Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Ability to modify server name used for SFTP access to avoid use of Cloudron's my.<domain>.<tld>

Scheduled Pinned Locked Moved Feature Requests
sftp
11 Posts 4 Posters 539 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    wrote on last edited by girish
    #1

    I noticed recently as I am looking to setup an FTP server for a client (using the Surfer app if I can) that in the Access Control tab, the server name they'd have to connect to is the my.<domain>.<tld>, which is personally something I don't really want clients seeing (which was also why I had requested the mail server being accessible from another subdomain which works now in the recent versions).

    I'd like to request that there be a way to change the server they access to the domain of the client. So something like sftp.example.com instead of my.cloudron.com (for example). Even if it was still mandated to be something like sftp as the subdomain if it makes it easier to code, it'd at least remove the weird-sounding my subdomain which makes no logical sense to other users.

    There may be a technical reason that it's not done that way, not too sure, but wanted to at least request it if that was possible. I assume there can be redirects created for the SFTP functionality if implemented, right?

    --
    Dustin Dauncey
    www.d19.ca

    marcusquinnM 1 Reply Last reply
    2
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to d19dotca on last edited by
    #2

    @d19dotca wondering if a DNS CNAME record would do the trick? I guess I could try but having a manic Monday 😵

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #3

    Good idea. It's actually quite simple to do because SFTP does not require certs. It's on top of SSH. You can just put a A record to the server and it should work.

    So, essentially, setting SFTP server name simply sets up DNS record and also changes the display of SFTP server name in various places.

    marcusquinnM 1 Reply Last reply
    3
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to girish on last edited by
    #4

    @girish I get my A Record and my CNAME mixed up often but as I understand they are the same thing, with A pointing to an IP and CNAME pointing to an A record pointing to an IP? So, CNAME wouldn't need changing if the server was later moved to another IP?

    As I say, not tested this as having a crazy day but would be interested to know the results, and actually, seems a good enough idea to make it a core platform thing to standardise subdomain usage and make documentation match for a little clarity. I'm a fan of self-explanatory naming wherever possible.

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    girishG 1 Reply Last reply
    2
  • girishG Offline
    girishG Offline
    girish Staff
    replied to marcusquinn on last edited by
    #5

    @marcusquinn I think you have it right about the DNS records. From a user point of view (i.e someone who manually has to setup DNS records), CNAME will work better. Since when you move the server, you don't have to adjust the DNS. From automation point of view, they are similar but for Cloudron A is better simply because that's the only DNS record we have automated and have code for 🙂 In Cloudron case, since it's all automated, the user won't notice a difference even when moving across servers.

    1 Reply Last reply
    2
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    wrote on last edited by
    #6

    CNAME might work - I can try that, good suggestion - a little unsure that'll work for me as I don't have any wildcard certs (they're per hostname) which would then throw a mismatch, however if you're saying SFTP doesn't require certs then I suppose that may be a moot point and should work. I'll try this later today.

    --
    Dustin Dauncey
    www.d19.ca

    1 Reply Last reply
    1
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    wrote on last edited by
    #7

    I had a moment to test it out so just tried and yes the CNAME workaround seems to work well. 🙂

    Thank you, guys! Didn't expect that to work because of SSL but didn't realize they didn't really require certs on those connections. Yet somehow it's still the more secure connection type, haha. I think I'm going to have to do a little learning on that one later.

    I think it'd still be nice to be able to configure the SFTP server name from within Cloudron, but this CNAME workaround will do the trick for now. Thanks again. 🙂

    --
    Dustin Dauncey
    www.d19.ca

    mehdiM 1 Reply Last reply
    2
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    wrote on last edited by
    #8

    Actually I just ran some more tests and found out that a CNAME record isn't even needed. Since my DNS records for the domains I manage are wildcard (i.e. no A records for individual services, but is just the * and @ DNS records to the IP address), it seems I can actually throw in anything I want. So I tested for example whatever.<domain>.ca and still put in the username and password and it was accepted by the SFTP server.

    This is interesting as I expected it'd only respond to my.<domain>.<tld> but I suppose that isn't the correct understanding because if it were a CNAME record all it'd be doing anyways is looking up the associated A record and hitting the IP.

    I think this works because the lack of certs needed for the handshake. This is strange to me though... am I understanding the above correctly?

    --
    Dustin Dauncey
    www.d19.ca

    marcusquinnM 1 Reply Last reply
    3
  • marcusquinnM Offline
    marcusquinnM Offline
    marcusquinn
    replied to d19dotca on last edited by
    #9

    @d19dotca yeah, and just to confuse matters, sftp and ftps aren't the same thing 😂

    We're not here for a long time - but we are here for a good time :)
    Jersey/UK
    Work & Ecommerce Advice: https://brandlight.org
    Personal & Software Tips: https://marcusquinn.com

    1 Reply Last reply
    2
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to d19dotca on last edited by
    #10

    @d19dotca said in Ability to modify server name used for SFTP access to avoid use of Cloudron's my.<domain>.<tld>:

    Yet somehow it's still the more secure connection type, haha

    Its security is based on the hash that it asks you to check the first time you connect to a new server. You now, the prompt that everybody confirms without even reading ^^

    d19dotcaD 1 Reply Last reply
    3
  • d19dotcaD Offline
    d19dotcaD Offline
    d19dotca
    replied to mehdi on last edited by
    #11

    @mehdi said in Ability to modify server name used for SFTP access to avoid use of Cloudron's my.<domain>.<tld>:

    the prompt that everybody confirms without even reading

    haha, so true. Yeah I got a pop-up that was like "This is a new key" or something and just accepted it. Basically the same kind of message that happens with SSH. I just have certificate-based SSH though where it needs my key to even connect (i.e. you couldn't connect to my server over SSH without it), so I was surprised I didn't need that on my SFTP connection, thought I'd maybe need something similar. But I guess this makes sense then the more I think about it. Just caught me off guard. haha.

    --
    Dustin Dauncey
    www.d19.ca

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.