Created
February 21, 2026 10:00
-
-
Save itsmeow/6da0d277c3f300f2144e2862b10435ed to your computer and use it in GitHub Desktop.
copyparty rootless podman with HAProxy over unix socket - debian setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if ! $( id "copyparty" >/dev/null 2>&1 ); then | |
| useradd --system --shell /bin/bash -m -F --home-dir /home/copyparty copyparty | |
| usermod -aG systemd-journal copyparty | |
| echo "export XDG_RUNTIME_DIR=/run/user/\$(id -u \$USER)" > /tmp/bashrcprepend | |
| echo "export DBUS_SESSION_BUS_ADDRESS=\"unix:path=/run/user/\$(id -u \$USER)/bus\"" >> /tmp/bashrcprepend | |
| cat <<< "$(cat /tmp/bashrcprepend) | |
| $(cat /home/copyparty/.bashrc)" > /home/copyparty/.bashrc | |
| loginctl enable-linger copyparty | |
| fi | |
| apt install -y ffmpeg socat | |
| mkdir -p /home/copyparty/log | |
| mkdir -p /home/copyparty/.config/containers/systemd/ | |
| mkdir -p /var/lib/app_volumes/copyparty/config | |
| mkdir -p /var/lib/app_volumes/copyparty/files | |
| mkdir -p /var/lib/haproxy/run | |
| chmod ugo+rwx /var/lib/haproxy/run/ | |
| cp copyparty.container /home/copyparty/.config/containers/systemd/copyparty.container | |
| cp copyparty.conf /var/lib/app_volumes/copyparty/config | |
| chown -R copyparty:copyparty /var/lib/app_volumes/copyparty | |
| chown -R copyparty:copyparty /home/copyparty/log | |
| chown -R copyparty:copyparty /home/copyparty/.config | |
| chmod 755 /home/copyparty | |
| chmod 750 /home/copyparty/log | |
| chmod 755 /var/lib/app_volumes/copyparty | |
| chmod 750 /var/lib/app_volumes/copyparty/config | |
| chmod 600 /var/lib/app_volumes/copyparty/config/copyparty.conf | |
| chmod 750 /var/lib/app_volumes/copyparty/files | |
| chmod 750 /home/copyparty/.config | |
| chown root:root /home/copyparty/.config/containers/systemd/copyparty.container | |
| chmod 664 /home/copyparty/.config/containers/systemd/copyparty.container | |
| sudo -H -i -u copyparty bash << EOF | |
| systemctl --user daemon-reload | |
| systemctl --user start copyparty | |
| EOF | |
| # Deploy HAProxy backend configuration (will need to add manually, or alter to use the reverse proxy of your choice) | |
| systemctl reload haproxy |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [global] | |
| e2dsa # enable file indexing and filesystem scanning | |
| e2ts # and enable multimedia indexing | |
| ansi # and colors in log messages | |
| q, lo: /var/log/copyparty/copyparty-%Y-%m-%d.log | |
| df: 16 # stop accepting uploads if less than 16 GB free disk space | |
| theme: 2 # monokai | |
| name: %COPYPARTY_DOMAIN% | |
| no-robots # make it harder for search engines to read your server | |
| i: unix:666:/dev/shm/copyparty.sock | |
| xff-hdr: X-Real-IP | |
| rproxy: 1 | |
| dav-auth | |
| [accounts] | |
| %COPYPARTY_USERNAME%: %COPYPARTY_PASSWORD% # username: password | |
| [/] | |
| /files/private | |
| accs: | |
| rwmda: %COPYPARTY_USERNAME% | |
| flags: | |
| gz | |
| daw | |
| [/share] | |
| /files/share | |
| accs: | |
| rwmda: %COPYPARTY_USERNAME% | |
| g: * | |
| flags: | |
| daw | |
| gz | |
| fk: 8 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Container] | |
| Image=docker.io/copyparty/ac:latest | |
| ContainerName=copyparty | |
| AutoUpdate=registry | |
| Network=pasta | |
| Environment=LD_PRELOAD=/usr/lib/libmimalloc-secure.so.2 | |
| Environment=PYTHONUNBUFFERED=1 | |
| Volume=/var/lib/haproxy/run:/dev/shm:z | |
| Volume=/var/lib/app_volumes/copyparty/config:/cfg:z | |
| Volume=/var/lib/app_volumes/copyparty/files:/files:z | |
| Volume=/home/copyparty/log:/var/log/copyparty:z | |
| Environment=PRTY_NO_TLS=1 | |
| StopTimeout=15 | |
| HealthCmd="socat UNIX-CONNECT:/var/lib/haproxy/run/copyparty.sock TCP-LISTEN:3923 & wget --spider -q http://127.0.0.1:3923/?reset=/._" | |
| HealthInterval=1m | |
| HealthTimeout=2s | |
| HealthRetries=5 | |
| HealthStartPeriod=15s | |
| NoNewPrivileges=true | |
| DropCapability=ALL | |
| [Unit] | |
| After=default.target | |
| [Install] | |
| WantedBy=multi-user.target default.target | |
| [Service] | |
| TimeoutStartSec=600 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # paste this into your config and route the frontend to it as desired. | |
| backend backend_copyparty | |
| mode http | |
| balance roundrobin | |
| option forwardfor | |
| http-request set-header X-Real-IP %[src] | |
| http-request set-header X-Forwarded-Proto https | |
| # Some additional security settings, optional | |
| http-response set-header X-Content-Type-Options nosniff | |
| http-response set-header X-Frame-Options DENY | |
| http-response set-header Content-Security-Policy "frame-ancestors 'none';" | |
| # Rewrite Destination header: https:// -> http:// | |
| # This is needed for WebDAV COPY/MOVE operations | |
| acl has_destination req.hdr(Destination) -m found | |
| http-request set-header Destination %[req.hdr(Destination),regsub(^https://,http://)] if has_destination | |
| # Copyparty runs on Unix domain socket, inside the chroot | |
| server copyparty unix@/run/copyparty.sock |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
manage the systemd unit like so