After quite some time - almost two years - I would like to know if this improvement can be considered for some future release in 9.X ?

Ok for a start the wrong messaging in the invite email is gone for next release. The password reset expiration is unchanged. We will add some expiration for invite also just to avoid edge-cases here.

@IniBudi: Thank you for your comment. The DNS entries for MTA-STS are not the problem; I can easily store them with a domain and DNS provider. The critical point is storing the necessary TXT file with the actual rules of conduct, which cannot be provided at the DNS level. To do this, I need a web server under the respective domain, and so, when using Cloudron, I automatically end up in the Cloudron user interface and in the domain settings area. There is already an area for so-called “well-known URIs” where entries for services such as Matrix, Mastodon, and Jitsi can already be stored. In my opinion, to implement this cleanly in cloudron, all that is needed is an input field where the MTA-STS rules can be stored.

I agree. The same feature exists in Elestio which prevents accidental deletion and shutdown. [image: 1768337338130-c464088f-e61b-40c0-9300-9d10a2b23d01-image-resized.png]

I have added a disk cache now in local storage . Will show cached data if < 60 minutes old . There is anyways a refresh button to get the latest state.

@robi easier to just upload a folder

Does anyone know if Bitwarden Lite includes the secrets manager? That would be an argument.

Yes - you're right it's "storage". I have been meaning to try the rsync instead of zip, but it does warn that it's not a good idea for lots of files. I'll give it a try. Thanks!

@james I like your thinking. This might allow for better hardware utilization on smaller servers. @svtx I get that some TURN queries are legitimate. But I would think that a service utilizing TURN would broadcast this to others so that they can "connect". Since I am not broadcasting, I am not sure why people are probing for TURN connections. I guess I am jaded by the thousands of unauthorized SSH attempts I see on all my servers each day. So my bias has shifted from "trust, but verify" to "distrust and verify when someone complains".

We used to have that actually, but given that apps which use LDAP were affected by this, we lifted those. By now the situation has changed quite a bit with most apps now being on OpenID, we have to revisit this. Regarding the roadmap, we are looking into things for v9.1 and will open a thread here to discuss those items soon. We do take this forum section into account, which is why it exists, so if feature requests have some traction by the community, they are more likely to be picked. So bumping threads and revisiting discussions here is a crude but useful way to signal for us.

Thanks for the catch! This is fixed with https://git.cloudron.io/platform/box/-/commit/fc417022c97e21cb6abd1a632755557133c4c37e

This is how I use it currently, but I maintain the wireguard VPN myself, outside of cloudron, which is not the recommended way. I would LOVE for something like this to be available.

@charlesnw said in CIS Benchmark Compliance: Do you use hardened Docker base images? See the discussion here: https://forum.cloudron.io/topic/14762/docker-hardened-images In short: No, for good reasons (maintenance and standards)

@joseph yes, I'm still on 8.3.2. OK great.

Excellent suggestion. Putting the verb/action first .

Hello @charlesnw @charlesnw said in Logging - targets, retention etc: I believe that anything done in the GUI is also available via API? I think the GUI uses the API behind the scenes? That is correct.

Any possibility of getting NTP configuration (via API/GUI) into Cloudron 10 roadmap?

Hello @Sismic and welcome to the Cloudron community