Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Surfer
  3. Access Control of Surfer content

Access Control of Surfer content

Scheduled Pinned Locked Moved Solved Surfer
6 Posts 3 Posters 724 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S Offline
    S Offline
    senthilkumaran
    wrote on last edited by
    #1

    I know surfer is a static file server. I know, I can restrict the app with a username (ACL controlled by Cloudron).

    If my static site is accessed controlled, and I disallow any indexing. can I be certain that content is public?

    Use case I am thinking about.

    I normally keep my notes in sphinx-build format. I build them and serve them locally and do not publish it.
    I do that because, I want the convenience of copy pasting things, like Tokens, Credentials etc. It is a very important use-case to me. Even as I use both 1password and bitwarden.

    With surfer, I am thinking that I will be publishing my notes to a ACL'ed remote location and I can still use my work-flow of copy-pasting tokens and credentials - mostly for system administration purposes.

    Do you do this? Can I feel safe to do this with the ACL and password protection of the Surfer content?

    If I had a convenient web-application that will do authentication and but serve my sphinx generated site, I will love that. To me, surfer seems to be that.

    --
    Senthil

    fbartelsF 1 Reply Last reply
    0
    • fbartelsF Offline
      fbartelsF Offline
      fbartels App Dev
      replied to senthilkumaran on last edited by
      #2

      @senthilkumaran yes, surfer can do that. You would not even have to disallow indexing, as everything webcrawlers will see is a login prompt anyways.

      1 Reply Last reply
      1
      • nebulonN Offline
        nebulonN Offline
        nebulon Staff
        wrote on last edited by
        #3

        Yes, if I understand that correctly, either the password protection or the user restriction option should work. The section for this in the surfer settings is the following:

        a74849ea-ab29-442a-8627-4dc8bcf85ce2-image.png

        1 Reply Last reply
        0
        • S Offline
          S Offline
          senthilkumaran
          wrote on last edited by
          #4

          Thank you both @fbartels and @nebulon

          I believe https://github.com/cloudron-io/surfer/blob/master/src/auth.js is responsible for entire authentication verification before serving the content.

          • I can logout of /_admin/ using logout of admin file server.
          • But for the static content that is behind authentication, clearing cookies seems to be the only way to logout. Is there any other idea?

          Thanks again. My original question was answered and I find this functionality very useful for keeping my notes with credentials.

          --
          Senthil

          nebulonN 1 Reply Last reply
          0
          • nebulonN Offline
            nebulonN Offline
            nebulon Staff
            replied to senthilkumaran on last edited by
            #5

            @senthilkumaran there is no real way to logout otherwise, since I didn't want to add any kind of overlay with a button or so.

            S 1 Reply Last reply
            0
            • S Offline
              S Offline
              senthilkumaran
              replied to nebulon on last edited by
              #6

              @nebulon said in Access Control of Surfer content:

              there is no real way to logout otherwise, since I didn't want to add any kind of overlay with a button or so.

              Got it. Thanks for closing on this topic.

              --
              Senthil

              1 Reply Last reply
              0

              • Login
              • Don't have an account? Register
              • Login or register to search.
              • First post
                Last post
              0
              • Categories
              • Recent
              • Tags
              • Popular
              • Bookmarks
              • Search