DEV.co
Open-Source DevOps · Forceu

Gokapi

Gokapi is a self-hosted file-sharing service written in Go that replaces Firefox Send. It supports automatic expiration, end-to-end encryption, cloud storage (S3/Backblaze B2), and user management with role-based access control.

Source: GitHub — github.com/Forceu/Gokapi
2.8k
GitHub stars
132
Forks
Go
Primary language
AGPL-3.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryForceu/Gokapi
OwnerForceu
Primary languageGo
LicenseAGPL-3.0 — OSI-approved
Stars2.8k
Forks132
Open issues37
Latest releasev2.2.4 (2026-03-10)
Last updated2026-05-20
Sourcehttps://github.com/Forceu/Gokapi

What Gokapi is

Go-based REST API server with built-in file deduplication, optional end-to-end encryption, OpenID Connect support, and flexible backend storage (local filesystem or S3-compatible). Deployable as bare binary, Docker container, or on bare metal with minimal resource requirements.

Quickstart

Get the Gokapi source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Forceu/Gokapi.gitcd Gokapi# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Secure internal file distribution

Organizations needing to share files internally with controlled expiration, user roles, and audit trails without public upload capability.

Self-hosted file request workflow

Teams collecting files from external parties via shareable links that create audit trails visible only to the request creator, eliminating email attachment friction.

Data sovereignty with cloud flexibility

Enterprises requiring on-premises or private cloud deployment with optional integration to S3-compatible storage (AWS, Backblaze B2) for cost-effective archival.

Implementation considerations

  • Verify AGPL-3.0 compliance with legal/procurement before production use, especially if integrating into proprietary systems or SaaS offerings.
  • Plan for storage backend early: local filesystem suitable for small deployments; S3-compatible backend required for multi-node or high-availability setups.
  • Configure OpenID Connect (Authelia, Keycloak) for centralized identity if integrating with existing corporate directory; local user management available but not suited for large user bases.
  • Set up automated certificate management (Let's Encrypt) and reverse proxy (nginx) for HTTPS in production; Go binary alone does not handle TLS termination.
  • Test file deduplication behavior and encryption key rotation procedures before storing sensitive data; no mention of key escrow or recovery policies.

When to avoid it — and what to weigh

  • Public file hosting required — Gokapi explicitly blocks public uploads—it is designed for registered users only. Not suitable for public crowdsourcing or anonymous file submission platforms.
  • Enterprise SLA/support expectations — This is a community-driven open-source project. No commercial support, SLA, or guaranteed response times are available. Maintenance depends on volunteer contributors.
  • AGPL-3.0 license incompatibility — If you distribute or integrate Gokapi into a proprietary application, AGPL-3.0 requires you to release source code. Review license obligations carefully before adoption.
  • Scale requirements in the millions of files — Unknown how Gokapi performs under extreme scale; testing at enterprise-grade volume is not documented. May require custom tuning or alternative solutions.

License & commercial use

Licensed under AGPL-3.0 (GNU Affero General Public License v3.0). This is a copyleft license requiring all modifications and network-distributed derivatives to release source code. Commercial use is permitted, but commercial distribution or SaaS deployment requires compliance review.

Commercial use is technically allowed under AGPL-3.0, but requires careful legal review. If you distribute Gokapi (including as a SaaS service or embedded in a larger product), you must release your modifications under AGPL-3.0 and make source available to users. Internal enterprise use without distribution has fewer restrictions. Consult legal counsel before proceeding.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityLow
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Project claims built-in encryption and end-to-end encrypted uploads; no independent security audit or penetration test results are documented. AGPL-3.0 license model provides transparency through open-source access, but code review and vulnerability disclosure practices are not stated. Verify encryption implementation (cipher suite, key derivation, salt handling) and establish a responsible disclosure process before production use. TLS/HTTPS configuration and certificate pinning are not mentioned; rely on standard reverse proxy security hardening.

Alternatives to consider

Synology Moments or equivalent NAS solutions

Provides file sharing on existing hardware; includes managed backup, native mobile apps, and enterprise support—but less granular control over expiration and permissions.

Nextcloud with 'Share' plugin

Full-featured self-hosted content collaboration platform with file sharing, versioning, and user management. More complex to deploy but richer feature set and larger community.

Seafile

Self-hosted file sync and sharing with team collaboration; simpler than Nextcloud, support for S3 storage. Commercial enterprise support available, but not AGPL-licensed.

Software development agency

Build on Gokapi with DEV.co software developers

Review the AGPL-3.0 license implications with legal, plan your storage backend, and test OpenID Connect integration before production deployment. Devco can help architect secure, scalable self-hosted file-sharing infrastructure tailored to your compliance requirements.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

Gokapi FAQ

Can I use Gokapi as a public file hosting service?
No. Gokapi explicitly disables public uploads; only registered users can upload files. It is designed for controlled internal sharing, not public crowdsourcing platforms.
What happens if I use Gokapi in a commercial SaaS product?
AGPL-3.0 requires you to release all modifications and source code to end users. If you embed Gokapi into a larger proprietary application, your entire application may fall under AGPL-3.0 obligations. Legal review is essential.
How does encryption work, and is my data truly private?
Gokapi supports optional end-to-end encryption for uploads and file shares. However, no independent security audit is documented. Encryption implementation details (cipher, key derivation, salt) require code review to verify privacy claims.
Is enterprise support or SLA available?
No. Gokapi is community-driven open-source software. Maintenance depends on volunteer contributors. For production use with SLA guarantees, consider commercial alternatives (Seafile, Nextcloud with enterprise licensing) or budget internal resources for support.

Custom software development services

DEV.co is a software development agency delivering custom software development services to companies building on open source. Our software developers and web developers design, integrate, and ship production systems — spanning web development, APIs, AI, data, and cloud. If Gokapi is part of your open-source devops roadmap, our team can implement, customize, migrate, and maintain it.

Ready to evaluate Gokapi for your team?

Review the AGPL-3.0 license implications with legal, plan your storage backend, and test OpenID Connect integration before production deployment. Devco can help architect secure, scalable self-hosted file-sharing infrastructure tailored to your compliance requirements.