Mikrotik CHR

Overview

A MikroTik CHR on Cloudzy gives you a virtual router and firewall that is ready to run advanced networking from day one. Dedicated EPYC vCPUs, DDR5 RAM, pure NVMe storage, and a 10 Gbps uplink keep control traffic responsive while you build routes, VPNs, and firewall policies. Launch in minutes on Ubuntu Server 24.04, then manage with Winbox or the built-in VNC console from your panel.

Description

Cloud Hosted Router (CHR) is MikroTik RouterOS packaged for virtual machines. It provides the same toolset you expect on hardware, including stateful firewalling, NAT, routing, VLAN and bridge management, tunnels, IPsec and WireGuard, QoS, and user management. On Cloudzy, CHR comes prepped on Ubuntu 24.04 with a clean default, so you decide which services to open and which features to enable.

Access the Web Interface

CHR management on Cloudzy focuses on Winbox and the VNC console for a secure, predictable day-1 experience. The web service (WWW) plus SSH, Telnet, API, and FTP are disabled by default to reduce exposure. Use the steps below to connect and start configuring.

Winbox (recommended)

1. Download Winbox from MikroTik’s site and run it on your computer.

2. Connect to your server’s public IP address on port 8291.

3. Log in with the credentials below.

4. Begin configuring interfaces, firewall, VPNs, bridges, and IP services.

VNC Console (via Cloudzy Panel)

1. Open your instance under Services in the Cloudzy dashboard.

2. Launch the VNC viewer to access the CHR console.

3. Log in with the same credentials to run commands or recover access.

Login Credentials

• Username: admin or root

• Password: your server’s initial password

Important Notes

• Password reset will not work in the panel. The CHR login always uses the initial server password.

• For security, SSH, Telnet, API, WWW, and FTP start disabled.

• Only Winbox (8291) and the VNC console are available for management by default.

Advanced Features

This stack is tuned for stable routing and quick recovery. The hardware profile and panel utilities support busy traffic windows, safe testing, and quick rollbacks.

• Dedicated vCPUs and DDR5 RAM keep control plane tasks smooth under load.

• Pure NVMe storage provides fast logging and config snapshots.

• 10 Gbps network port supports multiple tunneling and peering sessions with headroom.

• Snapshots and instant rollback let you freeze before changes, then revert in seconds if needed.

• Long-term plans for production stability, plus hourly options for short tests or staging.

• A single reboot applies most resizes. No data migration or IP change.

Ease of Use

Manage power, snapshots, backups, and region moves from the Cloudzy panel. Keep the default lockdown for services, then open only what you need inside RouterOS. If you plan to publish WebFig or API later, add rules under IP > Firewall, and test through the VNC console first.

Performance Focus

This section maps to network performance for apps that sit behind your CHR. A fixed IPv4 or IPv6, predictable latency, and stable routes help public sites and APIs avoid rate limits and surprise CAPTCHAs. Fast NVMe I/O keeps logs rotating cleanly, and the 10 Gbps uplink reduces bottlenecks between your router and upstream services, which supports lower TTFB for web backends you front with CHR.

Full Website Control

The heading covers full control of your environment. With root on Ubuntu and admin in RouterOS, you set your own security baseline. Build VLANs, bridges, and address lists; define NAT and filter rules; wire up IPsec or WireGuard; and add BGP or OSPF where needed. KVM isolation, dedicated IPs, and consistent resources keep behavior predictable during upgrades.

Powerful Tools

Everything you need to get operational quickly sits one click away. Keep management tight, automate safe housekeeping, and back up configs to offsite storage.

• Preinstalled MikroTik CHR on Ubuntu 24.04

• Optional hardening and monitoring add-ons, for example Fail2Ban and node_exporter

• Remote backup recipes to S3 or GCS for RouterOS exports and Ubuntu configs

• Cron templates for nightly log pruning and scheduled backups

• Default-off services so only Winbox and VNC are exposed at start

Global Reach

Pick the data center closest to your users to keep round-trip times low. Cloudzy operates with consistent capacity and network quality across regions, all with a 99.95% uptime SLA.

• North America: New York City, Dallas, Miami, Utah, Las Vegas
• Europe: London, Amsterdam, Frankfurt, Zurich
• Asia-Pacific: Singapore

With servers all around the world, pin your CHR to the region that fits your traffic pattern.

Application Details

Version: Not Specified
OS: Ubuntu Server 24.04
Minimum RAM: 1 GB
IP Types: IPv6, IPv4

Deploy MikroTik CHR Now and start routing with a clean, secure default in minutes.

Important: Configuration & Domain Responsibilities

You get full SSH/root access on every OCA. That power also means your changes can break the app. Please read this before tweaking configs.

• You manage the domain. We don’t sell or host domains/DNS. If the app needs a domain, you must point your domain to the server (A/AAAA/CNAME, and MX/TXT if relevant). SSL issuance and many dashboards depend on this being correct.

• Changing the domain/hostname after install isn’t trivial. Many OCAs write the domain into configs (.env, reverse proxy, app URLs). If you change it, also update:
  • Reverse proxy (Nginx/Caddy) and TLS certificates

  • App “external URL”/base URL and callback/webhook URLs

  • Any hard-coded links in the app or add-ons

• Credentials matter. Renaming the default admin, rotating passwords, or changing service ports without updating the app config can lock you out or stop services. Keep credentials safe and in sync across the app, proxy, and any integrations.

• Nameserver changes can cause downtime. Moving your domain to new nameservers or editing NS records triggers propagation delays. Plan changes, lower TTL ahead of time, and verify A/AAAA records before switching.

• Firewall/port edits can break access. If you change SSH, HTTP/HTTPS, RDP, or app ports, update firewalls (UFW/CSF/security groups) and reverse-proxy rules accordingly.

• Email (SMTP) ports are restricted by default. Outbound mail ports (e.g., 25/465/587) may be closed to prevent abuse. If your OCA must send email, request SMTP Access from support or use a transactional email provider (SendGrid/Mailgun/SES) via API or approved SMTP.

• Email & allowlists. If the app sends mail or receives webhooks, changing IPs/hostnames may affect deliverability or allowlists. Update SPF/DKIM/DMARC and any IP allowlists.

• Before any big change: take a snapshot. Use the panel’s snapshot/backup first. If a plugin, update, or config edit backfires, you can roll back in minutes.

• Support scope. We provide the server and the preinstalled OCA image. Ongoing application-level configuration (domains, DNS, app settings, plugins, custom code) is the user’s responsibility.

Quick rule of thumb: if you touch domain, ports, passwords, hostnames, or proxy/SSL configs, expect to update the app’s settings too, and snapshot first.

Login Credentials

Username: admin or root

Password: Your server’s initial password

How to Access

You can manage your CHR in two ways:

1. Winbox (recommended)

• Download Winbox from MikroTik’s official site.
• Connect to your server’s IP address.
• Log in using the credentials above.
• Once connected, you can configure networking, firewall, VPNs, and more.

2. VNC Console (via Panel)

• Use the built-in VNC viewer to access your CHR console.
• Navigate to your instance under Services and click to launch VNC.
• Log in using the credentials above.

Important Notes

• Password reset will not work — your login password is always the initial server password.
• For security reasons, the following services are disabled by default: SSH, Telnet, API, WWW, and FTP.
• Only Winbox (port 8291) and the VNC console are available for management.