Using your cloudron as a reverse proxy
Written by Admin
Published July 06, 2021

If you’re hosting your Cloudron at home, you may have other applications running on other machines locally you want to create a reverse proxy for. A reverse proxy lets you type in and be directed to your local application, which usually not running a web server on port 80/443. Before a reverse proxy, I can only access the apps I run at home at my home, using their IP. A reverse proxy bridges the gap between the outside world and your internal network, and in our case provides SSL security.

If you’re hosting Cloudron in the cloud, each of your VMs will have it’s own IP address and you probably don’t need a reverse proxy.

Cloudron comes with the popular webserver NGINX installed already. It sets up reverse proxies for Cloudron apps all by itself, but adding more reverse proxies for non-Cloudron apps isn’t explicitly supported – you can still do it, however, with minimal effort.

First, SSH into your Cloudron box. If you haven’t done this before, use Terminal on Mac or press Win+X on windows and select Powershell (Admin) and then paste in:

Add-WindowsCapability -Online -Name OpenSSH.Client~~~~

This installs OpenSSH. SSH is like opening up a remote console on the target server. It’s text only.

After you’ve logged in with the username cloudron and your password, run cd /etc/nginx/applications to change your current directory from the home folder to NGINX.

Now, create a new .conf file with the name of your app (for example, lidarr.conf). Paste the following inside the conf file, editing the three URIs listed:

server {
  location /the-proxy-path-check-your-app-docs-for-this {
  	proxy_pass http://internal.ip:port;
Here’s an example of what I use to have a reverse proxy to my Synology NAS:
server {
  location / {
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

The extra lines there tell NGINX to forward things like Websockets, which Synology needs. With some searching online, you can see if your app needs these lines or not. I reccomend trying without them first, and adding them in if you’re experiencing issues when testing.

Next, we need to install Certbot, which will automatically keep your site secure with HTTPS for free. It’s as easy as:

  1. sudo apt-get install python3-certbot-nginx
  2. sudo certbot –nginx
  3. select the site you just made in your .conf file
  4. enable redirects when asked

That’s it! If you open your .conf again you’ll see a some more information was added to support HTTPS, but you don’t have to do anything. You can have as many entries as you want, but be very careful to ensure you do not edit a Cloudron file or try to take a subdomain Cloudron needs.

 You can backup your files with SCP. I use WinSCP on windows and drag and drop files to a local folder. Cloudron will delete your forwards on a major update, but with SCP you can just drag them right back in. You may need to give yourself permission to the nginx application folder with something like


sudo setfacl -m u:username:rwx /etc/nginx/applications