So Cloudron really just displays what info is at /sys/devices/virtual/dmi/id/* so in your case To Be Filled By O.E.M. is probably set by the vendor intentionally or unintentionally. Our fallback is an empty string if the info file does not exist. Probably hard for us to distinguish between valid and non-valid strings here, if the vendor does put something.

So I am not sure what pangolin really needs here, but I did some more testing and the mentioned claims are all included in the JWT in my tests already in the currently released Cloudron OIDC server. How did you see that those aren't included in your case as you mentioned? Are you even getting a valid JWT and can you decode that? How does that json object look after that? The token response should look something like: { "access_token": "OGpFA1siYNbAQiCahuvjUDkKgoRAi4cz00lysJC6jt9", "expires_in": 3600, "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IjFrRF..........", "refresh_token": "IJpU-ULmWoEYmUJmd55HLQF7aVHPbZIzdmWHUYQ1vB0", "scope": "openid profile email", "token_type": "Bearer" } Which then decoded in my case holds: Payload (Claims) sub: "nebulon" family_name: "" given_name: "Firstname" locale: "de-DE" name: "Lastname" preferred_username: "nebulon" picture: "https://my.cloudron/api/v1/profile/avatar/uid-e6e4afd0-f677-45e3-8d61-4dd039c32a11.png" email: "nebulon@..." email_verified: true aud: "cid-b901ffe1294a0683aff450bb86d036b5" exp: 1765189670 (8.12.2025, 11:27:50) iat: 1765186070 (8.12.2025, 10:27:50) iss: "https://my.cloudron..../openid"

Not sure if cloning is exactly UI-friendly here. The user intention is to add another domain, which is a separate action than cloning. You'd assume you perform an action that is separate from other domains, I'd say. For backup sites, I am more with you: There it makes more sense to use the same site, but change a detail.

But in this config there are with errors at cloudflare ( only one level at subdomains). But i see. Maybe you can bring it on the pipeline (without high priority). Greetings

Hi, @james! Yeah, I think you got it perfectly. Except I don't think the app-proxy would need to use OIDC instead of proxyAuth. Maybe It could be an option: You either use proxyAuth for authentication-only if your proxied app doesn't have auth capabilities, or you use OIDC and the proxied app would use cloudron as an OIDC provider. I understand there are a few technical hurdles to jump, but I'm thinking they might be feasible. The main one, as you suggested, would be to have the OIDC-related configurations in the manifest dynamically configurable. This feels like it would demand some work, but as I understand it, there's already something along these lines in apps like gitea, where the SSH port is declared in the manifest, but customizable via the web ui. IMO, this would make for a few more nice usecases for app-proxy, like testing apps, or even hosting them elsewhere (like a homelab in my case, or another machine), but accessing them through cloudron and benefiting from its user management. Also, I don't think it would "compete with" or "exploit" cloudron in any way, since these proxied apps would not benefit from cloudron's other great features like automatic updates, backups, external volumes, etc. All the management ease and just general peace of mind that cloudron brings us. Would be a nice use case, though, I think.

Yes, the clone follows the user management of the backup. This has to be implemented.

Hello @Andrew Many apps run their own NGINX or APACHE2 inside the app and can be configured on that level or on the application level. For example Nextcloud has the /app/data/php.ini file where you can configure e.g post_max_size and upload_max_filesize to limit that. Same for WordPress. Ideally, each app should have the ability to configure this. From your example, the apps ghost and peertube do not have a php.ini because they run NGINX inside the app. Having the possibility to edit / configure NGINX directives there as well is understandable. I will tag this topic as feature request to track this for the future.

@joseph Not sure if I can follow. I understand what @girish said in App proxy questions and proxy/authentication possible improvement suggestions But from Cloudron's POV, there is authentication and authorization But basically adding the option to add optional Authentication in front of any app (presumably through the web server) would be very useful in a lot of cases. This is already a feature in the proxy app but would be good to be a toggle in any app.

Newer OpenSearch versions do not work with Mastodon anymore. This is what I need ES for.

This is fixed with https://git.cloudron.io/platform/box/-/commit/2cb755fe44ad379327186878960255fe0d905f9b

Honestly, I didn't try. I didn't find evidence that this was possible, so I assumed it wasn't. For my needs, I have found a different solution for this now, but maybe this could be helpful to clarify, if it works, then in the docs.

Hello Everyone We have added a guide documentation for Per-App storage limit. If there are questions about this guide, or you have feedback on how to improve it further, please let me know.

This is fixed now for next release.

@ekevu123 The team is keen, you adjust for the different notification types. Date range is still useful, this is just tied to notifications.

Can you give more context what you mean by that? Which API would one use for relaying there, since https://developers.brevo.com docs also refer to regular smtp relay for relaying purposes. Also what would be the benefit there? Like postmark or so, brevo also has an API to send/compose emails but I am not sure how this relates to the relay part here, but maybe I am missing something.

Hello @zack13532 Glad to read that this solution suits you well. Oh, and since that was your first post. Welcome to the Cloudron forum.

As far as I understood this, thunderbird maintains an ISP database mainly. So once a domain was manually configured in any thunderbird, subsequent account setups will have the server addresses auto "discovered" from that database.

@girish nice, happy to hear!