Skip to content
Arka Platform

Local network (LAN) access

By default, arka-deck listens only on 127.0.0.1 (your machine). To access the application from another device on the local network (tablet, phone, another workstation), you must enable LAN mode.

Enable LAN

Section titled “Enable LAN”

Recommended — through settings

Section titled “Recommended — through settings”
  1. Open Settings → Profile & UI → Network.
  2. Enable Allow access from local network (LAN).
  3. Reboot arka-deck (npm run arka:reboot).
  4. The interface displays available LAN URLs and the token to use.

Quick — environment variable

Section titled “Quick — environment variable”
Terminal window
ARKA_DECK_WEB_LAN=1 npm run arka:start

CLI — explicit flag

Section titled “CLI — explicit flag”
Terminal window
npm run arka:start -- --lan
npm run arka:start -- --no-lan

Priority order (first applicable method wins):

  1. CLI flag (--lan / --no-lan)
  2. Environment variable (ARKA_DECK_WEB_LAN)
  3. Settings preference (network.json)
  4. Default: false

Authentication required

Section titled “Authentication required”

Once LAN is active, arka-deck requires a token on every request from a remote device:

  • HTTP header: X-Arka-Token: <token>
  • Or query string (deprecated, may leak via Referer or history): ?token=<token>

The token is:

  • Regenerated at each server start.
  • Persisted in .arka-token at the arka-deck project root (mode 0o600).
  • Never logged in plain text.

The interface displays the token on local connection; you copy/paste it on the remote device.

CORS and network ranges

Section titled “CORS and network ranges”

CORS is limited to RFC1918 origins (private networks):

  • 10.0.0.0/8
  • 172.16.0.0/12
  • 192.168.0.0/16
  • .local (mDNS / Bonjour)

No connection from the Internet is authorized. To expose arka-deck externally, you need a reverse proxy with dedicated authentication (out of current product scope).

Disable LAN

Section titled “Disable LAN”

Either via the Settings toggle then reboot, or via command:

Terminal window
npm run arka:reboot -- --no-lan

LAN security best practices

Section titled “LAN security best practices”
  • Enable LAN only on a trusted network (home LAN, private office).
  • Do not use arka-deck over LAN on a public Wi-Fi.
  • Share the token only with devices you control.
  • If you suspect a leak, restart the server — the token is regenerated.

Going further

Section titled “Going further”
  • Environment variables: security section of 07-securite-et-donnees
  • Dev CLI reference: docs/dev/reference/cli.en.md (coming)