Solved Access Control of Surfer content
I know surfer is a static file server. I know, I can restrict the app with a username (ACL controlled by Cloudron).
If my static site is accessed controlled, and I disallow any indexing. can I be certain that content is public?
Use case I am thinking about.
I normally keep my notes in sphinx-build format. I build them and serve them locally and do not publish it.
I do that because, I want the convenience of copy pasting things, like Tokens, Credentials etc. It is a very important use-case to me. Even as I use both 1password and bitwarden.
With surfer, I am thinking that I will be publishing my notes to a ACL'ed remote location and I can still use my work-flow of copy-pasting tokens and credentials - mostly for system administration purposes.
Do you do this? Can I feel safe to do this with the ACL and password protection of the Surfer content?
If I had a convenient web-application that will do authentication and but serve my sphinx generated site, I will love that. To me, surfer seems to be that.
@senthilkumaran yes, surfer can do that. You would not even have to disallow indexing, as everything webcrawlers will see is a login prompt anyways.
Yes, if I understand that correctly, either the password protection or the user restriction option should work. The section for this in the surfer settings is the following:
Thank you both @fbartels and @nebulon
I believe https://github.com/cloudron-io/surfer/blob/master/src/auth.js is responsible for entire authentication verification before serving the content.
- I can logout of
/_admin/using logout of admin file server.
- But for the static content that is behind authentication, clearing cookies seems to be the only way to logout. Is there any other idea?
Thanks again. My original question was answered and I find this functionality very useful for keeping my notes with credentials.
- I can logout of
@senthilkumaran there is no real way to logout otherwise, since I didn't want to add any kind of overlay with a button or so.
@nebulon said in Access Control of Surfer content:
there is no real way to logout otherwise, since I didn't want to add any kind of overlay with a button or so.
Got it. Thanks for closing on this topic.