Per-application access rules
-
I'm looking at rolling several projects into a single Cloudron instance, and so far it looks like a good option. One thing I'm interested in doing is filtering access to specific applications by IP. For example:
- PeerTube can be accessed by the entire internet
- Immich can only be accessed from my home IP
- Emby can only be accessed from my home IP and these five ProtonVPN endpoint IPs
- NextCloud can only be accessed from my home IP, office IP range, and these five ProtonVPN endpoints
... and so on. I don't see any immediately obvious way to do this. I can purchase additional IPv4 addresses from my hosting providers to facilitate this if needed, but it would be ideal if this isn't necessary.
Is there any way to accomplish this through the web UI? If not, are there any config files I can use?
-
G girish moved this topic from Discuss on
-
+1 for home IP access limitation
-
Currently, there is no per app network access control. I will move this to Feature Requests.
@girish Great, thanks!
-
Now, combine this with something like Wireguard or Tailscale and limit access to certain apps (Vaultwarden, Nextcloud, etc.) to users connected to such VPN - that would be the dream
-
I voted for this excellent idea long time ago but now I wished it was here:
I (need to) use Cloudflare WAF to protect acces to my NextCloud on Cloudron
. I also want a local/external application to make backups via WebDAV to NextCloud .... here it gets stuck .... Cloudflare has a 500MB limit on their free proxy.
Isn't it very '80s to have no build-in WAF/IP restriction to Cloudron in the current 2025 mad world of zero days, hackers, .........