Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Cloudron health checks and firewall rules - IP and port info

    Support
    firewall privacy
    3
    5
    33
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      imouthesmp last edited by girish

      Sorry if this has been asked, I did search but was unable to find anything related.
      Do we have the ip cidr range for cloudron health checks. I want to filter incoming requests by ip range. Since I am guessing cloudron connects to the instances to do health checks and update, do you have a ip cidr range and ports that will allow these cloudron specific requests?
      Are there any other requests besides health checks that we should be aware of?
      Thanks

      1 Reply Last reply Reply Quote 0
      • nebulon
        nebulon Staff last edited by

        If you refer to the healtchecks run against apps, this is only happening on the local private docker network on your server. That would be locally on 172.18.0.* From the apps perspective the healthcheck would come in from 172.18.0.1

        If you talk about some healthcheck for the whole Cloudron itself, then there is none. We do have an api server at api.cloudron.io which does subscription handling and maintains the app catalogue, however that only is accessed by your Cloudron server not the other way.

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff last edited by

          @imouthesmp I am guessing you are asking at the same server level. As @nebulon said, we don't check on Cloudron server health anymore. We used to ~1 year ago but checks failed in a variety of setups anyway, so we stopped it. I see that our docs still say we do, I will fix it.

          Cloudron only calls out to api.cloudron.io which currently has the IP 52.7.53.124 (though, ideally, you should not depend on this IP. we are looking to move out of AWS, in fact, when we find the time and that IP will change).

          In essence, there should be no incoming calls to your server. Of course, apps might use webhooks, git ports, ssh ports etc, so you have to aware of that.

          1 Reply Last reply Reply Quote 1
          • girish
            girish Staff last edited by girish

            OK, we have a couple of lines in the docs.

            The line below is removed since it's not polled anymore and neither do we notify the user since we cannot poll reliably.

            * Cloudron UG periodically polls the `https://my.<domain>` to check if the server is still 
            around. We do this as a precautionary measure to remind users about their subscription.
            

            There is another line:

            * Cloudron does not collect any user or app information and this is not our business model.
             We collect information regarding the configured backend types. This helps us focus on 
            improving backends based on their use. You can review the specific code
             [here](https://git.cloudron.io/cloudron/box/blob/master/src/appstore.js#L147).
            

            The part about collecting information about backend types is also not true anymore. It's long gone. I have simplified the line to say:

            * Cloudron does not collect any user or app information and this is not our business model. 
            As such, there are no incoming requests made to your server from cloudron.io. Cloudron only 
            makes requests to api.cloudron.io for packaging related information and that code can be 
            reviewed [here](https://git.cloudron.io/cloudron/box/blob/master/src/appstore.js).
            
            1 Reply Last reply Reply Quote 2
            • girish
              girish Staff last edited by

              Deployed at https://cloudron.io/documentation/security/#privacy-control

              1 Reply Last reply Reply Quote 2
              • First post
                Last post