Security token for IPFS hosting

Running IPFS on the local machine is problematic (NAT, should always online, etc.), but you can easily buy a server instance in the cloud where you can host your IPFS node (a minimal AWS Lightsail instance is only 3.5$). You can easily install an IPFS node to a Lightsail server, but if you would access the API on it, you have to use SSH tunnel or some other magic because in default the IPFS HTTP API is publicly available. It would be a nice feature if I could define a security token in the config that has to be used for accessing the API. With this feature, anybody could easily host his/her IPFS node on an external server, and use it through the IPFS Chrome extension. I think this feature could help IPFS to spread the world. If you like the idea, I would add it to go-ipfs/js-ipfs repos as feature issue, and (as a coder) I could also help to implement it, cause I think it’s a very important feature.

For any real world application you need cluster of nodes for hosting. Cluster software can handle authorization already.

Like @hsn10 says, if you’re hosting content you’d want some redundancy in your hosting solution, will let you orchestrate the nodes in a secure fashion and spread the content around.

I’ve seen the IPFS cluster, but how can I use it in IPFS Chrome Extension as an IPFS API server? There is no any config field where I could set the auth username/password.

I like “docker compose” as a way of deploying an IPFS instance. Here’s my docker file FYI:

It keeps the docker instance on a private network that’s unreachable from outside, but reachable from inside that same docker container.

What I’m unsure about myself, is how/if I will setup an ability for the browser to directly call into the IPFS gateway, and track who uploaded what, because I’m building a platform that will commoditize the entire “Pinning Service” technology stack into an open-source platform that includes a GUI so feature rich it can function as a wiki or even a social media platform “out of the box”.