Hi @JOduMonT, I ran Cloudron with a combination of Tailscale & Cloudflared for two weeks without a public IP at my home setup. So far, everything was working well and I didn't encounter any significant issues. Below is the process that I followed: 1# I had two servers - one for Cloudron and the second with docker and docker-compose. Tailscale was installed and configured with Tailscale IP on both servers. The automatic domain configured was disabled in Cloudron and was set manually. 2# I ran the docker-compose.yml file on the second server using the following: version: '3.8' services: tunnel: image: 'ghcr.io/shmick/docker-cloudflared' container_name: tunnel hostname: tunnel restart: unless-stopped user: 1000:1000 env_file: - $PWD/tunnel.env volumes: - /etc/timezone:/etc/timezone:ro command: tunnel run network_mode: host TUNNEL_TOKEN={TUNNEL-TOKEN} 3# I set up and configured the domain in the Cloudflared UI, and used HTTPS for the Cloudron Tailscale IP with No TLS Verify enabled.

Yeah, imho it makes lots of sense to me for there to be an option to have all app update automatically, but for the platform to not auto update.

@lukas Forgot to link to the docs - https://docs.cloudron.io/user-management/#openid-connect

Fixed in 7.4.1 - https://git.cloudron.io/cloudron/box/-/commit/cc811522e0a629dae894bbb5d0573f3c0f2bad0a

@girish Yes, Thunderbird supports WKD. From the Thunderbird FAQs it is explained like this: Currently, it will search for published keys using the WKD protocol, and it will search for keys in the keys.openpgp.org keyserver. Source: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq#w_how-do-i-get-the-public-keys-of-my-correspondents Slightly off-topic, but related: Provider posteo also offers to publish public Keys via wkd, as described in this FAQ: https://posteo.de/en/help/easygpg-how-do-i-publish-my-public-pgp-key-in-posteos-key-directory-via-web-key-directory-wkd

Stil have to document this, but for the moment the currently supported claims can be seen at https://git.cloudron.io/cloudron/box/-/blob/master/src/oidc.js#L529 So mostly the (Oauth2) clients will want to be setup with those scopes: openid profile email

@privsec I moved your thread here.

While this has STILL not been addressed by docker upstream, there is a proposed solution that works: https://hub.docker.com/r/willfarrell/autoheal Alternatively a simple cron script checking for unhealthy containers to restart them. @staff what do you think?

@marcusquinn I had used that before but unfortunately didn’t seem to work for my Office365 migration, which I was surprised to see. Kept throwing me a generic error when I tried. It’s definitely a helpful tool otherwise though!

@skmgo Haraka feature requests have to go upstream - https://github.com/haraka/Haraka . This is a feature request for Cloudron (which uses Haraka internally).

This is in 7.4

@girish :dance-party: Thank you.

@mehdi my thoughts / use case exactly. Doing so with ipchains is a pain (thanks Docker's intervention to firewall); and ufw just doesn't handle all of the use cases (thanks Docker again).

https://github.com/TheWorms/nodebb-plugin-embed doesn't work. I haven't found a working plugin for this.

@jdaviescoates I have apps restricted by groups, absolutely. I would just like to have responsive functionality for app labels such as Website-Cust. Name

@girish Thanks for looking into it and I tried again with the Amazon S3 backup option in my server, and it started working for me as well (after you said that you enabled it within your AWS Account. I think that might have been the main issue as the error message called out that it couldn't object cloudron-testfile (which it might do through the Cloudron AWS Account if it exists*), so if the region wasn't enabled within that account, it wouldn't be able find the correct endpoint to use for that test file and hence wouldn't know where the correct endpoint is. I say that with the typo that you identified in the backup config code and enabling the AWS Melbourne region within your AWS account, that managed to get it working. In any ways, thanks for looking into this and getting it working for me

@jayonrails Cool. I recommend sticking to Tarball. Faster and takes up less space overall.

@rossmaclean ah right for this the build service app works well, after setup you can just run cloudron build in the package repo without having to commit/push in the repo. If you have it installed on the same server as you are testing the app, then this has the benefit that the image is already there and thus speeding up the process.