Is there a way to restrict access from share links?

[clnhlzmn]

I'm using nginx proxy manager to access file browser and I have two proxy hosts set up. One for local access like files.myserver.example.com and another one for public share links like files.share.example.com.

I'd like for files.share.example.com to work only for share links.

As it is if I visit https://files.share.example.com (without a share link path) I'm taken to the filebrowser login page. Is there a way to configure this so that share links are restricted to only what they need to see to download the shared files?

I'm happy to attempt to do this with nginx proxy manager too, but when I inspect the requests made when opening a share link it's not immediately obvious to me which paths should be allowed and which should be disallowed or if that is possible in general.

[clnhlzmn]

Ok I solved at least the /login part by adding

location /login {
    return 403;
}

to the "Custom Nginx Configuration" field in the files.share.example.com proxy host config in NPM.

Are there any other locations I can restrict while maintaining functioning share links on files.share.example.com? I can try to figure this out by trial and error but it would be cool to hear it directly from a dev.

[gtsteffaniak]

Major changes to this are planned for the next release.

your description sounds like you want to make some share requests require authenticated users? I can have this be a feature request for that.

[clnhlzmn]

Oh I didn't see that other issue I think that perfectly describes my request actually. I simply want to block anything other that /share for my share links on files.share.example.com. So that other issue points out that to do this today I'd have to allow /share and /static and /api/public and it's not clear to me that in doing so I'd only be allowing access to those public links. I'd like a clear delineation between private paths (this includes things like /login) and public paths (basically the bare minimum required to serve files to unauthenticated users on externalUrl).

So tldr I think the essence of this request is captured in that other ticket so feel free to close this.

[clnhlzmn]

When is the next release going to be made and when do you expect to have a stable release?

[gtsteffaniak]

Usually, notable releases generally happen every 2 weeks or so. Also, I have a good writeup that you can read about stable release here

[clnhlzmn]

Awesome thanks!

[gtsteffaniak]

marking this one complete with v0.8.0, should any bugs or issues come up please open a new issue thank you :)