@james thank you for the clarification and the link! Do I understand correctly, that proxyAuth add-on will respect the Access Control setting of the app and allow access only to the allowed users via their Cloudron authentication? The target app may want the extra auth then but that is fine. Is there a way to add proxyAuth for the existing app? I do understand that documentation says it is impossible, but what if we have quite a big data already in the app that we want to protect and we are not able to just run a fresh install? p.s. Just as a side note, what is the best way to isolate the particular app from the public interface? This will allow us to be able to hide any app without clear reinstall with proxyAuth. This public-interface disabling also would come handy if we wanted the app to only be allowed on the VPC interface (i.e. on our ZeroTier network, but not on the public).

@joseph excellent work. Seems like it was designed for an RPM distro.

Ah yeah, it was the host system. It is 644 for the sftp service container and owned by cloudron. root@my:~# docker exec -ti sftp /bin/bash root@sftp:/app/code# ls -l /etc/ssh/ssh_host_rsa_key -rw-r--r-- 1 cloudron cloudron 1679 Dec 4 01:01 /etc/ssh/ssh_host_rsa_key root@sftp:/app/code# stat -c "%n %a" /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key 644

@archos Did this occur while upgrading from Cloudron 8 into the 9 series?

@FrenchyBear @tecbox and you got the same error message but the issues were totally different. The fix I posted was for S3 (used by @tecbox). In your case, you are using gcs. It's a slightly bigger fix - https://git.cloudron.io/platform/box/-/commit/99c14533a5930a6175630b6c299a577d64f2decb . You can get the raw file from https://git.cloudron.io/platform/box/-/raw/99c14533a5930a6175630b6c299a577d64f2decb/src/storage/gcs.js and replace /home/yellowtent/box/src/storage/gcs.js .

Haven't encountered such timeouts from thunderbird, unless the network is actually flaky. Maybe check if both ipv4 and ipv6 are setup but only one works? Could be that thunderbird (probably relying on the system's network interface selector) sometimes picks one of the two which resolves but does not route.

ohh yes thanks Cloudflare proxying is on. Turned off and all appears again- although I cannot quite work out exactly what is blocking it in cloudflare

@avatar1024 in the previous versions, one could change the backup format between tgz and rsync . We used to track the format of each backup (for restore from old backups to work). in Cloudron 9, you cannot change the backup format of a site once set. instead, you can just create a new backup site if you want another format. The migration code probably detected that you have backups in both formats. So, it would create two sites - one tgz and one rsync. That's what you are seeing .

@james @joseph thanks for your fast replies. I managed it with the hint from joseph and also created a new api token. Works well now. thnx!

ok thanks, below the result after just a few minutes, I'm not a technician but as far as I can see it's mainly mysql which is writing (I sorted Write): [image: 1764682318506-de0b4ce4-096f-4c6b-977b-dcf6574125ea-scherm-afbeelding-2025-12-02-om-14.30.00-resized.png]

@saikarthik I deleted the registry config. mysql -uroot -ppassword -e "DELETE FROM box.settings WHERE name='registry_config'" Then, re-run the migrations: /home/yellowtent/box/setup/start.sh After the upgrade, you can re-setup the registry . But you have to shorten the password length to < 128 chars.

@necrevistonnezr @joseph Ah, got it, thank you for clarifying. For what it's worth, I was following the upgrade guide for Ubuntu 22.04 (https://docs.cloudron.io/guides/upgrade-ubuntu-22/) which indicates that it should be active. Probably a decent number of people will follow the same trail I did: Cloudron updates to 9.x --> Notification about 20.04 EOL --> Follow 22.04 upgrade guide. If none of these folks need to worry about the collectd step, it might be worth adding a note in the 22.04 guide. The 24.04 guide also mentions collectd. While it's fresh in my mind and I'm looking at it, is there any reason I should or shouldn't go ahead and upgrade to 24.04?

@joseph Thank you. That seems to have fixed the problem.

@nostrdev you can pass -p or --port-bindings to cloudron install . It will query it. You can also pass directly using -p NEO4J_BROWSER_PORT=someportnumber,BOLT_BROWSER_PORT=anotherport .

The mysql db was corrupt beyond repair. I reimported from a back up and things are good.

@Teiluj said in 2FA enforcement issue on Cloudron 9.0.13: (major issue) 2FA enforcement does not work. Fixed in https://git.cloudron.io/platform/box/-/commit/76f2c5f9fc7ea673ddbe02e5aed9e691c85cd5c6 Thanks for reporting!

@woolfdrs3 It seems the server is running on OpenVZ which Cloudron doesn't actively support. However, it works after I added this workaround: # cat /etc/systemd/system/docker.service.d/openvz.conf [Service] Environment="DOCKER_IGNORE_BR_NETFILTER_ERROR=1"

@simplo thanks for reporting, fixed now - https://git.cloudron.io/platform/box/-/commit/fda393b5e148340e2dc138f31a5a6443fa8d0ee3

All the apps are back, thanks for your support !