Publishing the wiki privately

Publishing the wiki privately

Cloudflare Pages is the best default host for this static wiki. The existing just build output can be uploaded directly from dist/, the result works well on phones, and the same host supports either obscure-link publication or a real identity gate.

The choice is not primarily between hosting vendors. It is between two meanings of private.

Mode Visitor experience Protection Best use
Secret link plus noindex Open the URL directly Cooperative search engines should omit it; anyone with the URL can read it Selected, low-sensitivity notes and casual demonstrations
Cloudflare Access Open the URL, then authenticate by allowed email or identity provider Requests are denied unless an Access policy allows the visitor The complete wiki or anything costly to leak
ChatGPT Sites restricted sharing Sign in with an allowed ChatGPT workspace account Owner, user, group, or workspace allowlist A supported paid workspace whose intended readers are already members

Cloudflare Pages and Access official publishing documentation preserves the basis for the Cloudflare comparison. ChatGPT Sites official publishing documentation records the changing beta availability and sharing model.

A Pages project can receive a long, unadvertised pages.dev name and a global response header:

/*
  X-Robots-Tag: noindex, nofollow, noarchive
  Referrer-Policy: no-referrer

The _headers file belongs in the uploaded build directory. It should be generated or copied during a publishing step, not maintained by editing dist/ by hand. Avoid publishing a sitemap, linking the site from public pages, or using an obvious project name.

Do not combine a site-wide crawler block with the expectation that Google will read noindex. Google documents that its crawler must retrieve the page or response header to observe the directive. An authentication gate is the correct way to keep a crawler out.

Access is the safer default for the complete vault

For an access-controlled production site, attach a custom subdomain to Pages and put a Cloudflare Access self-hosted application in front of it. An Allow policy can name exact email addresses, and email OTP login avoids requiring each visitor to install a client or join a private network.

This adds friction to the first phone visit but keeps the link itself harmless when forwarded. It is appropriate if the built vault contains personal notes, saved source artifacts, unpublished business analysis, or anything that should not become public merely because a URL leaks. The hosting and Zero Trust products have free tiers, but a custom domain is normally a separate cost unless one is already owned.

Deployment can stay deliberately manual

The repository’s Cloudflare adapter keeps the Index note at /Index and adds a host-only temporary redirect from / to /Index. It also applies the non-indexing and defensive response headers without making Cloudflare-specific files part of the generic wiki build.

The least surprising workflow is:

  1. Run just build locally.
  2. Run just deploy. This copies _redirects and _headers into the generated output immediately before Wrangler uploads it. Wrangler reports a new immutable deployment URL on every upload, while the recipe separately prints the stable production alias https://private-wiki-ch0.pages.dev that advances to the latest master deployment.
  3. Test the production URL in a private phone browser.
  4. In Access mode, test both an allowed identity and a denied identity before sharing.

Manual Direct Upload prevents the private repository itself from being connected to another service. Git-based automatic deployment can be added later through a new Pages project if update convenience becomes more important.

Share subsets when the whole graph is unnecessary

Per-person authorization does not provide per-note authorization inside one static build. Everyone admitted to one deployment can normally fetch every file in it. When a person should see only part of the wiki, build a separate export or mini-site containing the chosen notes and their required assets. This is safer than relying on hidden navigation, because unlinked static files remain retrievable by URL.

ChatGPT Sites is a future convenience option

ChatGPT Sites has a convenient owner, selected-user, group, workspace, or public sharing model. Its restricted sharing requires the visitor to use an allowed account, and the documented beta is paid and unavailable in the European Economic Area at launch. It is therefore not the present free default for this wiki. It becomes attractive if regional access opens and the intended readers already belong to the same ChatGPT workspace.

Sources

  1. developers.cloudflare.com
  2. developers.cloudflare.com
  3. developers.cloudflare.com
  4. developers.google.com
  5. help.openai.com