A server snapshot is useful to recover quickly. But a backup is quite separate : Backups are generally separate from your server provider. If you lose access to AWS (maybe they think you are a bad actor or a billing failure makes them kill everything, this happened to me), then backups are a way for you to recover. Snapshots are almost always in the same server provider. Backups are portable . You can't take a EBS snapshot and put it in Digitalocean On Cloudron, backups are per app. So, you can restore each app individually unlike a server snapshot which will roll back everything. Backups help in upgrading things. For example, you can upgrade/migrate database using backup of old version into new version. So, they have different use cases. Both are useful. Use both when possible.

I got everything working now by skipping some updates, finding a problematic one and debugging it a bit. I'm leaving a message I was going to send mid debugging before I managed to get it working just in case anyone else comes across the same issue. I got it working by skipping versions until I got to one that wouldn't apply. It was v4.41.0. It would run but the database migration would never connect to MySQL. This happened even after I got to the version just before and tried to apply it a few times. While I was debugging I found that the MySQL connection wouldn't work from the Terminal. Then I put the app into recovery to debug further. It MySQL worked in the Terminal there, so I turned off recovery mode and it booted just fine! Not sure what the root issue was though. Unusual that I was able to reproduce it but then it kind of resolved itself. Maybe switching to or from recovery resets some value causing an issue. I'm not sure. Original message: So, this is now pretty specific to Ghost. I've made it up to v4.40.2 just fine, but when I apply the next version v4.41.0, Ghost fails to start. The log shows Jul 11 14:39:18 ==> Start ghost Jul 11 14:39:18 ==> Clear potential migration lock Jul 11 14:39:18 mysql: [Warning] Using a password on the command line interface can be insecure. Jul 11 14:39:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:39:30 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:39:40 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:39:50 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:40:00 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:40:10 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:40:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:40:30 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:40:40 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:40:50 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:41:00 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:41:10 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:41:20 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:41:30 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:41:32 json: updated "/app/data/config.production.json" in-place Jul 11 14:41:32 json: updated "/app/data/config.production.json" in-place Jul 11 14:41:32 json: updated "/app/data/config.production.json" in-place Jul 11 14:41:32 ===> Copy frotend/public folder for asset generation Jul 11 14:41:32 ==> Loading /app/data/env for potential overrides Jul 11 14:41:32 ==> Ensure permissions Jul 11 14:41:32 ==> Migrating database Jul 11 14:41:40 => Healtheck error: Error: connect ECONNREFUSED 172.18.17.238:2368 Jul 11 14:41:44 [2023-07-11 21:41:44] ERROR Invalid database host. Jul 11 14:41:44 Jul 11 14:41:44 Invalid database host. Jul 11 14:41:44 Jul 11 14:41:44 "Please double check your database config." Jul 11 14:41:44 Jul 11 14:41:44 Error ID: Jul 11 14:41:44 500 Jul 11 14:41:44 Jul 11 14:41:44 Error Code: Jul 11 14:41:44 DATABASE_CREATION_FAILED Jul 11 14:41:44 Jul 11 14:41:44 ---------------------------------------- Jul 11 14:41:44 Jul 11 14:41:44 Error: connect ETIMEDOUT Jul 11 14:41:44 at /home/cloudron/ghost/versions/5.41.0/node_modules/knex-migrator/lib/database.js:134:19 Jul 11 14:41:44 at /home/cloudron/ghost/versions/5.41.0/node_modules/knex-migrator/lib/database.js:50:23 Jul 11 14:41:44 at Connection._handleTimeoutError (/home/cloudron/ghost/versions/5.41.0/node_modules/knex-migrator/node_modules/mysql2/lib/connection.js:202:17) Jul 11 14:41:44 at listOnTimeout (node:internal/timers:564:17) Jul 11 14:41:44 at process.processTimers (node:internal/timers:507:7) The diff for this version bump is here: https://git.cloudron.io/cloudron/ghost-app/-/commit/93e180df6ad9216f8f04480b9b60212816f86c28 I've tried restoring my backup to v4.40.2 and re-applying multiple times but it continues to fail. It also fails if I use the CLI to skip this version and jump to the latest.

No, nothing there. It might have gotten deleted when I cleared the message from the email queue days ago. I don't care about the file as much as knowing from which app did that message originate from. It's probably from the WP app, but I'd like a sure way to tell. I'm guessing there are no tools to trace it back to the app. Oh well.

Thanks for the report. This is fixed with https://git.cloudron.io/cloudron/box/-/commit/3a5d570e3c558e95b2110dfb529bd9f928bbaf35

@girish

Hi @girish! Thanks. I’ll check, but I guess This is working well so far .. #!/bin/bash   # n8n auto backup process   # clean up to get all changes   rm -r /app/data/n8n-backup/workflows/ rm -r /app/data/n8n-backup/credentials/ # change directory   cd /app/code # start export process npx n8n export:workflow --backup --output /app/data/n8n-backup/workflows/ npx n8n export:credentials --backup --output /app/data/n8n-backup/credentials/ # save credentials encrypted   # npx n8n export:credentials --decrypted --backup --output /app/data/n8n-backup/credentials/ # save credentials decrypted   # Use gosu: gosu cloudron:cloudron cmd --param   # git add files, commit and push gosu cloudron:cloudron git -C /app/data/n8n-backup/ add . gosu cloudron:cloudron git -C /app/data/n8n-backup/ commit -m "Auto backup ($(date +'%Y-%m-%d'))" gosu cloudron:cloudron git -C /app/data/n8n-backup/ push # set ownership back to cloudron (fix)   chown -R cloudron:cloudron /app/data/n8n-backup/

perfect, thanks

Alright, I've got another update and seemed to have reworked things so this is fixed. I've removed all of the old rules and created a new one under WAF Rules using the following: (http.host eq "https://my.cloudron.tld" and ip.src eq 127.0.0.1 and http.request.uri.path contains "/filemanager/") or (http.request.uri.path contains "/api/v1/apps") Then take action: Skip Log matching requests: turned on WAF components to skip: All managed rules More components to skip: Managed rules (previous versions) Note: Edit the items in bold to reflect your Cloudron Domain and your IP Address.

I also had an issue with a backup in place but not reflected on the backups list.

I seem to have screwed it up royally, so I will wipe and reinstall Thank you @girish and @fbartels for assistance.

@girish said in Abuse report received: I found very similar reports in other server forums interesting, thank you also not sure what to make of it !

@nottheend said in Backups aren’t being removed in Cloudron during Cleanup, maybe a bug.: I already wanted to recover an app to a non existing version, but I was scared to break sth^^ You can always create a new install of app and test it out first. See import UI - https://docs.cloudron.io/backups/#import-app-backup

That status page now also takes app with OpenID integration into account. On the subject of OIDC, there are several that could be flagged as supporting SSO with little or no extra effort: So, the flag in the status page indicates not if the app could be integrated, but if the Cloudron package takes care of the integration automatically. Hopefully since we have OpenID support now, as you mention, we can add more to that list soon

Thanks for your replay. This is the third alternative. However, this is linked to a few cons: Skillgap regarding IPv6 I am using unifi hardware which has a pretty basic IPv6 implementation

@girish said in Issue with the API to change MemoryLimit: --data-raw '{"memoryLimit":973078528} Thanks! this bit helped.

Solved! Just for the sake of someone else stumbling into the same issue : Backup SSHFS mount with hetzner storage box should always be mounted pointing to the exact sub folder where backup will be stored, so the path would be /home/yourfolder and the URL to the server should not contain any path. Now, if you use the same storage volume mounted a second time, as a volume to be added to specific apps then the URL is always ID.your-storagebox.de and the path field is simply / no need to specify any folder. The issue here is that I had it to mount the URL of the storage box ID.your-storagebox.de/home + / in the path and that was the origin of the mess, the odd part is that it did mount and the volume was usable via the filemanager just fine, it's just that the hdparam.sh script would freak out due to this confusion in the path. Anyway, solved !

@robi Yes, I was expecting something like that.

Thank you, @3246 @nebulon - Probably I will reduce it to two per day and see how it goes. @3246 - I didn't know about B2's rate limit.

@philkunz We use the term snapshot and backup interchangeably in the docs. They are one and the same. I guess snapshot is something you initiate as a user whereas backup is something the system (automatically) initiates. Ultimately, they are both capturing the state of the app and uploading to configured backup location. To answer the questions: yes, backup policy applies to snapshots correct, snapshots (which you click manually) is just in addition to backups (which are taken automatically). there is nothing special about snapshots, we don't differentiate them from the automatic backups. We take snapshots/backups at the per app level. This way you can roll back a single app independent of others. To see the backups/snapshots of an app, you go to Backup section of the app. There is also a system backup (in the Backups view). A system backup is the one which you configure the schedule policy for (we don't have per app backup schedule). The system backup is essentially taking the backup of each app + backup of mail server + backup of the platform (like user information, domains etc) . It "groups" all these separate backups together and this is what is shown in the Backups view. In that sense, the Backups view is showing the "full backups". With the full backups, you can restore/migrate Cloudron to another server (so, it will be exactly the same as the current server with all the apps/domains/data/users).

@fbartels said in Backups and users: Cloudron treats user names as unique Yes, we used to uuid and then went and changed all the apps to use username so that migration from one Cloudron to another (or anywhere else) is easier. As long as the username exists on the other cloudron, user should be able to login.