@nebulon Yes, they still have ongoing problems... Even if they mark as “solved”, problem is not fixed. This can affect Cloudron installations. Just tried to install Cloudron again but... Err:75 http://security.ubuntu.com/ubuntu noble-updates/main amd64 linux-firmware amd64 20240318.git3b128b60-0ubuntu2.26 429 Too Many Requests [IP: 2620:2d:4000:1::103 80] Fetched 220 MB in 5min 41s (643 kB/s) E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/l/linux-firmware/linux-firmware_20240318.git3b128b60-0ubuntu2.26_amd64.deb 429 Too Many Requests [IP: 2620:2d:4000:1::103 80] E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?

@imc67 said: In “What’s coming in Cloudron 6.3”, I suggested features inspired by Wordfence including blocking by IP/location and geo-blocking, and specifically calls out the idea of geo-blocking of countries as a desirable security improvement. https://forum.cloudron.io/topic/4723/what-s-coming-in-cloudron-6-3/4 You got an upvote for me in any event, but for this feature: https://docs.cloudron.io/guides/community/blocklist-updates

Can’t answer for their business decisions - it is a slot you backup to. I’ll feed this back to them! Thanks for the reply. Edited to add: Turns out the slot was a jailed ssh so I could just ssh-copy-id from my machine instead of going through their client portal. All good, able to use sshkeys now!

Both. I want to understand if both are correct programmatically, but I can't test them against having an existing docker image, because I find that counter-intuitive - why would I build the docker image before knowing if everything is correct?

Hello @jk That is rather odd. I will forward this to the team to have a look.

rclone tool has also worked in the past

Below are some notes on this. Supporting this would help Cloudron with eg ejabberd. https://paste.wanderingmonster.dev/?283c2adafcdddeaa#8bke4mYL5MBQNEoc3FEbvHDE6ZHEANBhT3qX9RTNcpey

I would absolutely advocate for re-adding X-Content-Type-Options: nosniff as long as we don't have a way to set headers directly in the Security Settings of Cloudron Apps (like we can with CSP headers). That header still provides meaningful protection against MIME-sniffing attacks and has widespread browser support. Afaik, X-Permitted-Cross-Domain-Policies is still used by Acrobat (which is unfortunately far from dead), but I agree it's fair to remove it from the default configuration since it's an edge-case.

Bump! Please upvote if you think a configureable timeout for Cloudron SSO would add value to the platform. Currently I am using PIN code verification via Cloudflare Access as a workaround, but ofcourse this only works if the domain is proxied by Cloudflare.

@james said: @robi said: It would be nice if they could be hosted by the local registry app. The docker images? That should already work and is close to my above suggestion with a private registry. You'd just need to configure the docker registry in the Cloudron dashboard under /#/docker. I believe what @robi meant is to be able to store the CloudronVersions.json in a registry, much like what authentik does with blueprints.

@girish That is fantastic news, looking forward to it. thank you cloudron team!

Hello @tobiasb Good suggestion. I ask myself, is the manifest the correct singular location for this config? Maybe we set the initial value via the manifest but also allow a custom value in the service overview from the dashboard. But at least adding this to the manifest should be doable.

The obvious is Vercel dev'd app self hosted here.

@timconsidine you can toggle visibillity for apps that have their own user management. If you use an SSO app, there is "user management" which manages access (and therefore an visible dashboard icon) but "dashboard visibility" is missing from the menu. Its well explained in the documentation. I guess what you could do is remove access for an user (within Cloudron), put the user inside a group X that has no access to said app and set up SSO manually within the app to grant access to users within group X. Basically, I want the "dashboard visibility" options to be available for all apps. To not make Cloudrons UI confusing, a "Hide for non admins/operators" checkbox would be fine.

@girish , is this perhaps something we can consider adding in one of the next updates? This would be greatly beneficial to be able to specify the IP address for outbound traffic in Cloudron (at least for the mail container but maybe all containers in one setting might be better for some people, not too sure what the best approach is). I found a couple of other related topics so it seems like there is a need for this. I think my solution should still work but likely just needs to be adapted by Cloudron to be more built-in with a GUI to set the outbound traffic IP (or maybe just have it default to the IP set in the Network page by default as I suspect the DNS record IP would be the same IP outbound traffic would be desired). Other related topics I found: https://forum.cloudron.io/post/108717 (Haraka config for controlling outbound SMTP interface) https://forum.cloudron.io/post/81114 (SMTP using wrong IP address on interface with multiple addresses) (admittedly this one is a post I made myself before, lol)

I use the darkreader plugin for sites that don't have dark mode and have it set on a schedule. Sometimes it makes text hard to read as it gets the color inversion wrong, but overall it's pretty good. https://darkreader.org/ You can easily disable it for certain sites with a single click (marked in red). The on/off buttons are for the entire plugin. The "configure automation" is where you set the schedule. [image: 1773852264553-7703688b-119f-42df-a8b4-f54dac6f40b8-image.jpeg]