By default, a Cloudron App will be served on all Interfaces.
Therefore, if any Cloudron App is required to be reachable by the public internet, all Cloudron Apps on the host will be reachable by the public internet.
server {
listen 443 ssl http2;
server_name application.cloudron-host.example.com;
listen [::]:443 ssl http2;
}
It would be great if it was possible to assign a dedicated IP address that an application will exclusively listen on.
That way, the application could be hidden from the public internet by restricting access to it on a network firewall.
server {
listen 10.10.10.10:443 ssl http2;
server_name application.cloudron-host.example.com;
listen [fdea:dbee::f]:443 ssl http2;
}
Another way of achieving a similar goal on a single IP address/ all interfaces would be IP access control lists in the reverse proxy:
server {
listen 443 ssl http2;
server_name application.cloudron-host.example.com;
listen [::]:443 ssl http2;
allow 192.168.1.0/24; # Allowed Access
deny all;
}
I know that this is probably a lot more work to implement in the front end, than in these quick examples.
But anyway, these features are probably something that possibly other users would appreciate.