@james Thanks, but I think the original post is also a spam link. Forbes is one giant affiliate website, doing many of the same things as spammers. It's what's known as a parasite. I'd delete this whole post, as it offers no value to anyone here that's focused on self-hosting and open-source.

There are probably no answers here since it is a very uncommon setup. Why put in so much effort to pipe mails via another mail service into Cloudron . At that point, isn't it just easier to accept using the other service for mail entirely ?

Yes, forward proxying does not exist on Cloudron . I think forward proxying is handled by services these days and they are quite expensive since they provide special IPs for scraping.

Hello @sebastienserre Thanks for that. Fixing it right away.

@girish said in App proxy questions and proxy/authentication possible improvement suggestions: But from Cloudron's POV, there is authentication and authorization But basically having the option to block access to any hosted app by putting auth in front of it (presumably thorugh the web server) could have various good use cases.

Hello @3246 With the cloudron cli you can run e.g: cloudron exec --app $APP -- fallocate -l 4M /app/data/4M See cloudron exec --help: Usage: cloudron exec [options] [cmd...] Exec a command in an application Options: -t,--tty Allocate tty --app <id/location> App id or location -h, --help display help for command Examples: $ cloudron exec --app myapp # run an interactive shell $ cloudron exec --app myapp ls # run command $ cloudron exec --app myapp -- ls -l # use -- to indicate end of options Was not sure if possible via the API but since I can debug the cloudron cli and see what it do I figured something out. Send the to /api/v1/apps/$APPID/exec # Command is an array `ls -lah /app/data` would become for each space ["ls", "-lah", "/app/data/"] curl "https://my.$DOMAIN.$TLD/api/v1/apps/$APPID/exec" \ -H 'Authorization: Bearer $APITOKEN' \ -H 'content-type: application/json' \ --data-raw '["ls", "-lah", "/app/data/"]' # this returns and id { "id": "a90bcfcec1d29f7a595638ea66c8ac0bb53b594047ac74fc80bf97f75fed0c19" } But getting the output of the executed command is. . . tricky. Just look at the source code for the cli for this part: const searchParams = new URLSearchParams({ rows: stdout.rows || 24, columns: stdout.columns || 80, access_token: token, tty }); const req = https.request({ hostname: adminFqdn, path: `/api/v1/apps/${app.id}/exec/${execId}/start?${searchParams.toString()}`, method: 'GET', headers: { 'Connection': 'Upgrade', 'Upgrade': 'tcp' }, rejectUnauthorized }, function handler(res) { if (res.statusCode === 403) exit('Unauthorized.'); // only admin or only owner (for docker addon) exit('Could not upgrade connection to tcp. http status:', res.statusCode); }); req.on('upgrade', function (resThatShouldNotBeUsed, socket /*, upgradeHead*/) { // do not use res here! it's all socket from here on socket.on('error', exit); socket.setNoDelay(true); socket.setKeepAlive(true); if (tty) { stdin.setRawMode(true); stdin.pipe(socket, { end: false }); // the remote will close the connection socket.pipe(stdout); // in tty mode, stdout/stderr is merged socket.on('end', exitWithCode); // server closed the socket } else { // create stdin process on demand if (typeof stdin === 'function') stdin = stdin(); stdin.on('data', function (d) { var buf = Buffer.alloc(4); buf.writeUInt32BE(d.length, 0 /* offset */); socket.write(buf); socket.write(d); }); stdin.on('end', function () { var buf = Buffer.alloc(4); buf.writeUInt32BE(0, 0 /* offset */); socket.write(buf); }); stdout.on('close', exitWithCode); // this is only emitted when stdout is a file and not the terminal demuxStream(socket, stdout, process.stderr); // can get separate streams in non-tty mode socket.on('end', function () { // server closed the socket if (typeof stdin.end === 'function') stdin.end(); // required for this process to 'exit' cleanly. do not call exit() because writes may not have finished . the type check is required for when stdin: 'ignore' in execSync, not sure why if (stdout !== process.stdout) stdout.end(); // for push stream socket.end(); // process._getActiveHandles(); process._getActiveRequests(); if (stdout === process.stdout) setImmediate(exitWithCode); // otherwise, we rely on the 'close' event above }); } }); req.on('error', exit); // could not make a request req.end(); // this makes the request From a little debugging I got the API path: /api/v1/apps/$APPID/exec/$EXECID/start?rows=21&columns=257&tty=false But when CURL'ing this: curl "https://my.$DOMAIN.TLD/api/v1/apps/$APPID/exec/$EXECID/start?rows=21&columns=257&tty=false" \ -H "Authorization: Bearer $APITOKEN" \ -H 'content-type: application/json' { "status": "Not Found", "message": "exec requires TCP upgrade" } And I am not sure how to "TCP upgrade" the curl request. I will ask the team.

I use Cloudns for DNS - they’re good

@JOduMonT said in Ubuntu Pro & Cloudron: Cloudron lose control on the update ? Totally, completely, assuredly, obviously. Why pay for this "pro" service when Cloudron already manages the server? Cloudron IS the thing managing the server, and by that, also Ubuntu. Choose one. [image: 1761996317898-17937c13-0f69-494f-bb00-086de7b14899-image.png]

We use https://github.com/panva/node-oidc-provider internally and that is supposed to support PKCE. Not sure yet how to use it to test what this needs. Until that is working, the options are a keycloak instance or a small backend which gives the SPA some kind of session while handling the oidc login bits.

@jdaviescoates cheers! Well yes, basically people get a managed Cloudron with proper onboarding, the difference is the selection of preinstalled apps (or none for the Cloudron package), the distinction is mostly for marketing purposes.

Good on them for this initiative. Despite web browser now being fundamental functionality, the offerings from all the others are frankly pretty poor, bloated dinosaurs. Look forward to their first usable release

Thanks guys

An automatically created badge from Cloudron's perspective: App Verification and Registry After the app is reviewed and approved, Cloudron adds it to its verified apps registry, which includes metadata like app ID, name, version, and verified status. Badge Graphic Creation Cloudron prepares a badge image (SVG or PNG) showing "Packaged by Cloudron" or a similar verified label. This badge image is hosted on Cloudron's servers or CDN. Generate Standardized Markdown Snippet Cloudron creates a standardized Markdown snippet that developers can embed into their README or website. The snippet typically looks like this: [](https://cloudron.example.com/apps/appid) Here, the image URL links to the dynamically generated badge image, and the anchor URL links to the app's Cloudron info page. Probably this can be done here, taking comentario as an random example: https://www.cloudron.io/store/app.comentario.cloudronapp.html Badge Hosting and Dynamic Updates The badge image URL is managed by Cloudron, allowing automatic updates if badge styles, wording, or verification states change. All instances where the badge is embedded will reflect updates immediately. Developer/User Integration Cloudron provides the app developer or user with this snippet along with clear instructions to paste it into their GitHub README or other documentation. Automatic Badge Rendering When README files or web pages load, the badge image is fetched from Cloudron's servers and displayed in place, confirming official packaging and build trust visually. This automated generation and hosting process allows Cloudron to centrally manage trust badges and makes it very easy for app maintainers to add a professional verification mark to their repos without manual image management or styling.

Ha! Yes, and no. Let me explain: The one plugin to use, which is entirely free(!), is Litespeed caching for WordPress. It works regardless of you running OLS too, bar the direct tie-in to the caching service. With that and Cloudflare caching, I get to nearly 100% on pagespeed.web.dev, even for crappy sites with terrible themes. With OLS as a stack, I can probably get a lot more websites onto the same server without impacting on performance. Probably around 40% more according to some research I did. Interestingly, plain WordPress, with its stock themes and without Redis and Cloudflare get's nearly 100% on pagespeed.web.dev. At least in my testing, it suggests that the quality of the theme and plugins in use play a critical role. If only customers paid attention to that and spent money wisely with decent web devs instead of buying dodgy themes and plugins ;D What's your experience? Why do you want OLS?

On DigitalOcean, hostname is automatically set to the name of the Droplet.

My experience with Cloudron has been wonderful, the Cloudron forum community is also fantastic, and I always find help there.

@3246 I spotted you just upvoted my post above where I asked. I said in How to setup Hetzner Storage Box using SSHFS: People who are backing up to a Hetzner Storage Box using SSHFS - how did you get it set-up? Thanks! Here is what worked for me: https://forum.cloudron.io/post/96271 Once I worked out how to create the new key pairs it was all relatively straightforward.

@scooke I believe we do have a nostr custom package available for install via CCAI. Check the forum

@james Fortunately, I took care of this issue almost right after installing Ubuntu, but thanks a lot for sharing another interesting approach.