Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Ability to modify server name used for SFTP access to avoid use of Cloudron's my.<domain>.<tld>

    Feature Requests
    sftp
    4
    11
    50
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • d19dotca
      d19dotca last edited by girish

      I noticed recently as I am looking to setup an FTP server for a client (using the Surfer app if I can) that in the Access Control tab, the server name they'd have to connect to is the my.<domain>.<tld>, which is personally something I don't really want clients seeing (which was also why I had requested the mail server being accessible from another subdomain which works now in the recent versions).

      I'd like to request that there be a way to change the server they access to the domain of the client. So something like sftp.example.com instead of my.cloudron.com (for example). Even if it was still mandated to be something like sftp as the subdomain if it makes it easier to code, it'd at least remove the weird-sounding my subdomain which makes no logical sense to other users.

      There may be a technical reason that it's not done that way, not too sure, but wanted to at least request it if that was possible. I assume there can be redirects created for the SFTP functionality if implemented, right?

      marcusquinn 1 Reply Last reply Reply Quote 2
      • marcusquinn
        marcusquinn @d19dotca last edited by

        @d19dotca wondering if a DNS CNAME record would do the trick? I guess I could try but having a manic Monday 😵

        1 Reply Last reply Reply Quote 2
        • girish
          girish Staff last edited by

          Good idea. It's actually quite simple to do because SFTP does not require certs. It's on top of SSH. You can just put a A record to the server and it should work.

          So, essentially, setting SFTP server name simply sets up DNS record and also changes the display of SFTP server name in various places.

          marcusquinn 1 Reply Last reply Reply Quote 3
          • marcusquinn
            marcusquinn @girish last edited by

            @girish I get my A Record and my CNAME mixed up often but as I understand they are the same thing, with A pointing to an IP and CNAME pointing to an A record pointing to an IP? So, CNAME wouldn't need changing if the server was later moved to another IP?

            As I say, not tested this as having a crazy day but would be interested to know the results, and actually, seems a good enough idea to make it a core platform thing to standardise subdomain usage and make documentation match for a little clarity. I'm a fan of self-explanatory naming wherever possible.

            girish 1 Reply Last reply Reply Quote 2
            • girish
              girish Staff @marcusquinn last edited by

              @marcusquinn I think you have it right about the DNS records. From a user point of view (i.e someone who manually has to setup DNS records), CNAME will work better. Since when you move the server, you don't have to adjust the DNS. From automation point of view, they are similar but for Cloudron A is better simply because that's the only DNS record we have automated and have code for 🙂 In Cloudron case, since it's all automated, the user won't notice a difference even when moving across servers.

              1 Reply Last reply Reply Quote 2
              • d19dotca
                d19dotca last edited by

                CNAME might work - I can try that, good suggestion - a little unsure that'll work for me as I don't have any wildcard certs (they're per hostname) which would then throw a mismatch, however if you're saying SFTP doesn't require certs then I suppose that may be a moot point and should work. I'll try this later today.

                1 Reply Last reply Reply Quote 1
                • d19dotca
                  d19dotca last edited by

                  I had a moment to test it out so just tried and yes the CNAME workaround seems to work well. 🙂

                  Thank you, guys! Didn't expect that to work because of SSL but didn't realize they didn't really require certs on those connections. Yet somehow it's still the more secure connection type, haha. I think I'm going to have to do a little learning on that one later.

                  I think it'd still be nice to be able to configure the SFTP server name from within Cloudron, but this CNAME workaround will do the trick for now. Thanks again. 🙂

                  mehdi 1 Reply Last reply Reply Quote 2
                  • d19dotca
                    d19dotca last edited by

                    Actually I just ran some more tests and found out that a CNAME record isn't even needed. Since my DNS records for the domains I manage are wildcard (i.e. no A records for individual services, but is just the * and @ DNS records to the IP address), it seems I can actually throw in anything I want. So I tested for example whatever.<domain>.ca and still put in the username and password and it was accepted by the SFTP server.

                    This is interesting as I expected it'd only respond to my.<domain>.<tld> but I suppose that isn't the correct understanding because if it were a CNAME record all it'd be doing anyways is looking up the associated A record and hitting the IP.

                    I think this works because the lack of certs needed for the handshake. This is strange to me though... am I understanding the above correctly?

                    marcusquinn 1 Reply Last reply Reply Quote 3
                    • marcusquinn
                      marcusquinn @d19dotca last edited by

                      @d19dotca yeah, and just to confuse matters, sftp and ftps aren't the same thing 😂

                      1 Reply Last reply Reply Quote 2
                      • mehdi
                        mehdi App Dev @d19dotca last edited by

                        @d19dotca said in Ability to modify server name used for SFTP access to avoid use of Cloudron's my.<domain>.<tld>:

                        Yet somehow it's still the more secure connection type, haha

                        Its security is based on the hash that it asks you to check the first time you connect to a new server. You now, the prompt that everybody confirms without even reading ^^

                        d19dotca 1 Reply Last reply Reply Quote 3
                        • d19dotca
                          d19dotca @mehdi last edited by

                          @mehdi said in Ability to modify server name used for SFTP access to avoid use of Cloudron's my.<domain>.<tld>:

                          the prompt that everybody confirms without even reading

                          haha, so true. Yeah I got a pop-up that was like "This is a new key" or something and just accepted it. Basically the same kind of message that happens with SSH. I just have certificate-based SSH though where it needs my key to even connect (i.e. you couldn't connect to my server over SSH without it), so I was surprised I didn't need that on my SFTP connection, thought I'd maybe need something similar. But I guess this makes sense then the more I think about it. Just caught me off guard. haha.

                          1 Reply Last reply Reply Quote 1
                          • First post
                            Last post