Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Cloudron health checks and firewall rules - IP and port info


  • Sorry if this has been asked, I did search but was unable to find anything related.
    Do we have the ip cidr range for cloudron health checks. I want to filter incoming requests by ip range. Since I am guessing cloudron connects to the instances to do health checks and update, do you have a ip cidr range and ports that will allow these cloudron specific requests?
    Are there any other requests besides health checks that we should be aware of?
    Thanks

  • Staff

    If you refer to the healtchecks run against apps, this is only happening on the local private docker network on your server. That would be locally on 172.18.0.* From the apps perspective the healthcheck would come in from 172.18.0.1

    If you talk about some healthcheck for the whole Cloudron itself, then there is none. We do have an api server at api.cloudron.io which does subscription handling and maintains the app catalogue, however that only is accessed by your Cloudron server not the other way.

  • Staff

    @imouthesmp I am guessing you are asking at the same server level. As @nebulon said, we don't check on Cloudron server health anymore. We used to ~1 year ago but checks failed in a variety of setups anyway, so we stopped it. I see that our docs still say we do, I will fix it.

    Cloudron only calls out to api.cloudron.io which currently has the IP 52.7.53.124 (though, ideally, you should not depend on this IP. we are looking to move out of AWS, in fact, when we find the time and that IP will change).

    In essence, there should be no incoming calls to your server. Of course, apps might use webhooks, git ports, ssh ports etc, so you have to aware of that.

  • Staff

    OK, we have a couple of lines in the docs.

    The line below is removed since it's not polled anymore and neither do we notify the user since we cannot poll reliably.

    * Cloudron UG periodically polls the `https://my.<domain>` to check if the server is still 
    around. We do this as a precautionary measure to remind users about their subscription.
    

    There is another line:

    * Cloudron does not collect any user or app information and this is not our business model.
     We collect information regarding the configured backend types. This helps us focus on 
    improving backends based on their use. You can review the specific code
     [here](https://git.cloudron.io/cloudron/box/blob/master/src/appstore.js#L147).
    

    The part about collecting information about backend types is also not true anymore. It's long gone. I have simplified the line to say:

    * Cloudron does not collect any user or app information and this is not our business model. 
    As such, there are no incoming requests made to your server from cloudron.io. Cloudron only 
    makes requests to api.cloudron.io for packaging related information and that code can be 
    reviewed [here](https://git.cloudron.io/cloudron/box/blob/master/src/appstore.js).
    
  • Staff