LAN install? then move to cloudflared tunnel access?
-
Hi everyone, I am a relative newby, I am currently running cloudron from a low-powered Kamatera VPS server just fine, but allocating it much VPS resources (CPU and RAM) is expensive, and so I want to bring it back home onto a dedicated hardware server running on a spare laptop at home and run it on my LAN so I can give it more resources, as I have a nice spare laptop available to use, and plenty of bandwidth. My cloudron is essentially part of our families process of de-googling our lives and moving to more FOSS services, regaining control of our data.
I live in a remote location in Australia, so I am using starlink for internet access (great up/down speeds and latency), which means I am behind CGNAT unfortunately and have no fixed routable IP address until they maybe implement IPV6 so I am finding it hard to get this dedicated hardware cloudron setup...
I have read plenty of articles about using services such as NGROK, or reverse tunnels on another vps with its own static IP, or using cloudflare tunnels, and a bunch of other third-party services to allow me to get to my cloudron from behind CGNAT. So I'd like to use cloudflare tunnels as its free, and I already use cloudflare for my domain names, but really unsure of the workflow to get this setup and running during the install process.
My first attempt installing cloudron locally on this laptop (without having an IP that is routable) resulted in me choosing cloudflare as my DNS Provider for my domain, giving it the cloudflare global API Key, then I assume cloudflare DNS records were set to point to my public shared IP address from CGNAT IP lookup, which was never going to resolve... Needless to say the cloudron DNS setup ( at https://localhost/setupdns.html) failed and navigating to localhost to finish setting up cloudron became impossible/unavailable with error message. I have read the docs & the forum looking for a basic howto for running cloudron on the LAN without having DNS entries for every app and not sure what I am missing - is this even possible?
SO I reinstalled ubuntu, cloudron and am ready to try again...
I figured in terms of priorities I should get it running so it is accessible from the browser on the cloudron install first (https://localhost), then available over the LAN (https://192.168.1.34), then available via a cloudflare tunnel using a regular domain name with subdomains eventually.
If I can get that working I have been looking into accessing it for our family using MESHNET from NORDVPN as a way to let the whole family use it, however I would really prefer to arrange external access to it using a cloudflare tunnel via cloudflare using my domain name.
I have set up a new ubuntu on this laptop, installed clouron on it, and I am at the stage where i want to set up cloudron for LAN-ONLY access using localhost (https://localhost) only or via its LAN IP Address( https://192.168.1.34).
If anyone on this forum has any suggestions as to how to proceed I'd love to hear them, would be grateful, has anyone tried to access cloudron or cloudron apps from cloudflare tunnel lately? I have seen a fair few tutorials on how to use cloudflared tunnel for this purpose in other forums and people are having success... The part I am struggling with is what to do at setup when I get to the form at https://localhost/setupdns.html so I don't just brick my install again...
Thanks, -
@Mad_Mattho I haven't played with cloudflared. But how does the DNS look like for a normal cloudflared setup? Let's say , I have
blog.example.com. What DNS entry does this have? -
@girish Well yeah so I got the cloudron running via cloudflare tunnel, I send all the arriving traffic from teh tunnel to the required subdomiain for each service by specifying a new public hostname inside the tunnel and routing it to teh appropriate subdomain. Cloudflare's public hostname is set to be the Lan IP and PORT that cloudflare is available on. It all works. The trick was to set cloudflares certificates to flexible, then in the tunnel critical to turn on TLSNOVerify. The installing each cloudron app I have to use DNS setting for the domain as DNS Provider "No-op" to get through the install, using custom wildcard certificate. The after installing an app I switch back to DNS Provider "manual" . So far I got cryptpad and openoffice working fine using my domain as normal so pretty happy with that as I am behind starlink CGNAT which sux otherwise. The my.domain.com control panel all works normally as well. As far as I can tell I am good to go, but was a bit tricky to get set up.
As I am a beekeeper not a techy person I struggled to get through this, but have no doubt that Cloudflre tunnel will be good for me... Could it be incorporated into teh Automatic DNS scripting with an API key like the rest of the automatic DNS services are? -
-
-
@Mad_Mattho said in LAN install? then move to cloudflared tunnel access?:
As I am a beekeeper not a techy person
I don't believe you for a second that you are not technical
That's some reall technical setup you have here... -
@Mad_Mattho So the way I understand it, because This tunnel is initiated from my server to cloudflare, I don't have any need to open very many ports on the server, and because I am using a CNAME record to point my DNS to the tunnel ID (no publicly routable IP addresses involved anywhere) it will make no difference where in the world this machine is, or what IP address it gets its internet from, as long as it has internet and can open the tunnel to cloudflare it should just be automatically online, and with the bare minimum amount of ports open, is that correct? Sounds good.
