Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.

Testing from home without NAT port forwarding capability?

  • Hey, yall.

    So I'm trying to run cloudron on a Raspberry Pi (tracking progress in this thread, and I've now run into a different problem:

    My current ISP blocks port forwarding for ports below 1024, so I can't really run cloudron from inside my home, I guess. 😞 I can configure my router, the requests just doesn't come when they're for low-numbered ports.

    Is there any way you guys think I might be able to run it, even if only for testing purposes, without the ability to forward low ports?


  • @malvim What comes to mind for me is a reverse proxy - maybe you could get a cheap VPS and run nginx as a reverse proxy (or maybe Caddy). You can probably do it with AWS CloudFront as well

    (Edit: I had suggested Cloudflare but when I double checked, I realised you can't set a port in their free products)

  • App Dev

    In addition to a reverse-proxy, it would need some trickery on the Cloudron side itself (or on the router), in order to expose locally some other ports than 443 and 80

  • @mehdi I was thinking of nginx as the reverse proxy talking to the high ports. I have something similar in play for my docker containers at home with traefik: A request comes in for (on 443) and it gets served from a docker container at 172.x.y.z:40000 or some high port number like that

  • Staff

    @malvim You only require port forwarding if you plan to access the cloudron+pi over the internet. If you just want to access it in your LAN, this should already work as follows: In the DNS setup, choose whichever DNS provider. But go to Advanced and select the IP to be the eth0 (or equivalent interface) IP. This will setup Cloudron to use the local IP. If you choose programmatic DNS providers (cloudflare, route53, DO etc), you will even get valid certs. If you use manual or wildcard, just make sure the DNS resolves to your internal IP and choose the certificate provider in Advanced section as self-signed.

    If you want to access it from outside, the best bet is to create a VPN tunnel for now. Run a VPN on some device on port 5000 or something. Then connect to this VPN device and then in turn to access the PI.

  • @jamesgallagher and @mehdi yeah, I think some trickery on the cloudron side would be needed as well. Cloudron manages DNS records, ssl certificates, nginx virtual hosts and stuff like that. I don't think I could have an out-of-box reverse proxy, talking to cloudron's nginx listening on a higher-numbered port, and have it all "just work", with app store and such, right?

    I suppose I could just run a bunch of docker containers an nginx myself if I needed to do that, but I'd love to be able to use cloudron...

    @girish, I guess I'll go with the local-only thing for now just to keep going with the rpi thing, but I'd really love to host public apps from home (I'm from Brazil, hosting is expensive, and with our currency being pretty much the worse-perfoming in the world lately, a few dollars a month is starting to amount to a lot and getting more and more expensive...). I think I'll talk to my ISP and see what I can do, or consider changing ISP's, or whatever. Thanks for chiming in, I'll keep on working on the raspberry py thing!

  • @girish Hey, did just that, and I'm having trouble resolving names AFTER setting them. Cloudron is able to set dns records on aws just fine, but then the check to see if the records are created never gets done. Checked the logs and it's server timeouts. Tried running an nslookup query, to no avail as well.

    Kinda weird, seems like the same problem I had on the hosting provider, with unbound, maybe? When I try to sudo, it also says sudo: unable to resolve host ubuntu: Resource temporarily unavailable, but it gets me to root anyway.

    I'm a bit beyond my skills here, though, if anyone would like to chime in, I'd appreciate it.