Access cloudron on local network
-
Is it possible to access Cloudron without internet access (over the local network) if the Cloudron instance is running on the same network as the client? I know with most of the individual apps being managed by Cloudron it is possible but I don't understand what Cloudron is doing with DNS configuration very well, nor do I understand what is happening when I simply try to go to the IP address of the host computer (seems like a bunch of redirects).
-
temporary you could forge your host file with something like
192.168.1.10 my.cloudron.iowhere
192.168.1.10
represent the IP of your cloudron andcloudrio.io
represent your domain
then you will probably have an SSL Certificate Error but you will be able to log inFYI: the host file is the ancestor of the DNS
but for more usefull info look at this postin a more viable term, you could set up a DNS project for your local network
you could use PiHole to do so it will be very easy. -
@JOduMonT I have a pihole set up and am using some local DNS resolution already for other things. What you're describing is exactly what I was hoping would work I just wasn't sure it would be that simple. So far I've only been able to play with Cloudron on a VPS but it seems like manually going to the IP address of the server there doesn't really work. It redirects you to the setup page which then redirects you several more times so that's what made me worried it wouldn't be as simple as setting up local DNS resolver to point the domain name to the local IP of the server.
-
@zjuhasz Did I understand correctly that the server can download stuff but nobody from the internet can reach the server? If so, yes, that will work. In fact, it will even work with Let's Encrypt certificates. Note that the server still needs to download stuff because it has to download app images and updates. Clients can connect to the server since it's all internal network.
Let me explain a bit about the DNS stuff. By default, Cloudron will call https://api.cloudron.io/api/v1/helper/public_ip from your server to determine the public IP. It will then use this IP to configure the DNS. A related topic is Let's Encrypt certs. When you use "programmatic" DNS backends like cloudflare/do/linode/route53 etc, Cloudron uses the DNS to get certs (basically, the LE procotol asks you to put some DNS entries to validate before issuing certificates). When you use wildcard/manual DNS providers, we cannot program the DNS automatically, and thus we fall back to an approach where LE will call back your server on port 80.
If you don't Cloudron to use the public IP when configuring the DNS, you can supply a custom IP - https://cloudron.io/documentation/networking/ .
With this in mind, here's how to do it:
- Install Cloudron. In the initial DNS setup screen, you put in some programmatic DNS backend. Then in the advanced section in the same view, you can set the IP address to be the internal IP address. You can put either Fixed IP (if you have static private IPs) or put in a interface card (if you use DHCP)
- Cloudron will then configure your DNS to have internal IPs. It can still get certs because it has access to your DNS
- Your clients can access via DNS as well since they resolve to internal IPs
- Others outside cannot access your services since they all resolve to internal IPs
(This is also how setups in a AWS VPC or DO VPC work)
-
@girish thanks for the info.
Did I understand correctly that the server can download stuff but nobody from the internet can reach the server?
Kind of. It's fine for me to need internet access for initial setup and for updates. In fact I'd like to always be able to access the server over the internet, but I'd also like to be able to connect over the local network. I guess so long as it's possible to connect over the local network I could always VPN into the network and use Cloudron that way. This solution will probably be ok for me, but it's not ideal for the setup I'm trying to make.
I basically have two objectives regarding local network access:
- The Cloudron is going to be used from clients on the same network probably about 75% of the time so I'd like to be able to take advantage of the faster transfer speeds on the local network and not run into bandwidth throttling issues from the ISP (will be doing a lot of large file transfers). But again, I'd still like remote access to be possible and preferably without needing to use a VPN.
- When my network loses internet access I still need to be able to use Cloudron via the local network (I do intend for the Cloudron server to generally have internet access though).
I don't know if it's possible but I think the ideal solution would be similar to what @JOduMonT described where I would host the Cloudron DNS with some big DNS provider like Cloudflare but on my local network DNS (pihole) I would resolve the same domain names to the local address of the Cloudron server instead of the internet address.
-
I don't know if it could work with Cloudron
but from time to time I build private nextcloud which are accessible only via VPN and then on the Cloudflare side I point the IP to the private IP and request the Let's Encrypt via DNS.
@girish what would happen if @zjuhasz change the IP at his DNS provider for the local IP
does Cloudron will force a refresh of this DNS entry ? -
Cloudron won't refresh DNS entries automatically unless some action is performed like app configure etc or the Dynamic DNS feature is enabled. Generally, if you go to network view and put in the local IP, you don't have to worry about those automatic actions as well.