Intranet
Prerequisites
This guide covers additional considerations for installing on an intranet. Follow the main Installation guide and refer to this page for intranet specific requirements.
Intranet, as used in this guide, refers to a private network behind a corporate firewall where the server uses private IPs and users connect through a VPN.
IPv4 / IPv6
By default, public IPv4/IPv6 addresses are used for DNS configuration. Intranet setups typically require different settings.
In the Domain Setup UI, click Advanced Settings and choose Network Interface
or the Static IP provider. Configure the VM to maintain this static internal IP address across reboots
(usually in your DHCP server).
DNS provider
When using DNS providers with API support, Let's Encrypt certificates can be obtained using DNS automation.
If not using a DNS provider with API support but your network allows port forwarding, forward port 80 from your router and use the Wildcard or Manual DNS option. Let's Encrypt requires port 80 access to obtain certificates.
If you cannot use a DNS provider with API support or forward ports, select Self-signed certificates in Advanced Settings during installation. Post installation, upload custom certificates from a trusted Certificate Authority.
Do not use self-signed certificates. Most apps use OIDC for authentication and will not work with self-signed certificates. Additionally, mobile apps fail with them and users see persistent browser warning screens.