LDAP port (security considerations)

Reply to LDAP port (security considerations) on Sun, 30 Jul 2023 20:00:50 GMT

potemkin_ai — Sun, 30 Jul 2023 20:00:50 GMT

@imc67 geo-block feels like a more feature-rich solution, that might be of help, but not exactly my cup of tea.

I would guess, that Cloudflare doesn't prevent anyone from accessing your web service directly (should they figure out the IP address, for example, via e-mail you've sent)?

Reply to LDAP port (security considerations) on Sun, 30 Jul 2023 18:09:06 GMT

imc67 — Sun, 30 Jul 2023 18:09:06 GMT

@potemkin_ai IP block/allow on app level including Geo-block/allow might be a solution? I use Cloudflare for some (sub)domains for this but love to have it inside Cloudron!

Reply to LDAP port (security considerations) on Sun, 30 Jul 2023 17:43:05 GMT

potemkin_ai — Sun, 30 Jul 2023 17:43:05 GMT

@girish agh, I meant some security gate that closes Cloudron from the outside and all of the traffic is coming from there - so I do know the IP address of all of the clients, as it's my security gate, and I want to make sure none from the outside world would reach specific app.

Does it makes sense?

Speaking about Cloudron build-in VPN integration - do you already have some plans how Wireguard integration & managent would looks like?

Reply to LDAP port (security considerations) on Sun, 30 Jul 2023 04:21:26 GMT

girish — Sun, 30 Jul 2023 04:21:26 GMT

@potemkin_ai Ah ok. The VPN use case requires a lot more platform integration and cannot be achieved just using some iptable rules. That feature is planned for 7.6 - https://forum.cloudron.io/topic/9180/what-s-coming-in-7-5/2 .

Reply to LDAP port (security considerations) on Sat, 29 Jul 2023 07:19:21 GMT

potemkin_ai — Sat, 29 Jul 2023 07:19:21 GMT

@girish thanks! I would like to be able to close some web apps to be only accessible from specific IP set.

For example, Jitsi to be used by those who logged in via VPN.

Does it make sense?

Reply to LDAP port (security considerations) on Sat, 29 Jul 2023 02:55:17 GMT

girish — Sat, 29 Jul 2023 02:55:17 GMT

Couldn't find a good link but we do batteries included - https://en.wikipedia.org/wiki/Batteries_Included .

Reply to LDAP port (security considerations) on Sat, 29 Jul 2023 02:52:19 GMT

girish — Sat, 29 Jul 2023 02:52:19 GMT

@potemkin_ai said in LDAP port (security considerations):

Is it possible to set this up for other services and web apps, including dashboard?

It's easier to discuss if you can give us concrete use cases (of what you are trying to achieve). Generally, anything is possible but the way we go about Cloudron development itself is to be a solution and not a generic server management panel where a sysadmin can achieve all sorts of setups.

Reply to LDAP port (security considerations) on Fri, 28 Jul 2023 17:15:18 GMT

potemkin_ai — Fri, 28 Jul 2023 17:15:18 GMT

Yes, I'm. It seems I forgot that I made that setting with my own hand.

Is it possible to set this up for other services and web apps, including dashboard?

Reply to LDAP port (security considerations) on Fri, 28 Jul 2023 17:08:43 GMT

nebulon — Fri, 28 Jul 2023 17:08:43 GMT

I guess you refer to https://docs.cloudron.io/user-management/#directory-server which is by default set up to only allow connections from the specified IPs/IP-ranges