Solved Cloudron private installation

dkdkdkk

Dear all,

I wanna install cloudron locally, but I am failing horribly.

This means I don't want to excess it directly over the internet. I do have a domain, but I am more the fine with a self signed cert.

I tried the following things:

1. Set up a local DNS server (https://cloudron.io/documentation/networking/)
2. Set up a domain overwrite on my router (https://cloudron.io/documentation/networking/)
3. I followed these instructions

Currently I have no idea anymore on where to start. Some direction would be really helpful.

dkdkdkk

Addition:

Goal:

Cloudron installed on a machine within local network. Without port forwarding or domain. Accepting a self signed cert is good enough right now.

girish

@dkdkdkk A domain is required for Cloudron (even if it's local network). Port forwarding is optional (it's only required if you want your server accessible from outside).

Here's how you do it. The setup is much simpler if you have a programmatic DNS provider (like DO, Cloudflare, Route53 etc). If you don't have this already, I recommend that you setup some subdomain into say DigitalOcean's DNS. For this, you have to setup a DO account and add cloudron.domain.com into DigitalOcean domains. Then setup NS records for cloudron.domain.com to point to Digital Ocean. Please give some 30 mins for NS records to propagate. Once this done:

• Install Cloudron on a VM
• Domain setup
  • Put the domain as cloudron.domain.com and set it up for DO DNS
  • Click on Advanced. Here, choose the Network Interface from the drop down and provide the network interface of the VM/server. Alternately, give it the static IP (give the local IP like 192.168.1.100 or whatever it is).
  • If your main domain domain.com and the subdomain cloudron.domain.com are on different DNS providers, then you have to put the zone name as cloudron.domain.com.
• Finish setup - that's it!

What will happen is:

• Cloudron will get LE certs via DNS. This is why the DO DNS setup was required. Without this, you will need port 80 forwarding for LE and it gets a bit complicated.
• Cloudron will program your DNS with A entries of the local IP. So, my.cloudron.domain.com will actually point to 192.168.1.100. It's not publicly reachable.

Let me know if that works! Or if you have more restrictions in your setup.

girish

Just want to point out that in our experience, it's best to have functional LE certs especially for many of the mobile apps which don't work well with self-signed certs.

dkdkdkk

Many thanks for the response.

Using Amazon Route53 here. I am getting the error: queryNs ESERVFAIL <domain>

There are NS records present and point to Amazon itself

dkdkdkk

I think I got it, Amazon thingy... Let's see if that helps

dkdkdkk

IT WORKS! THANK YOU

girish

@dkdkdkk said in Cloudron private installation:

Many thanks for the response.

Using Amazon Route53 here. I am getting the error: queryNs ESERVFAIL <domain>

There are NS records present and point to Amazon itself

I missed an important step. You have to put the zone name as well in advanced as cloudron.domain.com. I updated the instructions.

dkdkdkk

Cloudron is installed, but I am not there yet. I get a random disconnect or some request takes ages or gets blocked (firefox debug manager).

When I do wget, I get the following:

https://office.<domain>/
Resolving office.<domain> (office.<domain>)... <localIP>
Connecting to office.<domain> (office.<domain>)|<localIP>|:443... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: http://office.<domain>/cloudron [following]
URL transformed to HTTPS due to an HSTS policy
https://office.<domain>/cloudron
Reusing existing connection to office.<domain>:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://office.<domain>/cloudron/ [following]
URL transformed to HTTPS due to an HSTS policy
https://office.<domain>/cloudron/
Reusing existing connection to office.<domain>:443.
HTTP request sent, awaiting response... 200 OK
Length: 2228 (2,2K) [text/html]

The amount of redirects seems strange to me when I start off with a request to the https address directly.

I get the feeling that there is some kind of loop when requesting a page. Ctrl + F5 seems to solve the issue and makes the page load instantly. Some even get blocked according to the firefox debug inspector.

girish

@dkdkdkk Cloudron only supports https and it looks like a lot of time is spent in redirecting from http to https. Do you see the issue if you entry https URL directly in your browser?

dkdkdkk

Absolutely. And the requests which make the system hang are https too

girish

@dkdkdkk This happens with all apps? What app is office.<domain> btw?

dkdkdkk

Yes all apps and the cloudron admin page itself too. When app has it the others do the same at the same time. I did a complete reinstall already. Same problem.

office= onlyoffice document server

girish

Since you said Ctrl+F5 sorts out the issue, I wonder if this is some browser caching issue (from your previous non-cloudron setup). Have you tried another browser or another device? Or maybe clear the browser cache and try.

Depends on how deep you want to go but you can also try curl https://my.domain.com, you will only see relative URLs like https://paste.cloudron.io/juwojaqume.xml , so I am not sure where the redirects are coming from.

dkdkdkk

Cache has already been cleared. Tried on both firefox and opera on ubuntu and on firefox on a iphone. Mobile does not seem to suffer from this issue.

Firefox seems to keep "hanging". Opera starts with the same issue, but recovers after ~7-8 sec and seems to do a hard refresh (which solves the problem).

My feeling is saying that a local IP address from a DNS resolve is kind of "wrong", maybe a browser does not like that. I tried experimenting with hairpinning and that kind of stuff too.

Update:

I installed ubuntu directly on a system and cloudron on top. 16GB, 4 cores and 256gb storage. VM was the first thought, but installed directly to compare the behavior.

I also installed cloudron on a EC2 instance. No problemo....

girish

@dkdkdkk said in Cloudron private installation:

My feeling is saying that a local IP address from a DNS resolve is kind of "wrong", maybe a browser does not like that

Generally, this is not a problem at all. In fact, that's how every intranet works (or even amazon VPC instances have DNS names that map to internal addresses). Browsers should also have no problem because otherwise every corporate which requires you to VPN in first before connecting to intranet won't work.

I say 'generally' because maybe there are some special intranet/local IP ranges with special behavior that I don't know of.

Hairpinning also shouldn't be a problem because we are talking of local addresses here and it should never need to exit the router.

I think your observation that firefox keeps "hanging" is interesting. Can you quickly try host my.domain.com on the CLI ? Does it translate quickly? Do you also have this DNS over HTTP which is supposedly enabled by default in firefox? I am not sure how it influences all this. Just putting some ideas for you to debug

msbt

Just chiming in here, maybe someone has an explanation or solution for my problem. I have a similar setup: local server which is online but shouldn't be reachable from outside the network. The installation of cloudron was no problem, initially used cloudflare for the setup and changed to LAN IPs afterwards. Installing regular apps also works, but I'm looking forward to package a custom app, which requires me to fire up cloudron CLI after building it. But when I try to login via LAN, this happens:

cloudron login my.cloudron.example
Username: m
Password: *****************
2FA Token (if enabled): 
write EPROTO 140479727316736:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:802:

Also tried the suffix with --allow-selfsigned but no dice, anyone an idea what that's all about? All certs are there and the browser connection works fine.

Could a temporary port forward/DMZ be the solution?

girish

@msbt There was a similar issue recently - https://forum.cloudron.io/topic/3123/handshake-faliure-when-trying-to-login-through-cli . Can you check node version and reply there?

msbt

ah my bad, didn't search for the error on the forums, let me try and report back asap, thanks!

msbt

@girish stellar service as usual, of course it was the old node version, login works as expected now!