knowledge/technology/applications/web/dufs.md

---
obj: application
repo: https://github.com/sigoden/dufs
---

# dufs
Dufs is a distinctive utility file server that supports static serving, uploading, searching, accessing control, [webdav](../../internet/WebDAV.md).

![Screenshot][Screenshot]

## Features
- Serve static files
- Download folder as [zip](../../files/ZIP.md) file
- Upload files and folders (Drag & Drop)
- Create/Edit/Search files
- Partial responses (Parallel/Resume download)
- Access control
- Support https
- Support [webdav](../../internet/WebDAV.md)
- Easy to use with [curl](../cli/network/curl.md)

## Usage
Usage: `dufs [OPTIONS] [serve-path]`

### Options
| Option                  | Description                                                                                         |
| ----------------------- | --------------------------------------------------------------------------------------------------- |
| `-c, --config <config>` | Specify configuration file                                                                          |
| `-b, --bind <addrs>`    | Specify bind address or unix socket                                                                 |
| `-p, --port <port>`     | Specify port to listen on \[default: 5000]                                                          |
| `--path-prefix <path>`  | Specify a path prefix                                                                               |
| `--hidden <value>`      | Hide paths from directory listings, e.g. `tmp,*.log,*.lock`                                         |
| `-a, --auth <rules>`    | Add auth roles, e.g. `user:pass@/dir1:rw,/dir2`                                                     |
| `-A, --allow-all`       | Allow all operations                                                                                |
| `--allow-upload`        | Allow upload files/folders                                                                          |
| `--allow-delete`        | Allow delete files/folders                                                                          |
| `--allow-search`        | Allow search files/folders                                                                          |
| `--allow-symlink`       | Allow symlink to files/folders outside root directory                                               |
| `--allow-archive`       | Allow [zip](../../files/ZIP.md) archive generation                                                                        |
| `--enable-cors`         | Enable CORS, sets `Access-Control-Allow-Origin: *`                                                  |
| `--render-index`        | Serve `index.html` when requesting a directory, returns 404 if not found `index.html`               |
| `--render-try-index`    | Serve `index.html` when requesting a directory, returns directory listing if not found `index.html` |
| `--assets <path>`       | Set the path to the assets directory for overriding the built-in assets                             |
| `--log-format <format>` | Customize [http](../../internet/HTTP.md) log format                                                                           |
| `--tls-cert <path>`     | Path to an SSL/TLS certificate to serve with HTTPS                                                  |
| `--tls-key <path>`      | Path to the SSL/TLS certificate's private key                                                       |

### Access Control
Dufs supports account based access control. You can control who can do what on which path with `--auth`/`-a`.
```
dufs -a user:pass@/path1:rw,/path2 -a user2:pass2@/path3 -a @/path4
```

1. Use `@` to separate the account and paths. No account means anonymous user.
2. Use `:` to separate the username and password of the account.
3. Use `,` to separate paths.
4. Use `:rw` suffix to indicate that the account has read-write permission on the path.

Examples:
- `-a admin:amdin@/:rw`: `admin` has complete permissions for all paths.
- `-a guest:guest@/`: `guest` has read-only permissions for all paths.
- `-a user:pass@/dir1:rw,/dir2`: `user` has complete permissions for `/dir1/*`, has read-only permissions for `/dir2/`.
- `-a @/`: All paths is publicly accessible, everyone can view/download it.

### Hide Paths
Dufs supports hiding paths from directory listings via option `--hidden <glob>,...`.

```
dufs --hidden .git,.DS_Store,tmp
```

> The glob used in --hidden only matches file and directory names, not paths. So `--hidden dir1/file` is invalid.

```shell
dufs --hidden '.*'                          # hidden dotfiles
dufs --hidden '*/'                          # hidden all folders
dufs --hidden '*.log,*.lock'                # hidden by exts
dufs --hidden '*.log' --hidden '*.lock'
```

### Log Format
Dufs supports customize [http](../../internet/HTTP.md) log format with option `--log-format`.

The log format can use following variables.

| variable       | description                                                                   |
| -------------- | ----------------------------------------------------------------------------- |
| `$remote_addr` | client address                                                                |
| `$remote_user` | user name supplied with authentication                                        |
| `$request`     | full original request line                                                    |
| `$status`      | response status                                                               | 
| `$http_`       | arbitrary request header field. examples: `$http_user_agent`, `$http_referer` |

The default log format is `'$remote_addr "$request" $status'`.
```
2022-08-06T06:59:31+08:00 INFO - 127.0.0.1 "GET /" 200
```

### Environment variables
All options can be set using [environment variables](../../linux/Environment%20Variables.md) prefixed with `DUFS_`.

| Option                  | Environment Variable         |
| ----------------------- | ---------------------------- |
| `[serve-path]`          | DUFS_SERVE_PATH="."          |
| `--config <path>`       | DUFS_CONFIG=config.yaml      |
| `-b, --bind <addrs>`    | DUFS_BIND=0.0.0.0            |
| `-p, --port <port>`     | DUFS_PORT=5000               |
| `--path-prefix <path>`  | DUFS_PATH_PREFIX=/static     |
| `--hidden <value>`      | DUFS_HIDDEN=tmp,*.log,*.lock |
| `-a, --auth <rules>`    | DUFS_AUTH="admin:admin@/:rw" |
| `-A, --allow-all`       | DUFS_ALLOW_ALL=true          |
| `--allow-upload`        | DUFS_ALLOW_UPLOAD=true       |
| `--allow-delete`        | DUFS_ALLOW_DELETE=true       |
| `--allow-search`        | DUFS_ALLOW_SEARCH=true       |
| `--allow-symlink`       | DUFS_ALLOW_SYMLINK=true      |
| `--allow-archive`       | DUFS_ALLOW_ARCHIVE=true      |
| `--enable-cors`         | DUFS_ENABLE_CORS=true        |
| `--render-index`        | DUFS_RENDER_INDEX=true       |
| `--render-try-index`    | DUFS_RENDER_TRY_INDEX=true   |
| `--render-spa`          | DUFS_RENDER_SPA=true         |
| `--assets <path>`       | DUFS_ASSETS=/assets          |
| `--log-format <format>` | DUFS_LOG_FORMAT=""           |
| `--tls-cert <path>`     | DUFS_TLS_CERT=cert.pem       |
| `--tls-key <path>`      | DUFS_TLS_KEY=key.pem         |

### Configuration File
You can specify and use the configuration file by selecting the option `--config <path-to-config.yaml>`.

The following are the configuration items:
```yaml
serve-path: '.'
bind: 0.0.0.0
port: 5000
path-prefix: /dufs
hidden:
  - tmp
  - '*.log'
  - '*.lock'
auth:
  - admin:admin@/:rw
  - user:pass@/src:rw,/share
allow-all: false
allow-upload: true
allow-delete: true
allow-search: true
allow-symlink: true
allow-archive: true
enable-cors: true
render-index: true
render-try-index: true
render-spa: true
assets: ./assets/
log-format: '$remote_addr "$request" $status $http_user_agent'
tls-cert: tests/data/cert.pem
tls-key: tests/data/key_pkcs1.pem
```

## Docker Compose
```yml
version: '3.3'
services:
    dufs_data:
        volumes:
            - /data:/data
        ports:
            - '5000:5000'
        image: sigoden/dufs
        command: /data -A
        restart: always
```

[Screenshot]: data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABP8AAANLCAMAAAAJvMiEAAADAFBMVEX////x8/T6+vokKS8CZtfc3d2Fl7BbXV8AAADy7/IuLC7//+rh5es/Pz/m//+/v7////jCy9h/gID3///C////y4G1YhtGsPFwzv+jYtb//+Hd/v8CZ9+fn58AZ7P/++LN//9KJy5Wt/ZtJiyJ0P8kKTb//vLOzs9fY2eZ6v8Am+z//cojKG8kKZEPDw//5qf/zdmSlJb2rF7aldS9eNQAfuTv/v///tNNUVOn6P9XMSyUIik1ZdbU2NwBjdas9v//6rIjLEjg4OHahwD+y4tpa2//5ttvZdb1sNR+1f/ByteksMR/yPkhNFzp7fAkKVX/0pSv7///9LlOOy8kKD3/3Z8YRqDYiT73t3O7+v//wHvook0KcbtvvfP0164yNjz/+OwzgcTtqmEwpeX+5caZatY7ntnrtnyiPiUgICGR1f7Wj0uvsLEgNIYjKH2BXVetrrB8JSuLJinfmlH9vNaS3v1pxf1Rgb+wUCBmXFvF6P0Ag8hUr+wAm94FWK3/8tHeqndwbm1cZNbR7fwAceDCflX+6eYXoeHgljekzu/E9//XhBbLfQh1eXzf9fz/7t5QZ9dfJSyf3frU8fWUx+/Edkfw+P8CkekvcdoXSYZ8sNeFZdZ0OCqVu+TOi9S4aClcXoPS9f8qj9WGiYv73N7txJhecKWsX1iURSZ6muMgNnFrTz5/xuu43fRHqec2fbOmdWPgntU0KC0iQFXy8d0bUZfBbhRIl86ReWScXS9IX3gEecJtr96rgtZnbotcXKP6wYSEa2tErO3tsNYwWXlltO/FgdRhnMwig+Nib9hehN6Zq7+5ltiBedfcsogpR3C5gmrx8cQVX5rsp9VBmeqtiHIglNZhiLn306FVJSy79PTgkzWCUCzMl2s/Q0dcXG1ljbGbZmStbS6s5vcuRaBbo+Xou9rIqdpMcZHo+v68gNXuyt1QkuWYg9e0vc9Adtz1stZ7aNYgNZWVnJvGpYbastlPftxwiZvYxK6nUlU+M3zu3syxyq18w8OYaUqZn65z6H93AACxM0lEQVR42uycW+gNQRzH90eUUpvz4I0SOqtI55WOONk3FuWWW7kUq5NcIiHxRhzl9kA8bST3OLlEQuRBuZVcIrcXzyhCmN/M7I5da51xSez3k/7/+e/u7IyXT7/5/WbWAQAAUAa6dOlCAAAgcUoE1AcAKKf/YD8AQDn9B/sBAErqPwIAgHL6jwAAoJz+IwAAKKf/CAAAyuk/AgCAcvoPlV8AQEn9B/0BAH7Gf9Rw7KEutj2Cer1uunc8zq+tfhvVarVOAIAS4xTQ8D3XXn+uS1byW9zymJqrxqx12K9PhX4+/Av6qEFbfRoEACgrxfrz6vbrTddKgE0voVXnMaMO9ed5lcbPhn+LfS+hDwEASkqx/lzHnp4WAqRIRn5i/etWRMsVY0Yd6k/gN34q/Atey0GrjarLrUpA3zDr0jUCAPzvWOjvDwiw5nlRoNtVMaD4F3WoP7/SiQApBzFopU6KBv9BGX7Of/fXzyTJfH+hesnZo/ptn06EJ++tEq3bS0PN4OVE5u7N3Vso4cPxfuHJa9uJDD1uvF9OCbef+ZLzxOw74/tvN+qud9f7F/S7Przh9nYCAHyPDvT35wTYFMvP9JAd+Y8iVh9JAdr7b7HnvSbD65wlcMZ/+yo7SNB+87TIJo8vPCSmfXy/eKzHu0dhqPw3td/Al9Gj8OA2ce9uJDnzYPJDUlwUdyvDwtkBae737/qycihcq8ZSAw8LB6f8d+E1w9Lr8di/8Lq23j8sJ7ref/v6kn8tkP8F0T7j34MAAfguxfr7swIkXu3a+y8WH9X4t+3yN/B1wNcnkt7jt9QpRdZ/6/wxRKydApnEXXQcOGlruOuu9t/mY9xtWXguoJg5Xa+S4vbSXS+I2r2TC+2Vg8VoPXaGc0kzPex67LnyX3Z2rLxr2/mKkC97kd91yx/DPy/skHY8TwCA72CpP3sBFod/QWpMJupQf/EyuGHpP9GnQUzkRSRgIdYoxU/5b90FaSgdB95/sjeYpv33ZrvsvWCRDvlYekl0Nye8TILxD/rqFfDFEyPkI0tePYwfeXmENuf6T2ruhZqikO588UNw/9K9LcLC19Sc9z8kAEA+Rfr70wKseLXUmJKoQ/0ZAdr5r6VXv3H8J41IKaRh2jcuqfTZOp+58FEl3a4J5ex/OOuMyK3tJeGX4+wX2RDSYYyc2H+G9krjv+kTZ8ZXTw0eRCTtOIEkmyZK2fY4Nc4Yj2L/jWQFC7clQd1Idp2AdRe7sM1zeiyTkGzjbQQA6Nx/gVBRpZmm8aNCa7c0VSHALk4xKcm6TYX7Y/3xzr/OBEjfUBeDfnupSimExJ4+lmk14bJ9r8+ITNrnXm9ql0TabS/77+P6t3zzPD+oPXNRxYgmDkz7jw2nAzoO//puiZvDdSIwDvDavRe9IGZZuII05vZonxU3Ol7Uxk0Vm4pYj6NK6TztQhW7AgDyyY/LcgicQtw8irs0fmJ7IfHcmubvutwGY+G/aiI7d3EswqwSpdZ0Wu0Fpde/Mr8mYip9sx3Hf4/173YcB2b9N1WsazVzkvCPhi7pq5y1WeqONTlEvWh6qrf237wz/PbRMiC9zh3nJ/7b/1DEgtp//pgkLp2PBCAAVv5b7H1LxSmm6n5LtbhL3cJ/pk/Wf4I+dv4jxuT/2H+LKYUWnzQJ5fiP9aXSbaaD1sz99Treyvhv1p5dSfi3wNR2729dTZLpyn8mNTgtx3+afaL2G4kF+JFkanJRrlfe8mKSqxwN/wFgl/8za8yfpi71V4wIxRxLqFbL+i+KLOO/OgnS/mtSmlk6lFqX6z+dUjOZvkz1Q5I22L7+YvuLZmp4mRT2/jO0H/v3tsB/APwKBUm2X9VfF+cH+N7ibOaxg0GN/0wMaeU/l5jYfzn5P6O2fP+ppaXxX27142uD9Vh24s4RkugMn4L9J3fFxGUP9p9OCM4J11BMjv94pX3hBU9NT8D4j2sfOheoglQAQD5FVYY/pT9TvGhlV7f+n/Yf+br+a/zH23AohaX/cqsfZPzXft719BaKmdR/NWlMuBcLzpSJl3XN1j+yPPYHZOof90z9I57kOvEQACCfwjLrn9KfkVczNWjrp/xnt//ltedL25n9fy3dMBT7Ly6txu4xSlRxoML4r9177A4yTDdik7qTLzPV4c3jpLB68MYYQ77/tumJ5u5/2aYeEtcAAPkU7zP5I/ozRJ7XSJ/qdf+4/xqe3O5s9v8t/mb5+yP/qT/lFjvFfVX9UHGgxvhvSspdcvlr2KAOfox/EFeHp4Zz5WBL+hqT5viPXStSjW3xQ010YTLP+zz5i/55PectBACw8J8R4B/Sn9nz7Fe/1l/k/HH/UZ90ucMVo1KatP90Dk2fpZD+23+E+OSZ0KHa/7JOBVlqF4xG+49Ndi4gw9BEbPP7rREj9Vfn38Zu0xduHxi7kM+/jZrJReMZ8tn0/pd2cxXJ+sc1ObdrW+J6zchLYmKyPiPtuE2ef9tBAAAb/xkB/hH9Gaq8e0WFgG5L+9bef3YJwKDiea+1kWT01wooTdZ/9y/5tdoLDvjevt7NfrkrPy0gBMO3FgrXXIu7nSeD9t/9rbsixW4SXFTxHa9wQ977t+wEf/+g69HkwsV+/P2DrrMDjgWV9hL/XRT7n1nAcvt1shtR/KFK0vPV9w/EJFjPcpLXAgIA2PjPCNB1bOlhoT996q0VRRVPEFEnXeTzMRVr/ykB+ovrotVotkSzThmy/qN9l9g71L4rznzIZJ84G+d3X0X6/NtFtRDWcWBM7L+LYYyse5hzHXNOrJEvfxR2vbLRXOAPYnW9sle2lmTiv5FyObuvst588qodz0V2yH4Lay8BACz8Z6CaHzi2dLHQn4CanqbVoWtbXpqG9efvg5pniAKyQRc7DKnqB5JtAPxLOH8dcptRFDUbHYeMUYqmUwjlUo0NWKmSHTn+M9UPnLUF4J/C+c/pQvkE1cWLF7sBWZP1n9xiom/gW1MA/FM