Skip to main content

Security

Firewall#

The integrated Firewall in CloudPanel is based on UFW, also known as Uncomplicated Firewall.
Developed to ease iptables firewall configuration, ufw provides a user-friendly way to create an IPv4 or IPv6 host-based firewall.

CloudPanel is being shipped with pre-configured rules to achieve higher security.

Recommendation

For higher security, whitelist the SSH Port (22) for your IPs only. The CloudPanel Port (8443) should only be whitelisted if you have a static ip.

Pre-Configured UFW rules

Adding a Rule#

  1. To add a new Rule, click on the button Add Rule.

  2. Select the Type, enter the Port Range, Source, and Description (optional) and click on Add Rule to apply the firewall rule.

Add Rule

Editing a Rule#

  1. Click on the Rule you want to edit.
Edit Rule
  1. Edit the Firewall Rule and click on the button Save.
Edit Rule Form

Deleting a Rule#

  1. Select the Rule you want to remove and click on Delete.
Delete Rule

Basic Auth#

If you don't have a static ip to close port 8443, a Basic Auth in front of CloudPanel is recommended to restrict the access.

Enable Basic Auth#

Via Web Interface#

  1. To enable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.

  2. Enter a User Name and Password and click on Save to enable basic auth.

Enable Basic Auth

Via Command Line (CLI)#

To enable Basic Auth via the command line, log in via SSH and execute the following command as the root user.

clpctl cloudpanel:enable:basic-auth --userName='john.doe' --password='password123'

Disable Basic Auth#

Via Web Interface#

To disable Basic Auth, click in the left menu on Security and then on the tab Basic Auth.

Disable Basic Auth

Via Command Line (CLI)#

To disable Basic Auth via the command line, log in via SSH and execute the following command as the root user.

clpctl cloudpanel:disable:basic-auth