple file uploading and sharing platform. Features One click uploading, no registration required A minimal, modern web interface Drag

Pomf 641 Nov 22, 2021 main website is a secure image hosting. Images are encrypted using AES-256 with random key in browser before upload. DEPRECATED NOTICE software is re 198 Oct 10, 2020
Simple static file server with cli and webinterface. This is just a mirror repo

Surfer Surfer is a Simple static file server. It comes with a commandline tool to upload files from your local folders and a webinterface to manage fi

Cloudron 41 Oct 26, 2021