Quick update - The issue had nothing to do with Cloudron server and everything to do with the Nginx Proxy Manager host sitting in front of the Cloudron server.
Good time to mention that NPM in front of a Cloudron server is not an officially supported Cloudron setup.
Yet, with this being said, once Websockets relay was enabled on NPM proxy host, everything fell into places.
Many many thanks for @nebulon and the cloudron team for their support as always.
@systemaddict I would check the app's configuration. Some apps let you change the CORS. It's not correct for system adminsto change CORS settings, this is a security issue waiting to happen.
Hi @JOduMonT,
I ran Cloudron with a combination of Tailscale & Cloudflared for two weeks without a public IP at my home setup. So far, everything was working well and I didn't encounter any significant issues. Below is the process that I followed:
1# I had two servers - one for Cloudron and the second with docker and docker-compose. Tailscale was installed and configured with Tailscale IP on both servers. The automatic domain configured was disabled in Cloudron and was set manually.
2# I ran the docker-compose.yml file on the second server using the following:
version: '3.8'
services:
tunnel:
image: 'ghcr.io/shmick/docker-cloudflared'
container_name: tunnel
hostname: tunnel
restart: unless-stopped
user: 1000:1000
env_file:
- $PWD/tunnel.env
volumes:
- /etc/timezone:/etc/timezone:ro
command: tunnel run
network_mode: host
TUNNEL_TOKEN={TUNNEL-TOKEN}
3# I set up and configured the domain in the Cloudflared UI, and used HTTPS for the Cloudron Tailscale IP with No TLS Verify enabled.
@girish sweet- that worked!
I saw that's also what you said here:
https://forum.cloudron.io/topic/5457/site-is-not-reachable/7
And is basically what's described in the troubleshooting as well.
At first this was just an issue with the uninstalled containers, but then when I restarted for a cloudron update it took down the whole thing, which made me think ngnix really was broken
Thank you!
@opensourced said in Persistent custom nginx configuration:
plugins which are available for free are crapy and I dont trust them
fyi Wordfence is not crappy (imho everyone running WordPress should install it) and would easily sort this for you
@robi Yes, sorry, I just followed the tutorial that was previously posted by @scooke
https://cloak.ist/blog/how-to-put-a-ghost-blog-at-a-subdirectory-using-cloudflare-workers/
@BrutalBirdie yes, this was a bug in 7.0.x. certificates of apps are "deleted" after 6 months or so. when this happens, the nginx config is left dangling. This is fixed in 7.1 with https://git.cloudron.io/cloudron/box/-/commit/5382e3d8321ddb96817f50ab94e9da56258b11e9
@girish Thanks for responding so quickly! I'll need to revisit my DNS knowledge to get that up and running. Doesn't seem too crazy to do. Thanks for the link, and also for actually trying to answer Daniel's question inside your link. Too many times people say "just don't do that" or, "do this other thing instead". Drives me insane
@nebulon Yes, there was an other port open on the raspberry - possibly from old services running on this device. But after reinstallation it was gone...
So then I just posted the default generated nginx config for two subdomains. But I get it, that those includes are quite confusing... I try to create a cleaner version.
Thank you for your patience.
