Cloudron and Apps Behind a Proxy
-
well, spoke almost too soon - now that I've got that up and running, I thought that I could force https, but Let's Encrypt doesn't like that because it needs to hit HTTP at a well known endpoint. So, am going to continue to tinker to see if I can pass both http and https
-
@doodlemania2 Cloudron does not require http for certs if you use the programmatic DNS backends (since it obtains certs by putting entries in DNS and not using http callbacks).
-
-
G girish referenced this topic on
-
@doodlemania2 did you make any progress here?
My Use-Case:
I love CR for my own business and recommended it to one of my clients aswell. We want to operate it in their own infrastructure so in some private networks that are not fully exposed to the internet ans also I cant route 80/443 soley to CR since they are also operating other Web-Services which are not available in CR.What I am trying to achieve
Get cloudron to run on a private network behind a NginxProxyManager in parallel to other web-services.
SSL handling can be left to CR and Nginx should behave like a proxy server but only for sub-domains that are in conjunction with CR-Services. Ideally the forwarding rules would automatically get updated throughWhat I tried so far
Pretty much what you and others also tried. Setup is:
Internet => NignxProxyManager => Cloudron as VM on a lager ESXi in Parallel to other WebservicesDid you make any progress there or gave up eventually?
-
@Jan-Macenka I did! Here's my setup:
- Set up a wildcard cert with nginx proxy manager
- I forward *.domain bound for Cloudron to my cloudron server (in my instance located via a wireguard tunnel)
- I set DNS in Cloudron to NoOp
Easy peasy!
-
@doodlemania2 thank you for the suggestion. I replicated the setup though with no success as of yet. Could you be so kind and check if you did anything different?
Here is what I did:
Created DNS Records pointing to the public IP which will lead to the NPM:
Configure Wildcard certificate in NPM pointing my *.<DOMAIN> to the server within the private network.
Set Cloudron DNS to NoOp:
<for some reason cant paste the screenshot>I notices that there is also a "Wildcard" Option in the CR DNS Settings but choosing this one also yielded no success. Any hint on what you did differently?
-
@Jan-Macenka I would expect that you need to change the destination port to https…:443.
-
@fbartels tried that aswell but with no success so far. I'll keep trying and can post again if I am successfull.
-
@Jan-Macenka that's almost exactly what i did. check your firewalls and make sure you aren't blocking 443 inbound from your CR server on your private IP address?
-
@doodlemania2 somewhat related, does the apps in cloudron report client ip as your nginx proxy manager's ip or their true ip?
-
@alwynispat
X-Forwarded-Forshould be set when forwarding. Does nginx proxy manager support reading the IP from a header? -
@girish said in Cloudron and Apps Behind a Proxy:
X-Forwarded-For
I got it setup like this but doesn't seem to work. Does anyone have better luck?
-
I'll create a new thread on this topic.
