@girish Awesome, thank you! I'll fork the changes and have some items as drafts and will submit a PR when I get them updated.

@jdaviescoates yes, that's my understanding. setting it all to 50% means you are not giving any app any "preference".

Of course, right after requesting this feature, the first post I browse to is this: https://forum.cloudron.io/topic/10517/oidc-migration

Girish pointed out some technical pro's of using OIDC.

@girish said in OIDC migration:

What's the reason to get locked into LDAP auth ? At the platform level, we have decided to move all apps to OIDC whenever available. OIDC is more secure and does not expose raw password to apps. We can also implement much more security schemes with OIDC.

@necrevistonnezr maybe if it's a simple enough app, you can package it along with the Surfer app which can provide the basic auth w/ a nice config interface.

Until then, you can acquire the precompiled binaries and upload them to the apps that need them.

Is it possible to improve / add the IP block list feature to Cloudron in 8.0?

@imc67 the rewrite hasn't happened 😞 I think this will only happen over xmas and new year vacation when support is low.

@LoudLemur the wording makes sense as-is without the need to clutter the ui. Updates is the logical place to look in if you’re looking for version info. Imagine how cluttered that side menu would look on mobile! Less is better.

Well if you look into the web inspector, you could just utilize the rest APIs just like the dashboard itself does. "New Apps" here is just defined as first published within last n days.

But the initial feature request was about a way to find new apps, which is what the menu item is about if I understood this correctly?

Topic was merged, unfortunately I merged it reversed, so the new topic is now on top of this.

Expanding this, perhaps showing the overall size in the System Backups view too so we can kind of watch it go up and down to raise some red flags at a glance if we see the size suddenly jump unexpectedly? Maybe not needed, but just another idea. Doesn't even need to be a dedicated column but maybe just an icon that will then show more meta data about the backup.

@girish I think it can just be manual, same as the URL apps.

Good suggestion. For future reference:

The current zen spamhaus check only covers SBL, SBLCSS, XBL and PBL blocklists. To query DBL, one can do host domain.com.dbl.spamhaus.org 127.0.0.1 on cloudron . Would be good to get this automated like the zen check

@girish said in Optional 2FA for proxy auth?:

@jdaviescoates proxyAuth will move to OIDC based login very soon. Once that is done, hopefully you don't have to deal with this much (because it will automatically login for other apps).

Ah yes, I figured that might soon be the case. Excellent, I think that'll basically solve it 🙂

@girish said in Optional 2FA for proxy auth?:

On a general note, it's not possible to disable 2FA since this will be a security hole which bypasses 2FA 🙂 As in, one can keep trying username/password combinations without a 2FA now and know if it's valid or not.

Figured there'd be a good reason not to do it 🙂

@jdaviescoates right, unless it's a wildcard DNS for minio.ex.org you'll need to add buckets subs and see what minio does with it.

Check logs.

thank you very much @girish, I'm also eager to test it…