This appears to be S3 compliant, so I guess the generic S3 backend in Cloudron already would work?

@plusone-nick said in Select resources on app creation:

Its nice that every app has its on min requirements set but it would be helpful to be able to select any additional resources upon creation, mainly memory/RAM

Yeah, I'd like this too, mostly because in my experience apps often need more RAM than the minimum. Personally I'd like to just go for double the stated the minimum as a rule of thumb and it'd be nicer if I could set that during app install.

Yunohost, for one, does allow an admin to see ALL the possible apps available for installation, BUT they categorize these apps by reliability and stability. 682f4dc1-c041-426a-b147-8313a8c275c1-image.png

Could the same idea/process be adapted for a Superadmin to "categorize" Cloudron App Store apps, making only certain ones visible to the next level Admin. Come to think of it, a Reseller account on MXRoute allows the Superadmin to do exactly this - create a Package, name it, define it's parameters, and allow the Customer the option to choose from the prepared Packages. The Customer never really knows if you've overbooked the VPS or not, or if "better or stronger" options could be available - they only see what the SuperAdmin has packaged as choices.

So, the SuperAdmin would need a way to create a Package, and then assign specific App Store apps to each Package.

In fact, a similar process must already be in use for Cloudron, because only those apps that are "ready" are in the App Store (and even then some are labelled as Unstable)! So, can that be tweaked to let a SuperAdmin make visible only those apps being offered?

I'm babbling on now. Time for bed.

EDIT: I guess the same ability to tweak (using APIs?) could also make the SuperAdmin visible or not in the Admin's Dashboard User list; or hide it from the users in the User List.

Where is this slated release wise?

@girish said in Hiding superadmin to deliver 'managed' cloudron to clients.:

@micmc said in Hiding superadmin to deliver 'managed' cloudron to clients.:

And I guess, that is what would or should happen if we choose to hide the owner. I haven't thought really about this one but yeah, well thought and that should the be case also indeed, the superuser would not be seen in apps as well.

We had this idea of creating a "service account" - https://git.cloudron.io/cloudron/box/-/issues/771 (which is scheduled for 7.3). I think this will get you this feature.

This is how we see how great minds encounter! 😛

Also, there's the discussion about the "email admin" role to which your issue above refers too as well, which several of us have followed as well, which have popped several ideas and views as well and has brought to the creation of such feature.

@briankb-0 NodeBB FTforumW. 👍

@girish Yes there is. .ipfs is not a "normal" TLD. It's for websites which are on IPFS, which is an alternate decentralized protocol. Kinda like .onion domains for serving websites on tor.

However, i don't really know how cloudron could support it, as I believe it does not use standard http/s at all, so regular apps would not work.

@nebulon said in Enable LDAP and Cloudron SSO After App is Installed:

Essentially there is no technical reason why the LDAP/SSO feature

There's many variation in app support:

What happens to existing users? I think it will be hard for us to write user migration docs for each app (because I have often seen one has to straight up edit the database).

Many apps do not support multiple auth providers. So, if you switch to LDAP or viceversa, you cannot login with your previous users anymore (to migrate data).

@nebulon woohoo! Thank you

@salazarsja did you move everything or just the mail dirs?

I still really want to be able to filter apps by LDAP support 🙂

@girish
Did anything come of this...?

@fbartels I hear ya, not the main use case, but the subsetting feature with starting a new DB from previous prod data is the killer feature here.

@jdaviescoates that's a great circle find! well done 😄

It could be a nice sidecar type container that box runs for all it's notifications which makes cloudron that much better by default..

+1 for the feature.
Would be very, very helpful for us to have as well!

@3246 yes, kind of like a torrent file where you can select priority per file/dir and which ones to skip.

not sure a pause is needed, but more like a pre-start selection.

I'm sure @staff can enumerate mail and other core services as required items but with flexible priority/order.

Not only that, but while we're pondering that manual selection process with manual clicks, the essential bits can already be restored and ready for the next prioritized components.

How much of this will change with Multi-Cloudron?

@d19dotca I'm excited by the potential for https://ntfy.sh.
Maybe a cloudron official instance which sets up channels for all customers, so cloudron-generated notifications can be delivered to a customer.
Or maybe there's a better way. I just think ntfy.sh is so easy to implement into scripts.

Yes, this is high on our list. Just finishing up the backup async rewrite! Almost there with 7.2.

@tamayers yes this should be nice to set scan just only for where is write and read file. Not docker configure.

This will be part of 7.2.1

@girish I think it'd be good for admins to have control over that setting (I don't think it's configurable is it?), that is after-all the original intention of the OP, to have a GUI to set email autoexpunge configs. But for me personally, I'd like to do something similar on Trash folder.

@girish Definitely think the first option is the way to go, can have different versions, plugins, etc. and not have any negative impact on addons infrastructure which works great and I would hate to make that harder to maintain.

@andres-moya Can your app use LDAP?

This is now implemented and will be part of the next release.

@girish to give you a few more ideas, this is how FlyWheel implemented their backups add-on with both restic and rclone.

https://github.com/getflywheel/local-addon-backups

I think you'll find it helpful.

@girish Yes, that's a better way of saying it, haha. I wasn't really articulating myself as well as I normally do today. 👼 But yes, essentially making mail server aliases would be fantastic and allow for a better user experience especially for our own downstream customers.

@Mastadamus said in Please include ability to serve HTTP unencrypted over port 80 for network traffic inspection purposes:

You can decrypt if you are using Diffie Helman. As far as I can determine currently the cloudron only accepts ECDH algorithms

Indeed, it cannot be decoded because PFS is a property of ECDH. See also Right, I guess this is because of PFS - https://serverfault.com/questions/869354/decoding-ssl-packets-with-cipher-tls-ecdhe-rsa-in-wireshark

I think having a way to support reverse proxies in front of cloudron would help the situation. It seems many people are hitting this limitation when they deploy at home.

@d19dotca
that is also because Nginx uses FPM and not FastCGI(Apache in some cases can use FPM) for PHP, which give already a good boost.

NextCloud and WP could take good advantage of it, and Nginx could help solve the issue of the main image being too "fatty" 😉

It's easy to use Nginx in a multi-layer image.