@girish Great! Thanks again for your help debugging this and adding more configuration. Huge help for larger backups like mine.

@nebulon Yup, at my Dad's in the country so it's pretty slow here anyway but that d/l is continuous.

@greycloud said in VPC networking on digital ocean: I kind of had assumed that they would continue working, if I did nothing. But would they stop working if I enable VPC? My understanding is there is nothing to enable. The existing droplets simply get assigned a pre-built default VPC. Presumably if I setup a new cloudron it would be automatically wrapped in the VPC by default, but there would be no particular advantages. Yes, I think so as well.

@girish said in memcached server and php-memcached: /etc/supervisor/conf.d/memcache.conf Confirm this exists now output of echo "stats settings" | nc localhost 11211 [image: 1598951752829-0d442845-118a-4aab-939e-583e3b383db8-image-resized.png]

@girish said in FTP server not found?: n case you want to keep these for some reason ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key Generating public/private rsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: got the same problem. and thanks for your reply!

I have updated the docs - https://cloudron.io/documentation/custom-apps/addons/#postgresql @b247_eu For the postgres access, we have to build a custom app. Something like https://git.cloudron.io/cloudron/php7.3-postgres-app/ . You can learn how to build/install a custom app here - https://cloudron.io/documentation/custom-apps/tutorial/

ok. I gave mysql more RAM. Since then the backups have been running smoothly.

https://help.nexcess.net/77209-third-party-email-clients/how-to-allow-outlook-to-connect-over-tls-1112 has the registry instructions.

@marcusquinn said in Is there a way to set the LetsEncrypt email separately?: So Superadmin's are Owners then? In that case I have about 20 Indeed! You can downgrade everyone to be an admin. The main difference between superadmin and admin are that superadmins is meant to be the person who has access to the server (and the one who set things up initially). Superadmin also manages the subscription and has acess to mail server logs. Admins don't have access to these two things. Ideally, there is only one superadmin. We wanted to enforce this but migration from previous setups proved to be a bit problematic.

@girish This solved it for me. Thanks!

@terrygogo try static ip from your provider.

I am not an expert on AWS, but aren't AWS instances only CPU+RAM ? I thought the disk does not resize. This is for EC2 instances though. Are you using lightsail by any chance?

@girish & @marcusquinn thanks for the hints! Finally the AWS guide did the trick, it was a 2 step approach (in my case): sudo growpart /dev/sda 3 sudo resize2fs /dev/sda3

hi @girish . great info, thanks. I will try it out.

Hi @girish, I have done a complete reinstallation of the server and now I don't have any issue. I think I've done something wrong while I've completed the restoration informations the first time. Thank's a lot for your support, the subject can be marked as solved.

@nebulon Like I said, I thought it would be an issue for a particular client, but it's not! However, only as long as the config stays as it is; if you ever strengthen it by adding the "includeSubdomains" directive in the HSTS header (as it is advised sometimes in some of the readings I found for better security), you could cut access to subdomains that are not managed by Cloudron and cannot do TLS. The typical fictional scenario, if the config ever changes, would be: www.watering-plants-automatically.cloud is a website from a company that offers to manage clients' gardens; the designer of the website hosts it on its Cloudron instance for the client. The company already has stuff they host on subdomains, and won't relinquish access to the DNS server for security reasons. However www and the root domain both point to the Cloudron server IP, so Let's Encrypt works fine in "Manual" mode in the Domains & Certs tab of the designer's Cloudron; An end-user visits the website, decides to sign up and pay for their new fangled tool, which is hosted at myplants.watering-plants-automatically.cloud. This subdomain points to the IP of the appliance that manages the users' gardens. This is an old, crummy box that won't allow TLS, because it's almost an antic at this point; The user cannot connect to their tool, and throws an HSTS error. It's not an issue yet, but it might be something to think about if you ever consider changing the configuration (let's say, if you decide all domains with a wildcard cert should have includeSubdomains in their HSTS headers). Security-wise, it makes a ton of sense: let's say you type http://www.domain.tld in your browser. The server 302s you to https://www.domain.tld which has the HSTS header and "includeSubdomains" You later type http://mail.domain.tld in your browser: the browser will immediately connect to https instead, avoiding potential MITM attacks. Pretty powerful, but it might be an issue in this particular case where some subdomains shouldn't be covered. I initially thought I read in the docs that the HSTS config was such that all subdomains were included, and I remember that before using Cloudron, for this specific client, I set the header to "includeSubdomains", which promptly disallowed access to many tools I do not host because they didn't support TLS on them, if the user visited the main website before. So yeah, feel free to close that topic, because it's not an issue unless you decide to change the config server-wide

Yes, I think repair would work just fine. I'll give that a shot next time I run into this. The upgrade process makes sense, as you say, working on custom applications is a bit of a special usecase

Ok this is fixed, however requires a new Cloudron release, since the tasks API needs a proper pending state.

@jdaviescoates ok, good

@girish Yes I did, and the problem with the certificates is now fixed. Thank you!