Suggestions or tips how I can host my Tiddlywiki online?

[Robert Freiberger]

Hello, 

I posted earlier that I was having issues with two computers accessing a shared Dropbox Tiddywiki. Then I started to think about I can just have this hosted online which might be easier. I searched around but I wasn't sure how much work this would take and if it's actually secure? 

Ideally, I would like to be able to host my Tiddlywiki online (I'm hoping I can use Google Cloud or Digital Ocean) and make sure it's locked down from the public. I was thinking about some weird workarounds but the core goal is that I could host it in a shared location online and access it securely from multiple locations with a password (even better if I could use 2FA, or public key). 

Thank you,

Robert

[Lost Admin]

How good are you at secure system administration?

I run a tiny VM (hosted with Vultr, similar to Digital Ocean) and host my own TW on a webdav server I set-up with Apache and mod_dav, and TLS enabled. It is password protected but currently password administration requires logging in to the command line to update the Apache password file (htpasswd command). TLS certificate is provided by Let's Encrypt.

The nice thing about using WebDav is that I can remote-mount it on Windows as a network drive and also reach it using an web browser.

I don't (yet) have 2FA but considering setting up TLS-client certificate authentication. Since I don't want to pay for an e-mail cert and Let's Encrypt doesn't offer that (or didn't the last time I checked), I'm thinking of creating my own private CA infrastructure on my home PC to manage client certs.

Of course, I only have 1 user (me).

You might also want to look at NoteSelf (built on TiddlyWiki) and tiddlyspot.com (no SSL, but TiddlyWiki does support encrypted wikis).

[TonyM]

Robert,

I am not sure what digital ocean offers you but if you have a cpanel account you can use the recently developed PHP saver https://github.com/sendwheel/tw-receiver. along with a lets encrypt SSL and even a password to access the folder in which the tiddlywiki is installed.

Be aware that since javascript plugins can be installed, html entered into tiddlywiki etc... there are risks opening it to the public for save.

There are other options.

Regards

Tony

[Jed Carty]

I have ooktech.xyz hosting my wikis, it fits most of what you want. For the moment it just uses username/password pairs to generate access tokens so there is no 2FA or public key sign in. Other than that it fits everything you are asking for. I have the same thing running on a raspberry pi server at home so it would run on digital ocean without trouble.

The server component is here https://github.com/OokTech/SecureWikiServer

And Bob (the part that handles the multiple access and ensures that you don't lose progress if you have it open on multiple devices at the same time) is here: https://github.com/OokTech/TW5-Bob

[@TiddlyTweeter]

I very much think assisting the Bob way forward makes most sense.

Its the most replete solution. Its not yet perfect, but the underlying ideas are most relevant to TW issues. Its not JUST about serving. Its also about serving "what?" FOR "what?". In other words, Bob is not just about a neat serving, its about delivering content for purpose. In that it addresses THE issue, which is to acheive fit between method of delivery and substantive results delivered.

[h0p3's Wiki]

I think running a performant and secure webserver is a non-trivial task. The following options are bad if you ever want to walk up to a box you don't own (and can't install software or modify settings) to login over the web from a browser to edit your wiki (though, I'm not sure I would trust such a computer). That's basically what you are seeking, but I suggest you might not have to go that route.

If you know you will be owning the devices you use to edit the wiki (you generally would in the Dropbox case), you might consider running the server from your home (or any secure computer behind a NAT or strict firewall) and using something like https://zerotier.com/ for a personal VPN across your devices. You can open your TW server to your LANs and access that server from across the VPN. This method can work without TW software servers too because you can open and save the html file from across the VPN (requires setting up filesharing, and you must watch for something like race conditions as you would for Dropbox). You may find it useful for other things as well (e.g. streaming music across your network).

The above is not the method I currently use for my wiki (beware those who do not take their own advice), but Bob's sexiness may one day force me to do so. No option is perfect, but I use Resilio Sync and single-file editing. It's encrypted, the fastest throughput option for single-file wiki usage, does not rely upon any one particular server to be running, maintains archives of all edits (can be disabled), provides read-only keys (and even encrypted keys for storing on untrusted servers), and affords me offline editing. If you didn't like Dropbox though, there's a good chance you won't like this method.

My vote is for the VPN because it is one of the easiest to set up in many cases, it's free, it's secure, and it's versatile.

--
You received this message because you are subscribed to the Google Groups "TiddlyWiki" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+...@googlegroups.com.
To post to this group, send email to tiddl...@googlegroups.com.
Visit this group at https://groups.google.com/group/tiddlywiki.
To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/54d70ee3-1c7f-4e79-b28b-495077fe819d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[PMario]

On Monday, November 26, 2018 at 5:36:22 PM UTC+1, h0p3 wrote:

...

If you know you will be owning the devices you use to edit the wiki (you generally would in the Dropbox case), you might consider running the server from your home (or any secure computer behind a NAT or strict firewall) and using something like https://zerotier.com/ for a personal VPN across your devices.

@h0p3

Absolutely interesting stuff. Thx for sharing

-m