What's coming in 4.2
-
@yusf You can restrict the port in IPTABLES as well, I don't remember if cloudron uses just IPTables or UFW but here is a rule for both that would work for routing to internal networks only:
UFW:
ufw allow from 192.168.1.0/24 to any port 389
(This allows from the 192.168.1.0 network to TCP/UDP port 389. You can change the word "any" to "tcp" to restrict it to TCP only as well.)IPTABLES:
iptables -I INPUT -p tcp -s 192.168.1.0/24 --dport 389 -j ACCEPTPlease research what cloudron uses as it's firewall (I am almost positive it is iptables).
Also note - This is an unsupported modification too.
Also also note - You can probably make an app that can proxy this connection instead, using a different port, you can proxy to the LDAP server instead. (Say port 1389 as an example). This would probably work better since LDAP clients normally allow you to configure a port to connect to anyway.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@yusf You can restrict the port in IPTABLES as well, I don't remember if cloudron uses just IPTables or UFW but here is a rule for both that would work for routing to internal networks only:
UFW:
ufw allow from 192.168.1.0/24 to any port 389
(This allows from the 192.168.1.0 network to TCP/UDP port 389. You can change the word "any" to "tcp" to restrict it to TCP only as well.)IPTABLES:
iptables -I INPUT -p tcp -s 192.168.1.0/24 --dport 389 -j ACCEPTPlease research what cloudron uses as it's firewall (I am almost positive it is iptables).
Also note - This is an unsupported modification too.
Also also note - You can probably make an app that can proxy this connection instead, using a different port, you can proxy to the LDAP server instead. (Say port 1389 as an example). This would probably work better since LDAP clients normally allow you to configure a port to connect to anyway.
-
@murgero Thanks! Though very unsupported also very interesting. Thought about the proxy app approach but you know my level id of expertise: not enough.
-
@yusf Maybe it will be my weekend project this week. Build an LDAP Proxy app for Cloudron.
I'll hit you up on Matrix if I get something working.
@murgero I’ve been meaning to do the same.
Should be doable with something like HAProxy, but I wanted to use some better auth mechanism, so I’ve been working on this: https://git.iamthefij.com/iamthefij/dockamole
The server is essentially just an ssh server that is configured to disallow running commands and only allow port forwarding. The client can be run anywhere and it exposes the ports for you.
I’m planning to run a server on my Cloudron to forward LDAP and Graphite (hopefully), and then I can deploy a client on my other VPS. I also plan to do the same with my NAS at home so I can have my VPS access it without exposing http access to my home network.
There are many ways to do this though.
-
@murgero I’ve been meaning to do the same.
Should be doable with something like HAProxy, but I wanted to use some better auth mechanism, so I’ve been working on this: https://git.iamthefij.com/iamthefij/dockamole
The server is essentially just an ssh server that is configured to disallow running commands and only allow port forwarding. The client can be run anywhere and it exposes the ports for you.
I’m planning to run a server on my Cloudron to forward LDAP and Graphite (hopefully), and then I can deploy a client on my other VPS. I also plan to do the same with my NAS at home so I can have my VPS access it without exposing http access to my home network.
There are many ways to do this though.
@iamthefij said in What's coming in 4.2:
There are many ways to do this though.
True. I was more thinking of using stunnel for this.
-
I have one SSD and one HDD in my homeserver running Cloudron 4.2.6 - neither are shown in "Graphs"...
-
I've this problem with 4.2.x now that makes the memory graph only show app memory usage from my main domain. Reproducable?
