How to use Pairdrop outside my home network?

[volcs0]

Right now, I'm running Pairdrop on a server at home. It works great, when I'm at home or VPN'd in.

But I'd like to be able to use it when I'm not at home. I would normally use Cloudflare to create a tunnel to the app, but then I would rely on the app's authentication system to make sure only I (or a designated user) could use it. I could use Cloudflare's Zero Trust to create an authentication scheme. But I was wondering if this is the right way to do this? Is there an authentication method I'm not seeing? I'd prefer not to expose my implementation to the public, if possible.

[schlagmichdoch]

I don't know about Cloudflare but I believe you would then need to deploy a TURN server alongside PairDrop: https://github.com/schlagmichdoch/PairDrop/blob/master/docs/host-your-own.md#turn-server-for-internet-transfer

Is there an authentication method I'm not seeing?

There is no authentication method built in as this would probably require a database which PairDrop intentionally lacks so it's up to the admin to setup any authentication if wanted. (Example for NGINX)
Is this what you were asking about?

[volcs0]

Thanks for this. If I am not at home and want to share files with the person next to me, I would need a way for both of us to access the instance on my home server. So, I either open it up to the world - or I put something in front of it to regulate access. One way to do this is with Cloudflare. I just wanted to make sure that I wasn't missing some other way to do this. Obviously, I could use pairdrop.net, but I'd also like to use my own server for this. Thanks for a great product - going to be very useful.

[schlagmichdoch]

Alright! How would you go about sharing that access via Cloudflare? Would you whitelist an IP? Would you set a password? How would an ideal authentication built into PairDrop look like in your opinion?

FYI: If you just don't want to trust the client files hosted on pairdrop.net but you want to be able to connect to devices using pairdrop.net, since v1.10.0 you can set up your instance to use another signaling server: https://github.com/schlagmichdoch/PairDrop/blob/master/docs/host-your-own.md#specify-signaling-server

[volcs0]

The nice thing about Cloudflare is that it allows you to point to an application on your home server without opening up any ports. You just install the CF container on the server and tell CF how to route subdomain requests. It will then create the tunnel for each application. Unfortunately, none of the authentication methods at Cloudflare are particularly convenient, so in most cases, I rely on the user authentication and authorization built into the app I'm hosting. Most of Cloudflare's methods involve a process like entering an approved email and getting a passcode. You can whitelist with other methods, as you suggest (e.g., IP range). Ideally PairDrop could have a strong user authentication system one could use (user/pass), but I understand the desire to keep things open and simple. I am just worried about leaving my server open to the world without something in the way.

I don't mind using pairdrop.net - but I thought it would be better to host my own instance for me/family/friends.

[schlagmichdoch]

Okay, thanks for the information! I will think about it, but I guess it's best to keep PairDrop simple as a SPA.

I don't mind using pairdrop.net - but I thought it would be better to host my own instance for me/family/friends.

Sounds reasonable! I'm in the process of implementing zero-trust into PairDrop by encrypting the signaling and deploying native client apps. It's gonna be some time though.