Best practices to provide a secure IPFS node?

[Not sure whether this belongs to Help or to Ecosystem.]

I’m thinking of providing an IPFS service to be used by a mobile app. The app would use the node as a storage backend by using ipfs add remotely. (I do realise this could lead to storage-spam but let’s not think about that for now.)

My actual concerns are the following:

  • Since anyone decompiling the app could find the node’s IP address and port, how would you protect the node from administration abuse?
  • How would you protect the node from content deletion abuse? Let’s say user A uploads a file and user B deletes it right away.

Intuitively, my first thought is to not leave the IPFS node accessible in the first place, and instead have a REST API run its own local node and expose a PUT method for ipfs add and a GET method for ipfs cat. However with such disintermediation you would kind of lose the decentralised aspect, since the backend could always cheat and e.g. alter the files during upload.

Another approach would be to only allow the ipfs add command and disable other commands such as ipfs files.

A third approach would be clustering, similar to what ipfs-cluster does but with only the pinning part and no unpinning.

What are the recommended practices for this kind of scenario?

Thanks a lot for your help.


Right now probably the best/easiest approach is to run a reverse proxy in front of ipfs (or cluster) that only allows the methods you want to allow.

Cluster API could probably include better authorization to support these use cases though. You are welcome to open an issue in

1 Like