@girish said in LDAP + 2FA support for Cloudron Apps: Making baby steps here. 🦾 Almost a slow walk

@ruihildt app is down emails go brrrrr

@girish It will be perfect, It will be easy for me to work with freelancers, outsources, give them a limited access to a specific app "Container"...

@robi Wow Robi, this is a great feature request!!! Just yesterday one of my Cloudron instances got a lot of traffic to email for a bruteforce attack. @girish I think this feature have to put on the top of the list to improve safety but also to reduce workload of instances and network traffic... [image: 1610527791540-schermata-2021-01-13-alle-09.49.21-resized.png] This is a statping how network performances was impacted before and later bruteforce. Also, need a robust alert system - email or other - to let us know that something is happens.

I have to try myself, since such a symlink would reach out of the document root and thus could be a security issue (although since there are no secrets and the code is read-only probably not)

@girish having a email manager for a user would be allready great idea. So a user could control his own email adresses. I totally on the other hand support the idea of a dimain admin, where users could control their apos and settinfs of the domain.

Hetzner Cloud snapshoot can be an additional measure in case of total backup failover, but as @fbartels said, snapshoot could have inconsistent data and generate corrupted instance when recovery-restart. Snapshotting an instance can be an extreme way to recovery data. Of course, cannot be the first and the right way to make a restore. If you use that feature to make it cheaper I think is not a good way to approach problem. As @jdaviescoates said, you can purchase a Box from Hetzner and configure an extra backup, mounting CIFS directory. But also this procedure can have some risks in case of a total failover of Hetzner datacenter or connection. Best practice is to use a different provider or datacenter. (Now I'm testing Wasabi and seems to be fast, stable and reliable, but I'm scared about privacy policy management: maybe for some configuration mistake data directory can be exposed). Question is: @mikulabc why you want to use Snapshotting feature? To be cheap?

Fixed this for 6.1. https://git.cloudron.io/cloudron/box/-/commit/353369c1e9ffc70a53eeea0cb99019a1b5f98f27

@tamayers This would be nice to have, for sure. For the most part though, the domain registrar will handle that part of forwarding a full domain to another if you use their own DNS servers, etc. I have done that for a couple of my own domains that I had registered a long time ago for 10 years, but no longer use them so wanted to just forward them to my current ones instead. It would certainly be convenient for Cloudron admins if Cloudron did this too though. One example I can think of... I have two vanity URLs purchased by two different clients of mine where they want me hosting their email but for the website they want it going to their realtor agency website (for example) which is outside of my control, and would be convenient to set it all in the same space instead of a mix of domain registrar and Cloudron.

Also noted a request for a List view here: https://forum.cloudron.io/topic/3465/dashboard-customize-buttons-on-the-sides-of-apps/4?_=1608519749716

@girish Oh, absolutely with a custom app, I mentioned in the original post that I'm going to build my own Wordpress Stack to simply and only add this. But I saw benefit to other user's being able to script something post-update as that's literally the only thing my stack will do differently than the default Wordpress app (I'll have to integrate your updates into my stack manually each time so I still wish there was a way to run an external custom sh script post-installation). As you can see my custom script simply uses the CLI to upgrade all databases with any new required formatting if and only if any updated Wordpress core or updated plugin require it. When you update from the Cloudron interface, it simply updates all the files and Wordpress has this really annoying tendency to not upgrade the databases post-upgrade invisibly. The script above is the only way to make sure file versions and database versions stay in sync 100% of the time every update. This becomes nearly unavoidable if you want to support multisite in the future since the problem becomes more convoluted in that installation type so my script detects multisite installations and runs database upgrades accordingly with WP CLI commands or single site only commands if it's a single site. I actually think the script below should be an optional "automatic upgrade plugin and themes checkbox when updating Wordpress core" option for Wordpress installations as well, here's the WP CLI code for it: # Plugin updates wp plugin update --all wp plugin update --all --skip-plugins --skip-themes # Theme updates wp theme update --all wp theme update --all --skip-plugins --skip-themes

Indeed this is on our roadmap.

I'd like to add to this. The ability to select the pass length and whether we want special characters. Or if it's easier to do, allow us to add our own passwords instead of them being generated for us.

Adding to this: Maybe it's possible to implement a backup browser via the file browser, at least for the rsync format and even for encrypted backups?

@robi @girish thanks, I figured it might be something like that as I think it was just after a reboot that I noticed they had disappeared.

@jdaviescoates nope, just regular domains, not sure why but will just wait and see I guess

Just to follow up, here's a sample of normal backups followed by a Cloudron upgrade, which itself triggered another backup run, and the corresponding relevant network and disk graphs: [image: 1607915273220-network-traffic-resized.png] [image: 1607915283316-disk-i_o-resized.png] All in all, it's definitely fast-er but not insanely performant. CPU utilization vs load hints that it may in fact be down to inefficient utilization of cores to some extent, but there is definitely a fair bit more bottleneck coming from the network still. [image: 1607915562708-cpu-utilization-resized.png] [image: 1607915565769-cpu-load-resized.png] Nothing earth-shattering either way, and gains were more mild than I would have guessed, but all in all, not a bad outcome.

@robi Yes, more checks to keep the mounting "alive".