KingsFaris

Settings

Tune the way you scan.

Configure your printer connection, scan defaults, and where files land.

Your name on this device

Scans you trigger from this browser are tagged with this name and saved into a folder named after it. Each device (Pankaj's laptop, Heath's Mac, your phone…) gets its own name and its own library view.

Printer

Auto-discover via mDNS, or set the IP manually.

Checking printer...

Scan profiles

Saved presets you can pick from the Scan tab. Three built-in profiles seed your library — edit or delete them as you like.

No profiles yet. Click "+ New profile" to add one.

Scan defaults

Used when no profile is selected. You can override per scan.

KingsFaris branding on PDFs

Default state of the toggle on the Scan tab. Off for everyday scans, on for documents you'll send to clients.

File-naming template

Applied to every saved scan. Tokens are replaced at save time.

Extension (.pdf / .jpg / .tif) is added automatically based on format. Counter resets at midnight.

Scan folder

Where every scan is saved. Each one lands in a sub-folder you pick on the Scan tab (default: inbox).

Tip: use ~ for your home directory. Folder is created automatically on save.

Share with other devices

Open the scanner hub from your phone, MacBook or any other device on the same Wi-Fi.

Loading network info…

One device can't connect even on the same Wi-Fi?

If one device works (e.g. your phone) but another doesn't (e.g. a colleague's Mac), the firewall is fine — the issue is on the other device or the router. Check:

  • Same Wi-Fi name, not just same router. Many routers broadcast multiple SSIDs (e.g. KINGS FARIS-5G, KINGS FARIS-Guest). Guest networks usually have AP isolation on, which blocks device-to-device traffic on purpose.
  • VPN off on the other device. A VPN routes traffic out to the internet instead of across the LAN.
  • Try a different browser. Safari sometimes tries to upgrade http:// to https:// — open Chrome / Edge / Firefox on the stuck device and paste the URL exactly as shown above.
  • Ping test. On the stuck device, open a terminal and run ping <this-laptop-ip>. If ping fails, the network is blocking — usually AP isolation on the router.
  • Last resort: install kfsh\scripts\allow-lan.bat as administrator. Adds a redundant explicit rule for TCP 3737 on every profile — no other system change.

Share with anyone — no install on their device

Creates a temporary public https://…trycloudflare.com URL via Cloudflare. Real Let's Encrypt certificate, green padlock on every browser, works on Mac / iPhone / Android with zero setup.

Install cloudflared first: run winget install Cloudflare.cloudflared

Heads up: while the link is running, anyone with the URL can scan, browse your library, or delete files — this app has no password. Click Stop when you're done.

Chrome shows “Not Secure”? Two ways to fix it

The “Not Secure” badge means Chrome is loading the app over plain HTTP. For a LAN-only tool with no passwords or payment fields, this is harmless — but if you want the green padlock, here are the two practical paths.

Option 1 — mkcert (LAN-only, offline)

  1. On this Windows laptop, open File Explorer to kfsh\scripts\setup-https.bat → right-click → Run as administrator. Installs mkcert, generates a cert for kfsh.local + every LAN IP, prints where the root CA lives.
  2. Start the server with npm run start:https instead of npm start. This runs Next.js + a tiny TLS proxy on port 3738.
  3. Visit https://kfsh.local:3738 in Chrome — green padlock, no warning.
  4. For Heath's Mac: copy rootCA.pem (the .bat prints the folder path — usually %LOCALAPPDATA%\mkcert) to the Mac. On the Mac, double-click rootCA.pem → opens Keychain Access → find “mkcert” in System keychain → double-click → expand Trust → set “Always Trust”. Done. Green padlock in Safari.

Option 2 — Tailscale Serve (works anywhere, recommended)

Tailscale gives you a real Let's Encrypt certificate for free — no manual CA install on any device. Same setup as the cross-network section above:

  1. Install Tailscale on this Windows laptop and on every device that needs to scan (Mac, iPhone, etc.). Sign in with the same account on each.
  2. On the Windows laptop, run once: tailscale serve --bg --https=443 http://localhost:3737
  3. Tailscale prints the URL — something like https://your-laptop.tailABC.ts.net. Open that on any signed-in device, green padlock, works from any network.
Want to scan from outside the office? Use Tailscale

The LAN URL above only works on the same Wi-Fi. To reach the scanner hub from anywhere — home Wi-Fi, mobile data, a hotel — install Tailscale on this Windows laptop and on every device you want to scan from. It's free for personal use up to 100 devices, end-to-end encrypted, and has no public URL (so it's safer than port-forwarding).

  1. Download from tailscale.com/download on each device (Windows, Mac, iPhone, Android — all supported). Sign in with the same account on all of them.
  2. Each device gets a stable IP like 100.x.y.z. On Windows, the Tailscale tray icon shows yours.
  3. On any other device, open http://100.x.y.z:3737 — same URL pattern, just the Tailscale IP instead of the LAN one. Works from any network.

Tailscale is the same approach used by tools like Anthropic internal tools, Linear, and most "remote local-first" SaaS. No code changes needed on this app.

Tip: bookmark the URL on your phone's home screen for one-tap scanning. The laptop running this server has to stay awake (and on the same network) for other devices to reach it.