SkillAgentSearch skills...

SlimGet

Slim, lightweight, Docker-friendly implementation of a NuGet and symbol server, using ASP.NET Core

GenerateConvertImprove

Install / Use

/learn @Emzi0767/SlimGet
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

<p align="center"><img src="logo/slimget-logo.png" width="240" height="240"></p> <h1 align="center">SlimGet</h1>

SlimGet is a lightweight implementation of a NuGet and symbol server, powered by ASP.NET Core 2.2, designed to be ran in Docker. It's the software powering my NuGet feed at nuget.emzi0767.com.

Unlike alternative implementations, SlimGet is designed to host a single, local feed, with no upstream mirrors or similar functionality. It's designed only with .NET packages (and debug symbols) in mind, and is therefore not guaranteed to work with anything else (e.g. COM interop, native libraries, etc.).

The project was born out of need for a NuGet feed for CI artifacts of my projects, after my usual go-to provider ceased responding to all my support emails, and broke my builds in the process.

The web interface provides a simple, readonly view of the feed, which allows for browsing and downloading hosted packages, as well as viewing various metadata about them.

Provided are tools, which allow for issuing and revoking API tokens, allowing users to upload packages, as well as manage packages in a limited fashion.

In the future, I might provide more integrated means of managing users and packages.

Requirements

In order to run a SlimGet server, you need the following components installed and available on your system:

  • .NET Core 2.2 runtime with ASP.NET Core installed
  • PostgreSQL server 10 or better, with pg_trgm extension available
  • Redis server

Usage

The application is very easy and straightforward to set up, and complete guide is below. Before you begin, rename slimget.example.json to slimget.json and open it in your favourite text editor.

PostgreSQL Database

The application requires pre-made database with pg_trgm extension created, and a user to connect as. This is all fairly easy to set up.

  1. Connect to your PostgreSQL instance as the superuser (usually postgres) user. If you're unsure how to do it on your machine, consult PostgreSQL documentation for your operating system or distribution.
  2. Create a user for the application: create user slimget with nocreatedb nocreaterole encrypted password 'hunter2';. Of course, replace hunter2 with your desired password. Do not remove the quotes. You can also optionally replace slimget with your desired username. If you don't have an idea for a password, you can generate one on Linux using dd if=/dev/random bs=1024 count=1 2>/dev/null | sha256sum - | cut -d' ' -f1.
  3. Create a database for the user: create database slimget with owner='slimget';. Again, you can replace slimget (the database name) with anything your heart desires, so long as it's a valid database name. If you changed the username in step 2, make sure to replace the owner name (slimget, the one in quotes) with the username you chose.
  4. Connect to the newly-created database: \c slimget. If you changed the database name in step 3, replace slimget accordingly.
  5. Create the pg_trgm extension: create extension pg_trgm.
  6. Disconnect: \q.

At this point, you should switch to the editor with your SlimGet configuration, and edit the values in Storage.PostgreSQL section accordingly. Below are the explanations of the various configuration options:

  • Hostname: The hostname of your PostgreSQL server. If you're running locally, use "localhost". Bear in mind that this requires the server to be listening over TCP/IP sockets. If you're unsure how to enable TCP/IP listening, check out these documentation pages:
    • 19.3.1. Connection Settings - this page describes the configuration options in postgresql.conf (main configuration file) related to TCP/IP connections.
    • 20.1. pg_hba.conf file - this page describes configuring authentication and connection options for users and clients.
  • Port: The TCP port, on which the PostgreSQL server is listening.
  • Database: The name of the database to connect to. If you did change the database name in step 3, replace "slimget" with the name you chose (remember about quotation marks).
  • Username: The username you chose in step 2. If you did change the username, replace "slimget" with the name you chose (again, remember the quotation marks).
  • Password: The password you chose in step 2, wrapped in quotation marks.
  • UseSsl: If your server encrypts connections using SSL/TLS, set this to true, if you're unsure, or server does not offer encryption, set this to false. If you want to enable SSL/TLS on your server, check out the documentation on the subject:
  • AlwaysTrustServerCertificate: Whether the client should trust the server certificate unconditionally. This disables SSL certificate verification when connecting to your PostgreSQL server. If you're using a self-signed certificate, set this to true, otherwise it's strongly recommended you set this to false. This option has no effect if SSL is disabled.

Redis

Redis does not require any setup on the server itself. Simply edit the values in Storage.Redis accordingly. Below are explanations of the various options:

  • Hostname: The hostname of your Redis server. If you're running locally, use "localhost".
  • Port: The TCP port your Redis server is listening on.
  • Index: Database index to use for SlimGet. You can change this so that SlimGet does not interfere with other services that use Redis.
  • Password: The password for your Redis server. If your server does not require a password, set this to null (without quotation marks). For more information, consult Redis documentation:
  • UseSsl: If your Redis server encrypts connections using SSL/TLS, set this to true. Otherwise, set this to false.

File system and package storage

These settings control various aspects of the actual package for your feed. Explanations for the various options are below:

  • FileSystem: Contains options pertaining to physical storage.
    • StoragePath: The path where pushed packages, symbols, and manifests will be stored. This should be an absolute path.
  • Packages: Controls various aspects of the packages hosted in the feed.
    • EnablePruning: If enabled (set to true), your server will limit how many distinct versions of each package will be hosted at any given time. This is useful for restricting storage space.
    • LatestVersionRetainCount: Number of distinct package versions to retain. If pruning is enabled, this must be set to a positive number, which will define how many most recent package versions to retain. Any package versions over this limit will be deleted, starting with the oldest versions.
    • MaxPackageSizeBytes: Maximum size of an individual package upload, in bytes. Any packages that exceed this size will be rejected.
    • DeleteEndpointUnlists: Controls the behaviour of the package delete (DELETE /api/v2/package/{id}/{version}) endpoint. If this option is set to false, calling this endpoint with a valid ID, version, and token will delete the requested package version completely. If set to true, the package version will simply become unlisted.
    • ReadOnlyFeed: Controls whether the feed is read-only. Setting this to true will disable package push, delete, relist, as well as debug symbol push endpoints.
    • SymbolsEnabled: Controls whether this feed should support hosting and pushing debug symbols. Setting this to false will disable debug symbol push and download endpoints.

Server

Server section contains various options pertaining to the HTTP stack of SlimGet. These options are explained below:

  • SslCertificate: Configures the location and password for the certificate. The certificate needs to be in PKCS12 (usually .pfx or .p12) format, and needs to be protected with a non-empty password. See the certificate subsection for more details and information on how to generate a self-signed certificate for use with SlimGet.
    • Location: Full path to the certificate file. If set to null, HTTPS will be disabled, and SlimGet will only work over plain, unencrypted HTTP.
    • PasswordFile: Full path to the file containing the password to the certificate. Bear in mind that this file will be read verbatim, including all whitespace characters.
  • Listen: List of endpoints which SlimGet will bind to, in order to listen for HTTP(S) connections.
    • IpAddress: IP address to listen on. Use "0.0.0.0" to listen on all available interfaces and addresses.
    • Port: TCP port number to listen on.
    • UseSsl: Whether this endpoint uses HTTPS. Setting this to true will enable HTTPS for this endpoint.
  • MaxRequestSizeBytes: Maximum HTTP request size, in bytes. This should be greater than or equal to the value of Storage.Packages.MaxPackageSizeBytes.
  • TokenHmacKey: Password to use for generating all API tokens. This value should be kept secret. If you're unsure about a good password, you can use dd if=/dev/random bs=1024 count=1 2>/dev/null | sha256sum - | cut -d' ' -f1 on a Linux system to generate one.

SSL certificates

SlimGet can use any certificate for SSL, be it self-signed or proper CA-issued one. If you need to generate a self-signed certificate, you can use the following commands to do so:

echo -n "/C=US/ST=DC/L=Washington, D.C./O=White House/OU=NuGet Hosting/CN=nuget.example.com" > subject.txt
echo -n "hunter2" > certificate.pfx.pwd # replace hunter2 with your password, or...
# if you have no idea for a password, you can also do this
echo -n $(dd if=/dev/random bs=1024 count=1 2>/dev/null | sha256sum - | cut -d' ' -f1) > cert

Emzi0767

View profile

View on GitHub
GitHub Stars40
CategoryDevelopment
Updated1mo ago
Forks4
Emzi0767/SlimGet

Languages

C#

Security Score

95/100

Audited on Mar 1, 2026

No findings