Never mind, my misunderstanding. I was able to use the wordpress-plugin "webfinger" on my main domain and just put in the my.<domain>-issuer-URL into the response, works fine!

Discourse has OIDC by now. NodeBB has no "supported" plugin, this has to be opened upstream.

They are inexpensive but also professional. Changes to the name servers are implemented in seconds. I have had negative experiences with Netcup, for example, where changes took hours. You can also create multiple domain contacts and assign domains to your customers.

@ekevu123 good input. Something for us to keep in mind for future planning. I didn't mean to rule the feature out completely, just that it's quite a different kind of feature than what we are doing now. I definitely see the potential.

@marcusquinn yes, thanks for reporting. I deleted that account.

@dsp76 I have not, no. So, you think (user installed) WordPress plugins are generating some internal traffic?

@nebulon I have zero doubt about Cloudron and privacy / tracking at this stage. This is more "the other end" that I am doubtful of (Browser / OS).

And so I cannot speak for Webcatalog in details since I have not extensively tested it. However regarding the browser, this is simply due to its native config as far as I can tell (LibreWolf - "A custom version of Firefox, focused on privacy, security and freedom").

But more generally, with the toggle, I am also thinking giving the user the freedom to chose to have a different mode between Cloudron and other app/website.
Let say for example that you have an ubercool background which marries fantastically well with Cloudron's dark mode but want to keep your browser in light mode.

Yet again - and I can only speak for myself here - in the list of wishes and things I am looking forward to see released in Cloudron, a dark mode toggle is very near the bottom.

@nebulon Excellent - This looks great!

I think for us, the notes for users would also be most relevant.
To cater to a diverse range of users with various skills and IT literacy levels, one cannot provide enough easily accessible info and so having a place where one can keep a short reminder of what a given app is all about and how to access it more in details would be very valuable.

@nebulon Sure - let's say for example that you have different apps for different department/teams in your company and a user can be part of multiple teams/departments.

So for example:
One group/category of apps is common to all users.
One group/category of apps cater to teachers only
One group/category of apps cater to students and teachers.

A applicable scenario in our organization would be for example:
One group/category of apps (NodeBB; WikiJS etc..) common to all users
One group/category of apps (Invoice Ninja, Kimai etc..) for users in the Accounting department
One group/category of apps (tools such as Vaultwarden, Cal.com, LanguageTool etc..) for users with specific related needs.

Does this make sense?
It is simply an arbitrary personalisation, not at the individual level, but at the company/provider level.

Let me know if it doesn't or does not seem intelligible.

Many thanks,

Good catch, it wasn't advertised from the provider. Fixed with https://git.cloudron.io/cloudron/box/-/commit/76c4002a040d1e5dd262c23441688e90242e28dc

@rosano interesting. I guess this is a way to beat CNAME cloaking for analytics. This is indeed not the purpose of the App Proxy (i.e it's not meant to proxy external sites).

@mrhyk93 well actually, I did get openID connect to work with cloudflare access to cloudron.
the only caviot is that it can only except 35 characters for the secret.
they also except Google authentication, Facebook, and GitHub.
however, when using duo, that is, for cloudflareaccess, only supported for SAML.
while duo has generic OIDC, AD or SAML needs to be configured, and if i'm correct, cloudron, by itself, does not hold AD, just things like lDAP, with no actual AD.

Sure, in fact I would like to have some web services only available to users/processes from a specific network (eg. home or office ip address), but not anybody else.

In my case I have some kind of intranet webserver running on server B. Cloudron does the App Proxy to give access to it. I cannot use any authentication because there are some processes in the local network running that are not able to do authentication. So I would like to just whitelist them by IP Address.

Currently our OpenID provider does not issue any refresh_tokens yet. All clients created without the refresh_token grant type.

For the moment it is only useful as an identity provider as such. But we will extend it further based on requirements. Will look into this for the coming releases.

@Lanhild said in Postgresql multiple databases support:

I'm not sure to understand?

What I meant is maybe the manifest can use "postgreSQL": { "prefixCount": 10 } and it creates 10 databases or something like that.

Also, multiple databases could benefit to the use of the addon as a "standalone" app - that could act as a simple PostgreSQL cluster.

I think it will be nice to create PostgreSQL as an app and with a small frontend to add/remove databases and maybe manage roles. Maybe this app can not use existing addon. Of course, this app has to be developed!

Just to add, what I ended up doing was just using Surfer and creating an index.html file with this:

<!DOCTYPE html> <html> <head> <title>United Diversity - Together We Have Everything</title> <meta http-equiv = "refresh" content = "0; url = https://my.uniteddiversity.coop/" /> </head> <body> <p>Will redirect shortly to https://my.uniteddiversity.coop/</p> </body> </html>

I use groups a lot and this sounds like a very useful feature to have.

By default every agent can dispaly a dashboard for itself. You can however stream your metrics to a parent node and deactivate the web interface in the children nodes.
This is the way I'm using it at the moment, my parent node is on Cloudron and all my children stream their metrics to it. The auth is done with an API key ( doc here )
I'm not sure actually how my metrics are reaching netdata behind the ProxyAuth. Maybe they stream as UDP and the proxy is only for TCP?