Peer-to-peer file transfers in your browser deployed with Cloudflare

Cooked up by Alex Kern & Neeraj Baid while eating Sliver @ UC Berkeley.

Made deployable by Fares Abawi using Cloudflare Tunnel.

Using WebRTC, FilePizza eliminates the initial upload step required by other web-based file sharing services. Because data is never stored in an intermediary server, the transfer is fast, private, and secure.

A hosted instance of the Cloudflare deployed FilePizza is available at filepizza.emaily.re.

API requirements

To use the FilePizza in your own apps, we created an unofficial filepizza-client API which is designed to work with this FilePizza fork.

You'd first need to install this package locally or remotely (deployed with Cloudflare Tunnel). The filepizza-client API runs by default on http://localhost:8081 which is automatically configured in the docker-compose.yml.

For hosting the API and this package remotely, you'd have to modify the API_ORIGINS variable in the .env file (a copy of the provided envfile) to include the domain or sub-domain where the API is hosted.

What's new with FilePizza v2

• A new UI with dark mode support, now built on modern browser technologies.
• Works on most mobile browsers, including Mobile Safari.
• Transfers are now directly from the uploader to the downloader's browser (WebRTC without WebTorrent) with faster handshakes.
• Uploaders can monitor the progress of the transfer and stop it if they want.
• Better security and safety measures with password protection and reporting.
• Support for uploading multiple files at once, which downloaders receive as a zip file.
• Streaming downloads with a Service Worker.
• Out-of-process storage of server state using Redis.

Development

$ git clone https://github.com/kern/filepizza.git
$ pnpm install
$ pnpm dev
$ pnpm build
$ pnpm start

Running with Docker

$ pnpm docker:local:build
$ pnpm docker:local:up
$ pnpm docker:local:down

Deployment with Cloudflare Tunnel

You can deploy FilePizza using Cloudflare Tunnel for easy hosting without port forwarding or complex network configuration.

Prerequisites

1. A Cloudflare account with your domain added
2. Cloudflare Global API token
3. Docker and Docker Compose installed

Setup

1. Get your Cloudflare API token: Go to Cloudflare dashboard → My Profile → API Tokens → Global API Key

2. Configure environment: Copy the envfile to .env and fill in your details:

   cp envfile .env
   # Edit .env with your values

3. Build and deploy:

   npm run docker:build
   npm run deploy:full

4. Manual deployment (if you prefer):

   # Build the Docker image
   npm run docker:build
   
   # Start the application stack
   npm run docker:up
   
   # Set up and start Cloudflare tunnel
   npm run tunnel:setup
   npm run tunnel:start

Usage

Once deployed, your FilePizza instance will be available at https://your-domain.com. Users can access the web interface to share files peer-to-peer.

CORS Configuration

FilePizza supports CORS configuration through the API_ORIGINS environment variable for external API access:

# Allow specific origins
API_ORIGINS=https://myapp.com,https://myapp.dev,https://localhost:3000

# Allow all origins (not recommended for production)
API_ORIGINS=*

# No external API access (if not specified)
# API_ORIGINS=

Important: Always specify the exact origins that should be allowed to access your FilePizza API in production environments for security.

Environment Variables

Create a .env file based on envfile:

• HOST_DOMAIN: Your domain/subdomain for FilePizza
• CLOUDFLARE_API_KEY: Your Cloudflare Global API token
• API_ORIGINS: Comma-separated list of allowed origins for CORS
• EXTERNAL_IP: Your external IP (for TURN server)
• TURN_SECRET: Secret for TURN server authentication
• NODE_ENV: Environment (production/development)

Manual Tunnel Setup

If you need to set up the tunnel manually:

./scripts/run_filepizza_cloudflare_tunnel.sh "your-api-key" "your-domain.com"

Stack

• Next.js
• Tailwind
• TypeScript
• React
• PeerJS for WebRTC
• View Transitions
• Redis (optional)

FAQ

How are my files sent? Your files are sent directly from your browser to the downloader's browser. They never pass through our servers. FilePizza uses WebRTC to send files. This requires that the uploader leave their browser window open until the transfer is complete.

Can multiple people download my file at once? Yes! Just send them your short or long URL.

How big can my files be? As big as your browser can handle.

What happens when I close my browser? The URLs for your files will no longer work. If a downloader has completed the transfer, that downloader will continue to seed to incomplete downloaders, but no new downloads may be initiated.

Are my files encrypted? Yes, all WebRTC communications are automatically encrypted using public-key cryptography because of DTLS. You can add an optional password to your upload for an extra layer of security.

License & Acknowledgements

FilePizza is released under the BSD 3-Clause license. A huge thanks to iblowyourdesign for the pizza illustration.