Skip to content

Networking

IPv4

Using the IPv4 configuration settings, you can configure the IPv4 address, Cloudron uses to configure to the DNS A records.

Public IP

When using the Public IP provider, Cloudron will automatically detect the server's public IP address by querying this url.

Network Interface

If the server has multiple IP addresses, you can configure the preferred IP address by specifying the network interface. The interfaces can be listed using ip -f inet -br addr.

Static IPv4

Use this option to provide a static IPv4 address. This IP address can be public or private. Some use cases for using this provider are:

IPv6

Using the IPv6 configuration settings, you can configure the IPv6 address, Cloudron uses to configure to the DNS AAAA records.

Public IPv6

When using the Public IP provider, Cloudron will automatically detect the server's public IPv6 address by querying this url.

Network Interface

If the server has multiple IPv6 interfaces, you can configure the preferred IPv6 address by specifying the network interface. The interfaces can be listed using ip -f inet6 -br addr.

Static IPv6

Use this option to provide a static IPv6 address. It is common for servers to be allocated a /64 IPv6 block. In such situations, you can use this setting to assign a specific address from that block.

Disabled

To disable IPv6 support, choose Disabled in the provider drop down.

Existing AAAA records are not removed

Any existing AAAA records are not automatically removed from the DNS. Please remove them manually.

Private DNS

Cloudron uses the unbound DNS server internally to resolve all DNS queries across all the apps.

If Cloudron is setup inside an internal network, you can customize the unbound configuration to resolve internal hosts.

Adding static hosts

To add some host entries internal to your network, add a file named /etc/unbound/unbound.conf.d/custom.conf:

server:

local-zone: "example.com." static
local-data: "jim.example.com. IN A 1.2.3.4"
local-data: "doug.example.com. IN A 2.3.4.5"

Be sure to restart the unbound service using sudo systemctl restart unbound and check it's status using sudo systemctl status unbound.

Internal DNS server

To forward queries for a specific domain (say cloudron.lan) to an internal DNS server (say 10.0.0.2), add a file named /etc/unbound/unbound.conf.d/custom.conf:

server:
    private-domain: "cloudron.lan"
    domain-insecure: "cloudron.lan"

forward-zone: 
    name: "cloudron.lan"
    forward-addr: 10.0.0.2

To forward all queries to the internal DNS server (say 10.0.0.2), add a file name /etc/unbound/unbound.conf.d/custom.conf:

# this disables DNSSEC
server:
  val-permissive-mode: yes

# forward all queries to the internal DNS
forward-zone:
  name: "."
  forward-addr: 10.0.0.2

If your internal DNS server is not a forwarding server, use the stub-zone: and stub-addr: option instead.

Be sure to restart the unbound service using sudo systemctl restart unbound and check it's status using sudo systemctl status unbound.

Dynamic DNS

Enable this option to keep all your DNS records in sync with a changing IP address. This is useful when Cloudron runs in a network with a frequently changing public IP address like a home connection.

Firewall

Blocklist

Using the blocklist configuration, one or more IP addresses and/or networks can be blocked from connecting to Cloudron. You can download various country based blocklists from www.ipdeny.com: IPv4 and IPv6.

You can also add in comments to the line items as needed, but comments must remain on their own line, something similar to:

# spammy IP
111.111.111.111

Do not lock yourself out

Be careful about what IP addresses you block. If you lock yourself out, you must get Console access to the server, remove the file /home/yellowtent/platformdata/firewall/blocklist.txt and reboot the server.

Whitelist ports

Cloudron does not support installing additional packages or running other services on the server. With that warning out of the way, you can configure the firewall to permit additional (incoming) TCP and UDP ports. For this, edit the the file /home/yellowtent/platformdata/firewall/ports.json (create this file if it does not exist and change the owner to the user yellowtent).

{
    "allowed_tcp_ports": [ 2140, 3540 ],
    "allowed_udp_ports": [ ]
}

Restart the firewall to apply the configuration:

systemctl restart cloudron-firewall