Cloudron private installation
-
Dear all,
I wanna install cloudron locally, but I am failing horribly.
This means I don't want to excess it directly over the internet. I do have a domain, but I am more the fine with a self signed cert.
I tried the following things:
- Set up a local DNS server (https://cloudron.io/documentation/networking/)
- Set up a domain overwrite on my router (https://cloudron.io/documentation/networking/)
- I followed these instructions
Currently I have no idea anymore on where to start. Some direction would be really helpful.
-
@dkdkdkk A domain is required for Cloudron (even if it's local network). Port forwarding is optional (it's only required if you want your server accessible from outside).
Here's how you do it. The setup is much simpler if you have a programmatic DNS provider (like DO, Cloudflare, Route53 etc). If you don't have this already, I recommend that you setup some subdomain into say DigitalOcean's DNS. For this, you have to setup a DO account and add
cloudron.domain.cominto DigitalOcean domains. Then setup NS records forcloudron.domain.comto point to Digital Ocean. Please give some 30 mins for NS records to propagate. Once this done:- Install Cloudron on a VM
- Domain setup
- Put the domain as
cloudron.domain.comand set it up for DO DNS - Click on
Advanced. Here, choose theNetwork Interfacefrom the drop down and provide the network interface of the VM/server. Alternately, give it the static IP (give the local IP like 192.168.1.100 or whatever it is). - If your main domain
domain.comand the subdomaincloudron.domain.comare on different DNS providers, then you have to put the zone name ascloudron.domain.com.
- Put the domain as
- Finish setup - that's it!
What will happen is:
- Cloudron will get LE certs via DNS. This is why the DO DNS setup was required. Without this, you will need port 80 forwarding for LE and it gets a bit complicated.
- Cloudron will program your DNS with A entries of the local IP. So,
my.cloudron.domain.comwill actually point to 192.168.1.100. It's not publicly reachable.
Let me know if that works! Or if you have more restrictions in your setup.
-
-
@dkdkdkk said in Cloudron private installation:
Many thanks for the response.
Using Amazon Route53 here. I am getting the error: queryNs ESERVFAIL <domain>
There are NS records present and point to Amazon itself
I missed an important step. You have to put the zone name as well in advanced as
cloudron.domain.com. I updated the instructions. -
Cloudron is installed, but I am not there yet. I get a random disconnect or some request takes ages or gets blocked (firefox debug manager).
When I do wget, I get the following:
https://office.<domain>/
Resolving office.<domain> (office.<domain>)... <localIP>
Connecting to office.<domain> (office.<domain>)|<localIP>|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://office.<domain>/cloudron [following]
URL transformed to HTTPS due to an HSTS policy
https://office.<domain>/cloudron
Reusing existing connection to office.<domain>:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://office.<domain>/cloudron/ [following]
URL transformed to HTTPS due to an HSTS policy
https://office.<domain>/cloudron/
Reusing existing connection to office.<domain>:443.
HTTP request sent, awaiting response... 200 OK
Length: 2228 (2,2K) [text/html]The amount of redirects seems strange to me when I start off with a request to the https address directly.
I get the feeling that there is some kind of loop when requesting a page. Ctrl + F5 seems to solve the issue and makes the page load instantly. Some even get blocked according to the firefox debug inspector.
-
Since you said Ctrl+F5 sorts out the issue, I wonder if this is some browser caching issue (from your previous non-cloudron setup). Have you tried another browser or another device? Or maybe clear the browser cache and try.
Depends on how deep you want to go but you can also try
curl https://my.domain.com, you will only see relative URLs like https://paste.cloudron.io/juwojaqume.xml , so I am not sure where the redirects are coming from. -
Cache has already been cleared. Tried on both firefox and opera on ubuntu and on firefox on a iphone. Mobile does not seem to suffer from this issue.
Firefox seems to keep "hanging". Opera starts with the same issue, but recovers after ~7-8 sec and seems to do a hard refresh (which solves the problem).
My feeling is saying that a local IP address from a DNS resolve is kind of "wrong", maybe a browser does not like that. I tried experimenting with hairpinning and that kind of stuff too.
Update:
I installed ubuntu directly on a system and cloudron on top. 16GB, 4 cores and 256gb storage. VM was the first thought, but installed directly to compare the behavior.
I also installed cloudron on a EC2 instance. No problemo....
-
@dkdkdkk said in Cloudron private installation:
My feeling is saying that a local IP address from a DNS resolve is kind of "wrong", maybe a browser does not like that
Generally, this is not a problem at all. In fact, that's how every intranet works (or even amazon VPC instances have DNS names that map to internal addresses). Browsers should also have no problem because otherwise every corporate which requires you to VPN in first before connecting to intranet won't work.
I say 'generally' because maybe there are some special intranet/local IP ranges with special behavior that I don't know of.
Hairpinning also shouldn't be a problem because we are talking of local addresses here and it should never need to exit the router.
I think your observation that firefox keeps "hanging" is interesting. Can you quickly try
host my.domain.comon the CLI ? Does it translate quickly? Do you also have this DNS over HTTP which is supposedly enabled by default in firefox? I am not sure how it influences all this. Just putting some ideas for you to debug
-
Just chiming in here, maybe someone has an explanation or solution for my problem. I have a similar setup: local server which is online but shouldn't be reachable from outside the network. The installation of cloudron was no problem, initially used cloudflare for the setup and changed to LAN IPs afterwards. Installing regular apps also works, but I'm looking forward to package a custom app, which requires me to fire up cloudron CLI after building it. But when I try to login via LAN, this happens:
cloudron login my.cloudron.example Username: m Password: ***************** 2FA Token (if enabled): write EPROTO 140479727316736:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:802:Also tried the suffix with
--allow-selfsignedbut no dice, anyone an idea what that's all about? All certs are there and the browser connection works fine.Could a temporary port forward/DMZ be the solution?
