Yes, I can see how that would make sense, however, keeping the subdomains while allowing for the domain.tld to change is I think the best of both worlds. If there needs to be a checkbox at restore to keep or discard subdomains, that would be a bonus.

@girish Yes and maybe if a call for it to pull fields from log-in providers like Google Workspace. I do know there was someone working on a registration page so people can register for accounts on a Cloudron server, but that was 2022 and has been dead since.

@robi I'm sorry to disappoint you, but the HTML files I created are very simple. The fancy stuff happens on the uptime kuma page. If you are still interested, here's the code: <!DOCTYPE html> <html> <head> <title>HTTP 503 - Service unavailable</title> </head> <body> <center> <h1>HTTP 503 - Service unavailable</h1> <p><b>Ooops, sorry. The service you requested is not loading at the moment.<br> Hopefully it's just a restart as part of regular maintenance, so</b></p> <h2>please try again in a few minutes.</h2> <p><b>If you keep getting this error message, please visit our <a href="https://status.42bit.io">status page</a>, which usually has more details about longer outages.</b></p> <p>If you think the 42bit.io / blueplanet.social admin should have a look at this, please reach out to <a href="mailto:admin@42bit.io">admin@42bit.io</p></a> </center> </body> </html> <!DOCTYPE html> <html> <head> <title>HTTP 404 - Not found</title> <meta http-equiv="refresh" content="15; url='https://42bit.io'" /> </head> <body> <center> <h1>HTTP 404 - Not found</h1> <p><b>Sorry, I cannot find what you were looking for.</b></p> <p><b>All I can do is redirect you to my <a href="https://42bit.io">home page</a>, which I will try in a few seconds.</b></p> <p>If you think the 42bit.io / blueplanet.social admin should have a look at this error, please reach out to <a href="mailto:admin@42bit.io">admin@42bit.io</p></a> </center> </body> </html>

I think git link / image registry link is the most flexible. Essentially it could run the code that Cloudron CLI runs anyway.

@girish Trrruuueeee but . . . errr. . . Still would be a cool option for maintenance tasks, so you can announce them.

In the documentation is an example for using Gitlab for auth instead: https://docs.cloudron.io/apps/docker-registry/#without-cloudron-directory But I don' t think there is way with the app to skip auth for local users only.

@MooCloud_Matt said in Add a 3rd Party section after App Store: i really think that installing an custom app from UI is easy, as API are there to do that. Have you made any progress on this for a single custom app?

@tomw Apologies; I wasn't trying to suggest you shouldn't do this. I was only trying to emphasize that there is an entire system/chain that leads to your server. You might have: The nation-state working in tandem with local (or, are they state-owned?) ISPs to implement man-in-the-middle cert attacks, so that attempts to securely connect to your server are actually plain-text. The nation state, working with ISPs to compromise/log all traffic through DNS servers. ... https://www.cisa.gov/news-events/alerts/2015/04/30/securing-end-end-communications is an article that speaks to some of the kinds of things that you might have to do to begin securing end-to-end communications. Ultimately, I really don't know. I'm just suggesting---YMMV, etc.---that this sounds like something with high stakes. I wish you and your colleagues all the best of luck. PS. https://www.cjr.org/tow_center_reports/guide_to_securedrop.php looks interesting as well. Again, it doesn't apply directly to your case, but speaks to the broad spectrum of design considerations that go into architecting and delivering secure systems, where "systems" means "a combination of technology and people."

Thank you very much!

@Kubernetes Glad you like it, the eBPF stuff is a nice use case. (finally)

A month ago! Oh JOY! We love it when you surprise us @nebulon !

We don't have this feature yet to specify the healthcheck path in the app proxy. I will move this feature request. Thanks for the suggestion!

Can we revisit this? Allowing some code in the (html) header of all apps would be enough, I think (and awesome)

@girish You're right, I think not. Currently the app is NOT in a 'Running' state if any failures occur. An alternate method would be to bring up the app anyway (as long as the primary subdomain is up, and continue to resolve the failed API calls until some 'threshold' (then alert) or it succeeds and all is well. No need to ignore the failed ones, they just try again async as with your API rate backoff code, or at the next addition of a new sub if you want to be less proactive and more lazy. (The non working subs, if used will draw attention back to the app anyway.)

@DualOSWinWiz it's not there, no.

Regarding a helping hand for autodns: acme.sh does support dnsapi cert generation for autodns maybe this code can help developing. https://github.com/acmesh-official/acme.sh/blob/master/dnsapi/dns_autodns.sh Also acme.sh has MANY more dnsapi supports: https://github.com/acmesh-official/acme.sh/tree/master/dnsapi

Yeah, the access key is what is going to check if the domain is there. I think "Skip nameserver validation for custom Route53 NS names" would get me there And all of the DNS and Email stuff...I totally understand how difficult it is to give less technical users the ability to even USE this stuff, as well as support slightly more advanced users. You're doing a great job!