Per-application access rules
-
I'm looking at rolling several projects into a single Cloudron instance, and so far it looks like a good option. One thing I'm interested in doing is filtering access to specific applications by IP. For example:
- PeerTube can be accessed by the entire internet
- Immich can only be accessed from my home IP
- Emby can only be accessed from my home IP and these five ProtonVPN endpoint IPs
- NextCloud can only be accessed from my home IP, office IP range, and these five ProtonVPN endpoints
... and so on. I don't see any immediately obvious way to do this. I can purchase additional IPv4 addresses from my hosting providers to facilitate this if needed, but it would be ideal if this isn't necessary.
Is there any way to accomplish this through the web UI? If not, are there any config files I can use?
-
G girish moved this topic from Discuss on
-
+1 for home IP access limitation
-
Currently, there is no per app network access control. I will move this to Feature Requests.
@girish Great, thanks!
-
Now, combine this with something like Wireguard or Tailscale and limit access to certain apps (Vaultwarden, Nextcloud, etc.) to users connected to such VPN - that would be the dream
-
I voted for this excellent idea long time ago but now I wished it was here:
I (need to) use Cloudflare WAF to protect acces to my NextCloud on Cloudron
. I also want a local/external application to make backups via WebDAV to NextCloud .... here it gets stuck .... Cloudflare has a 500MB limit on their free proxy.Isn't it very '80s to have no build-in WAF/IP restriction to Cloudron in the current 2025 mad world of zero days, hackers, .........
-
I voted for this excellent idea long time ago but now I wished it was here:
I (need to) use Cloudflare WAF to protect acces to my NextCloud on Cloudron
. I also want a local/external application to make backups via WebDAV to NextCloud .... here it gets stuck .... Cloudflare has a 500MB limit on their free proxy.Isn't it very '80s to have no build-in WAF/IP restriction to Cloudron in the current 2025 mad world of zero days, hackers, .........
-
@imc67 I'm not sure what you mean, Cloudron does have a Trusted / Blacklisted IPs and Fail2Ban support.
@umnz said in Per-application access rules:
@imc67 I'm not sure what you mean, Cloudron does have a Trusted / Blacklisted IPs and Fail2Ban support.
You are answering your own question: look at the subject of this future request and then the docs. What you mentioned is on server level .... not app level
-
@umnz said in Per-application access rules:
@imc67 I'm not sure what you mean, Cloudron does have a Trusted / Blacklisted IPs and Fail2Ban support.
You are answering your own question: look at the subject of this future request and then the docs. What you mentioned is on server level .... not app level
@imc67 said in Per-application access rules:
@umnz said in Per-application access rules:
@imc67 I'm not sure what you mean, Cloudron does have a Trusted / Blacklisted IPs and Fail2Ban support.
You are answering your own question: look at the subject of this future request and then the docs. What you mentioned is on server level .... not app level
Oops, my bad! Take my +1 instead lol.
