/libresign

✍️ Nextcloud app to sign PDF documents

Primary LanguageJavaScriptGNU Affero General Public License v3.0AGPL-3.0

Test Status Coverage Status Start contributing

LibreSign

Nextcloud app to sign PDF documents.

At the moment file signature requests must be requested via webhook. Read the documentation for more information.

Setup

Java and JSignPDF

Add the follow to Nextcloud PHP container Dockerfile

# Install Java and JsignPDF
RUN apt-get update # Only include this line if necessary
RUN mkdir -p /usr/share/man/man1
RUN apt-get install -y default-jre unzip
RUN curl -OL https://sourceforge.net/projects/jsignpdf/files/stable/JSignPdf%202.0.0/jsignpdf-2.0.0.zip \
    && unzip jsignpdf-2.0.0.zip -d /opt \
    && rm jsignpdf-2.0.0.zip

With CFSS server

Don't is necessary if you use a docker setup

Up a cfssl server using this code:

https://github.com/cloudflare/cfssl

The URL of server you will use in Admin settings

With docker-compose

  • Create a folder named cfssl in the same folder as your docker-compose.yml file. This folder will be used on one volume of the cfssl service.
  • put the file /cfssl/entrypoint.sh in cfssl folder
  • Add the volume ./cfssl:/cfssl in Nextcloud php service
  • Create a new server using the following code in your docker-compose.yml file:
  cfssl:
    image: cfssl/cfssl
    volumes:
      - ./cfssl:/cfssl
    working_dir: /cfssl
    entrypoint: /bin/bash
    command:
      - /cfssl/entrypoint.sh

Admin settings

Go to Settings > LibreSign and fill the necessary values for root certificate:

CN: CommonName
OU: OrganizationalUnit
O: Organization
C: CountryName
API: http://cfssl:8888/api/v1/cfssl/
Config path: /cfssl/

Go to Settings > Basic Settings and configure email settings. Is mandatory.

Validation page

The validation can be done on a page without access restriction informing the file UUID or the file to be validated.

Route Description
/apps/libresign/validation Document validation home page. On this page it is possible to send a binary or enter a file UUID for validation.
/apps/libresign/validation/ Enter the UUID of the file in the URL and go straight to the page informing the signature data.

To have a short URL at the bottom of the document, you can add these directives to your Nginx. Replace domains with those for your application.

server {
    listen 80;
    server_name validate.yourdomain.coop;
    location ~ "\/(?<uuid>[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12})" {
        rewrite ^ $scheme://cloud.yourdomain.coop/apps/libresign/validation/$uuid;
    }
    location ~ / {
        return 301 $scheme://cloud.yourdomain.coop/apps/libresign/validation;
    }
}

With this configuration when accessing validate.yourdomain.coop/b9809a7e-ab6e-11eb-bcbc-0242ac130002 you will be redirected to cloud.yourdomain.coop/apps/libresign/validation/b9809a7e-ab6e-11eb-bcbc-0242ac130002

Integrations

  • GLPI: Plugin to sign GLPI tickets
  • Approval: Approve/reject files based on workflows defined by admins

Full documentation

here

Contributing

here