Limiting web based access to Cloudron Apps

Kubernetes

Hi there,

What options are available to limit web based access to Cloudron Apps?

I know that most Apps does have a Login mask to restrict access to the App. But what if I would like to stop strangers to even reach the login mask? Is there a way to use basic authentication in the reverse proxy?

Best,
Michael

nichu42

@Kubernetes said in Limiting web based access to Cloudron Apps:

I know that most Apps does have a Login mask to restrict access to the App. But what if I would like to stop strangers to even reach the login mask? Is there a way to use basic authentication in the reverse proxy?

Do you mean something like setting up .htaccess/.htpasswd from within Cloudron?

Kubernetes

@nichu42 Yes, exactly. But just for specific Apps.

girish

@Kubernetes We are looking into a wireguard/openvpn based solution for this - https://forum.cloudron.io/topic/8269/what-s-coming-in-7-4 (though, unfortunately, it won't be in 7.4 . probably 7.5. 7.4 is mostly getting out all the database upgrades)

robi

@girish why is a VPN setup a solution for basic http(s)/proxy auth?

That's like saying we're looking into SFTP access so we can run an SSH proxy to port forward HTTP(s) connections to the app gated by the SSH login.

Kubernetes

The main reason for my question is to get strangers away from my apps. For smaller home use an VPN would be an acceptable solution. However, I wonder how the SSL Certificates will be created when Let's encrypt is not able to reach the Cloudron Apps?

girish

@Kubernetes let's encrypt does not require network reachability when DNS automation is used.

girish

@robi most mobile apps will break with htaccess kind of setup

robi

@girish okay, I thought this was selective for web based apps that it makes sense to limit in that way, not for the entire cloudron all at once.

For any affected mobile apps, one can use a pw enabled proxy-redirect to a secondary domain of the App.