-
I'd like to use my cloudron as an intranet (like this). As of now, I'm using the VPN and my cloudron is exposed on its public IP, not its internal IP. But I think I'm facing a chicken and egg problem: if I switch couldron to listen to the internal IP, the VPN server will not be reachable from outside…
Is there a recommended way to do that?
BTW, the docs says:
In an intranet setup, Cloudron has no way to get Let's Encrypt certificates without a programmatic DNS provider.
I'm not sure how that helps? Let's encrypt can never generated certificates for myinternaldomain.lan, can it?
-
J james marked this topic as a regular topic on
-
J james moved this topic from Support on
-
I'd like to use my cloudron as an intranet (like this). As of now, I'm using the VPN and my cloudron is exposed on its public IP, not its internal IP. But I think I'm facing a chicken and egg problem: if I switch couldron to listen to the internal IP, the VPN server will not be reachable from outside…
Is there a recommended way to do that?
BTW, the docs says:
In an intranet setup, Cloudron has no way to get Let's Encrypt certificates without a programmatic DNS provider.
I'm not sure how that helps? Let's encrypt can never generated certificates for myinternaldomain.lan, can it?
@cpa said in Intranet & VPN app:
a chicken and egg problem
Indeed.
@cpa said in Intranet & VPN app:
Is there a recommended way to do that?
AFAIK, not from the Cloudron Team.
There are products out there like Cloudflare Tunnels or Pangolin .
Here is also a big topic about Cloudflare tunnels https://forum.cloudron.io/topic/10395/cloudron-proxmox-cloudflare-tunnels@cpa said in Intranet & VPN app:
Let's encrypt can never generated certificates for myinternaldomain.lan, can it?
If you use a programmatic DNS, certificates should be generated via DNS-01 challenge.
So no exposed inbound port 80/443 would be needed. Only outbound to the API of the DNS provider. -
@cpa said in Intranet & VPN app:
a chicken and egg problem
Indeed.
@cpa said in Intranet & VPN app:
Is there a recommended way to do that?
AFAIK, not from the Cloudron Team.
There are products out there like Cloudflare Tunnels or Pangolin .
Here is also a big topic about Cloudflare tunnels https://forum.cloudron.io/topic/10395/cloudron-proxmox-cloudflare-tunnels@cpa said in Intranet & VPN app:
Let's encrypt can never generated certificates for myinternaldomain.lan, can it?
If you use a programmatic DNS, certificates should be generated via DNS-01 challenge.
So no exposed inbound port 80/443 would be needed. Only outbound to the API of the DNS provider. -
Many thanks for the answers. I'll just blacklist IP ranges and leave my instance on public IPv4; that seems to be the easiest way to go, even though I'll always worry about it a bit.
It would be nice if the VPN could be the only part of Cloudron that's exposed, and also handle serving the certificates for self-signed certs on local domains.
-
Many thanks for the answers. I'll just blacklist IP ranges and leave my instance on public IPv4; that seems to be the easiest way to go, even though I'll always worry about it a bit.
It would be nice if the VPN could be the only part of Cloudron that's exposed, and also handle serving the certificates for self-signed certs on local domains.
@cpa If you blacklist heavily, that means you cannot use the mail server anymore, correct? As servers delivering incoming mail cannot connect anymore….
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login