Cloudron Access Control Not Working for Surfer App (Vite/React SPA)
-
Hi All. I'm hoping someone can help me troubleshoot an issue with Access Control on a Surfer-hosted application.
Setup:
Cloudron Version: 8.3.1
App: Surfer 6.3.1
Application Type: Static Single Page Application built with Vite/React. Deployed by uploading the dist folder contents + a custom env-config.js file to the Surfer web root.Problem:
I'm trying to restrict access to this application using Cloudron's built-in Access Control. I tried in Surfer app's settings both "Allow all users from this Cloudron" and "Only allow the following users and groups" (selecting specific, valid Cloudron users). In both cases, after clicking "Save" and restarting the Surfer application instance, the application's URL remains publicly accessible when tested in a new private/incognito browser window. I am never prompted with the Cloudron login screen.Any pointers on what might be misconfigured or how to further diagnose why the host Nginx isn't enforcing the access control?
-
ah, so the ACL settings from Cloudron only set the users who can login to surfer. Surfer itself has an admin page to upload and manage files. This is one place where the Cloudron ACLs apply.
However surfer also has its own way of restricting further the public page itself. This is in the surfer settings in the admin UI itself. There you may either set a password or restrict to all users who have access to this app. This is what you probably want to set.
Also note that restart the app is not required for changes in either ACL sets.
-
N nebulon marked this topic as a question
-
Ah! This is what I needed: Surfer itself has an admin page to upload and manage files.
Thanks -
N nebulon has marked this topic as solved