Of course, right after requesting this feature, the first post I browse to is this: https://forum.cloudron.io/topic/10517/oidc-migration

Girish pointed out some technical pro's of using OIDC.

@girish said in OIDC migration:

What's the reason to get locked into LDAP auth ? At the platform level, we have decided to move all apps to OIDC whenever available. OIDC is more secure and does not expose raw password to apps. We can also implement much more security schemes with OIDC.

@necrevistonnezr maybe if it's a simple enough app, you can package it along with the Surfer app which can provide the basic auth w/ a nice config interface.

@LoudLemur the wording makes sense as-is without the need to clutter the ui. Updates is the logical place to look in if you’re looking for version info. Imagine how cluttered that side menu would look on mobile! Less is better.

Well if you look into the web inspector, you could just utilize the rest APIs just like the dashboard itself does. "New Apps" here is just defined as first published within last n days.

But the initial feature request was about a way to find new apps, which is what the menu item is about if I understood this correctly?

Topic was merged, unfortunately I merged it reversed, so the new topic is now on top of this.

Expanding this, perhaps showing the overall size in the System Backups view too so we can kind of watch it go up and down to raise some red flags at a glance if we see the size suddenly jump unexpectedly? Maybe not needed, but just another idea. Doesn't even need to be a dedicated column but maybe just an icon that will then show more meta data about the backup.

@girish I think it can just be manual, same as the URL apps.

Good suggestion. For future reference:

The current zen spamhaus check only covers SBL, SBLCSS, XBL and PBL blocklists. To query DBL, one can do host domain.com.dbl.spamhaus.org 127.0.0.1 on cloudron . Would be good to get this automated like the zen check

@girish said in Optional 2FA for proxy auth?:

@jdaviescoates proxyAuth will move to OIDC based login very soon. Once that is done, hopefully you don't have to deal with this much (because it will automatically login for other apps).

Ah yes, I figured that might soon be the case. Excellent, I think that'll basically solve it 🙂

@girish said in Optional 2FA for proxy auth?:

On a general note, it's not possible to disable 2FA since this will be a security hole which bypasses 2FA 🙂 As in, one can keep trying username/password combinations without a 2FA now and know if it's valid or not.

Figured there'd be a good reason not to do it 🙂

@jdaviescoates right, unless it's a wildcard DNS for minio.ex.org you'll need to add buckets subs and see what minio does with it.

Check logs.

thank you very much @girish, I'm also eager to test it…

@RazielKanos i think nebulon has tryed that, but its not going well for them. by the way, if you didn't see it, here is the post

Yes true. With the way minio nowadays works all these aliases need to map to the backend.

I use gluetun at home with an OpenVPN-based VPN service, and it works like a charm.
Not sure how we would implement it in cloudron, though.

At my home server I use a docker-compose file with all the services, and on the ones I want to use the VPN, I use network_mode: service:gluetun.

Gluetun also needs NET_ADMIN capability enabled.

@jdaviescoates Sure, in the overall scheme of things, having to click on an app in the Dashboard to find it's app code name, then back, is two clicks. Seeing the Notification, following the link to the logs, figuring out which of all those characters is the app code name, copying that, then clicking back, or switching tabs, to then enter that into a Search box (paste, enter), is not the end of the world. But I've had a few other instances where being able to just see at a glance what the app code name is would be nice.