NFLTRDocsGuides

Secure File Sharing

Share files, directories, and clipboard contents privately — with options from quick public links to zero-knowledge P2P transfers.

1. Quick File & Directory Sharing

Share any file or directory with a single command. Recipients access it through a web browser.

Share a single file

# Share a file — generates a shareable URL
nfltr share report.pdf

# Share with a memorable URL
nfltr share report.pdf --name company-report

Serve a directory

# Serve an entire directory with file listing
nfltr serve ./build-artifacts --name releases

# Serve with directory listing disabled (direct links only)
nfltr serve ./exports --no-index

2. Access Controls

Protect shared content with authentication and IP restrictions:

Password protection

# Basic auth
nfltr share secret-doc.pdf --basic-auth user:password

# Bearer token
nfltr share api-export.json --share-bearer my-secret-token
curl -H "Authorization: Bearer my-secret-token" https://<share-url>

IP allowlisting

# Only allow specific IPs
nfltr share internal-report.pdf --share-ip-allowlist 203.0.113.0/24,198.51.100.5

# Combine IP allowlist with auth
nfltr share financials.xlsx \
  --basic-auth cfo:secret \
  --share-ip-allowlist 10.0.0.0/8

3. End-to-End Encrypted Sharing

Add the --e2ee flag to encrypt all traffic end-to-end. The nfltr server relays only ciphertext — it never sees your files.

# Share with E2EE — server cannot read the file
nfltr share confidential.pdf --e2ee --basic-auth user:pass

# Serve a directory with E2EE
nfltr serve ./legal-docs --e2ee --name legal

# E2EE with custom TLS certificates
nfltr share contract.pdf --e2ee \
  --e2ee-cert /path/to/cert.pem \
  --e2ee-key /path/to/key.pem
🔒 How E2EE works for file sharing

With --e2ee, the agent terminates TLS directly. The NFLTR server performs blind TCP relay — it handles SNI routing but cannot decrypt the payload. Perfect for regulated data, legal documents, or any content where server-side trust is unacceptable.

4. Peer-to-Peer Transfer (Zero Server Knowledge)

For maximum privacy, use P2P mode. Files transfer directly between machines with no data touching the server — only signaling passes through NFLTR.

# Sender — start a P2P file transfer
nfltr p2p send ./large-dataset.tar.gz

# Receiver — download the file
nfltr p2p recv <share-code>

P2P encryption details

Send a directory

# Automatically tars the directory for transfer
nfltr p2p send ./project-folder/

# Receiver gets the tarball
nfltr p2p recv <share-code>

Send a text message

# Send a quick encrypted message
nfltr p2p send --text "The deployment password is: hunter2"

# Receive it
nfltr p2p recv <share-code>

5. Clipboard Sharing

# Share your clipboard contents via a URL
nfltr clipboard --name my-clipboard

# Access from another machine — paste via the web UI
open https://nfltr.xyz/browse/my-clipboard/

Useful for sharing code snippets, URLs, or small text between machines without email or chat.

6. WireGuard VPN for Network Access

For ongoing access to a remote network (not just a single file), use a WireGuard tunnel:

# On the machine with access
nfltr wg serve --name office-net

# On your machine — SOCKS5 proxy to access the entire LAN
nfltr wg socks5 office-net --listen :1080

# Browse internal file servers, wikis, etc.
curl --proxy socks5://localhost:1080 http://fileserver.internal/docs/

Choosing the Right Method

MethodBest ForEncryptionAuth Options
nfltr share Quick file links TLS (or E2EE with --e2ee) Basic auth, bearer, IP allowlist
nfltr serve Directory browsing TLS (or E2EE with --e2ee) Basic auth, bearer, IP allowlist
nfltr p2p send/recv Maximum privacy, large files AES-256-CTR (always on) Share code (one-time use)
nfltr wg Ongoing network access WireGuard (always on) API key + WG keys
nfltr clipboard Text snippets TLS Basic auth

Next Steps