mirror
/
cloudron-docs
mirror of https://git.cloudron.io/cloudron/docs.git
1
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1258 Commits
2 Branches
0 Tags
40 MiB
 
 
 
 
Tag: Branch: Tree: 50e07c4c32
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '50e07c4c32'
${ noResults }
cloudron-docs/knowledgebase/docs/networking.md

3.7 KiB
Raw Blame History

Networking

IP Configuration

Using the IP configuration settings, you can configure the IP address, Cloudron uses to configure to the DNS.

Public IP

When using the Public IP provider, Cloudron will automatically detect the server's public IP address by querying this url.

Network Interface

If the server has multiple IP addresses, you can configure the preferred IP address by specifying the network interface. The interfaces can be listed using ip -f inet -br addr.

Static IP

Use this option to provide a static IPv4 address. This IP address can be public or private. Some use cases for using this provider are:

Private DNS

Cloudron uses the unbound DNS server internally to resolve all DNS queries across all the apps.

If Cloudron is setup inside an internal network, you can customize the unbound configuration to resolve internal hosts.

Adding static hosts

To add some host entries internal to your network, add a file named /etc/unbound/unbound.conf.d/custom.conf:

server:

local-zone: "example.com." static
local-data: "jim.example.com. IN A 1.2.3.4"
local-data: "doug.example.com. IN A 2.3.4.5"

Be sure to restart the unbound service using sudo systemctl restart unbound and check it's status using sudo systemctl status unbound.

Internal DNS server

To add an internal DNS server, add a file named /etc/unbound/unbound.conf.d/custom.conf:

server:
    private-domain: "cloudron.lan"
    domain-insecure: "cloudron.lan"

forward-zone: 
    name: "cloudron.lan"
    forward-addr: 10.0.0.2

If your internal DNS server is not a forwarding server, use the stub-zone: and stub-addr: option instead.

Be sure to restart the unbound service using sudo systemctl restart unbound and check it's status using sudo systemctl status unbound.

Dynamic DNS

Enable this option to keep all your DNS records in sync with a changing IP address. This is useful when Cloudron runs in a network with a frequently changing public IP address like a home connection.

Firewall

Blocklist

Using the blocklist configuration, one or more IP addresses and/or networks can be blocked from connecting to Cloudron. You can download various country based blocklists from here.

!!! warning "Do not lock yourself out" Be careful about what IP addresses you block. If you lock yourself out, you must get Console access to the server, remove the file /home/yellowtent/boxdata/firewall/blocklist.txt and reboot the server.

Whitelist ports

Cloudron does not support installing additional packages or running other services on the server. With that warning out of the way, you can configure the firewall to permit additional (incoming) TCP and UDP ports. For this, edit the the file /home/yellowtent/boxdata/firewall/ports.json (create this file if it does not exist and change the owner to the user yellowtent).

{
    "allowed_tcp_ports": [ 2140, 3540 ],
    "allowed_udp_ports": [ ]
}

Restart the firewall to apply the configuration:

systemctl restart cloudron-firewall