Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

LDAP port (security considerations)

Scheduled Pinned Locked Moved Discuss
10 Posts 4 Posters 86 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #1

    In a way I understood from the hints I've got, when I expose my LDAP to the outside, you are not spawning a separate process, but instead re-route 3004 port to the web service - ldapjs - https://github.com/ldapjs/node-ldapjs/

    I'm wondering if I can limit access to the port 3004 to a specific IP address? Or, even better, I would love to see limited access to some specific URLs - so that I could block access to 'ldapjs' only to my internal servers, as well as access to /well-known/' or other web services.

    It feels like a relatively easy thing to do at nginx side, unless I'm wrong or missing something?

    1 Reply Last reply
    1
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    I guess you refer to https://docs.cloudron.io/user-management/#directory-server which is by default set up to only allow connections from the specified IPs/IP-ranges

    1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by
    #3

    Yes, I'm. It seems I forgot that I made that setting with my own hand.

    Is it possible to set this up for other services and web apps, including dashboard?

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to potemkin_ai on last edited by
    #4

    @potemkin_ai said in LDAP port (security considerations):

    Is it possible to set this up for other services and web apps, including dashboard?

    It's easier to discuss if you can give us concrete use cases (of what you are trying to achieve). Generally, anything is possible 🙂 but the way we go about Cloudron development itself is to be a solution and not a generic server management panel where a sysadmin can achieve all sorts of setups.

    potemkin_aiP 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    wrote on last edited by
    #5

    Couldn't find a good link but we do batteries included - https://en.wikipedia.org/wiki/Batteries_Included .

    1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to girish on last edited by
    #6

    @girish thanks! I would like to be able to close some web apps to be only accessible from specific IP set.

    For example, Jitsi to be used by those who logged in via VPN.

    Does it make sense?

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to potemkin_ai on last edited by
    #7

    @potemkin_ai Ah ok. The VPN use case requires a lot more platform integration and cannot be achieved just using some iptable rules. That feature is planned for 7.6 - https://forum.cloudron.io/topic/9180/what-s-coming-in-7-5/2 .

    potemkin_aiP 1 Reply Last reply
    1
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to girish on last edited by
    #8

    @girish agh, I meant some security gate that closes Cloudron from the outside and all of the traffic is coming from there - so I do know the IP address of all of the clients, as it's my security gate, and I want to make sure none from the outside world would reach specific app.

    Does it makes sense?

    Speaking about Cloudron build-in VPN integration - do you already have some plans how Wireguard integration & managent would looks like?

    imc67I 1 Reply Last reply
    1
  • imc67I Online
    imc67I Online
    imc67 translator
    replied to potemkin_ai on last edited by
    #9

    @potemkin_ai IP block/allow on app level including Geo-block/allow might be a solution? I use Cloudflare for some (sub)domains for this but love to have it inside Cloudron!

    potemkin_aiP 1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to imc67 on last edited by
    #10

    @imc67 geo-block feels like a more feature-rich solution, that might be of help, but not exactly my cup of tea.

    I would guess, that Cloudflare doesn't prevent anyone from accessing your web service directly (should they figure out the IP address, for example, via e-mail you've sent)?

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.