@girish yes

@girish I would say pick and choose what is applicable obviously you would know best it's also worth noting there are CIS benchmarks specifically for Docker Containers which might be a better fit. You could combine the two for better hardening. https://www.cisecurity.org/benchmark/docker/ https://github.com/docker/docker-bench-security Let me know what you think

@nebulon because the USER doesn't have a clue. It's the ADMIN that is guiding this process and has to send the info to the USER. The Admin is the one who sets up the mailbox and has the responsibility to notify the user of how to use it. Not the other way around So please make it EASY for Admins to let the users know how to set up Email. Email the Cloudron user the info as soon as the mailbox is created Copy the details easily so it can be pasted to the user if requested.

@nebulon Many thanks, @nebulon and @girish . The concern wasn't so much that I could not figure out what the status of my certs were external to Cloudron, but more that it would be nice if the area of the dashboard regarding certs would, as a matter of course, just say "You have 47 days remaining, and Cloudron should automatically update your certs in 17 days." And, if I do mash the button to manually run a cert update, it would be nice to get a response in the dash that says "Success! New certs will expire in 90 days!" (Or, whatever it would say.) I was mostly surprised that I got a certbot email saying I only had one day left, making me wonder what was up. (I did do a domain registration move at some point, and possibly other things that could have somehow upset the automatic update process. So, this isn't a bug report.) Not having a simple UI response to the act of hitting "update certs" (and instead being dumped into the log) is all I'm poking at. I don't know how long my personal instance has been running (a month or two now), but it has been a joy. Thank you.

Ok I will mark this as solved then since we already have the feature request for the other mentioned issue.

This would go well with a secondary backup facility for all things Cloudron doesn't currently back up, which is valuable, such as Volumes. Add a few protocols for this such as FTPS, SFTP, RCLONE, RSYNC, etc..

@mastadamus thanks so much for investigating. I have removed it for next release (7.1) - https://git.cloudron.io/cloudron/box/-/commit/6492c9b71f80120413ff4ae7eefa2f03dc96ea0f

I like the idea of having a summary for all the things (apps, users, domains, mailboxes). Good idea.

@girish said in Catchall for multiple domains: @d19dotca Wouldn't you create a single mailbox called say admin@ and then put your standard addresses as aliases of that mailbox? Ah, I forgot you can add other domains as aliases now, so yes I suppose in my case I could use my main email address at my own domain and add in aliases of postmaster and webmaster and abuse and hostmaster for each domain from the same window, this would definitely save a little bit of time as I couldn't need to add from each domain page individually. Ideally though it'd be great to have some of those standard ones just be auto-created for example and setting it to one email or something since those emails are generally required for proper RFC compliance. I'll work in the meantime on migrating from the old system I had to the new system. I created those before the multi-domain email aliases was added.

Work-around for the time being: Show disk usage for the last 7 days via SSH login nano diskusage.sh (note, I have two local disks that need monitoring; the command below adds date and data for both disks in one line) #!/bin/sh echo $(date +%F && df -h /dev/sda1 --output=source,fstype,size,used,avail,pcent | tail -n1 && df -h /dev/sdc --output=source,fstype,size,used,avail,pcent | tail -n1)>> /home/USER/Disk.txt cat Disk.txt 2021-12-08 /dev/sda1 ext4 1,8T 1,1T 694G 61% /dev/sdc ext4 916G 444G 426G 52% 2021-12-09 /dev/sda1 ext4 1,8T 1,1T 694G 61% /dev/sdc ext4 916G 445G 426G 52% crontab -e add 45 4 * * * sh /home/USER/diskusage.sh >/dev/null 2>&1 nano ~/.bash.rc add printf "\t\n" cat /home/kdj/Disk.txt | tail -7

@thpuffin yup, working on ipv6 support for 7.1!

@jodumont said in Harden security features: provide and identifiy authentification via SAML (if it is possible) SAML is an old and outdated protocol (that is also hard to work with), a more modern alternative is oidc (OpenID Connect, a standard based on Oauth 2.0), which is also offered in your screenshot.

@mehdi said in Disk IO Tracker: just trying to periodically write stuff and checking the performance, as suggested, would not be great IMO, as it would 1/ be influenced by what's already running on the system 2/ wear out SSDs for little benefit Agreed, there are better ways, the example was more for the output or datapoints. Aspects of BPF tools make this light on resources, but there's a whole stack of tools down the line, including 'iolatency'.

@jodumont I recently posted about crowdsec under feature requests. I think crowdsec is more appropriate, afaik, for cloudron

@nebulon Great stuff, glad it seem plausible in the medium term..