Per-application access rules
-
wrote on Mar 8, 2024, 6:29 PM last edited by girish Mar 9, 2024, 5:16 PM
I'm looking at rolling several projects into a single Cloudron instance, and so far it looks like a good option. One thing I'm interested in doing is filtering access to specific applications by IP. For example:
- PeerTube can be accessed by the entire internet
- Immich can only be accessed from my home IP
- Emby can only be accessed from my home IP and these five ProtonVPN endpoint IPs
- NextCloud can only be accessed from my home IP, office IP range, and these five ProtonVPN endpoints
... and so on. I don't see any immediately obvious way to do this. I can purchase additional IPv4 addresses from my hosting providers to facilitate this if needed, but it would be ideal if this isn't necessary.
Is there any way to accomplish this through the web UI? If not, are there any config files I can use?
-
G girish moved this topic from Discuss on Mar 9, 2024, 5:16 PM
-
wrote on Mar 9, 2024, 7:18 PM last edited by
+1 for home IP access limitation
-
Currently, there is no per app network access control. I will move this to Feature Requests.
wrote on Mar 10, 2024, 4:03 AM last edited by@girish Great, thanks!
-
wrote on Mar 11, 2024, 5:17 AM last edited by
Now, combine this with something like Wireguard or Tailscale and limit access to certain apps (Vaultwarden, Nextcloud, etc.) to users connected to such VPN - that would be the dream