I do not know, if this may be also interesting, so I just add the link. I noted it because it talks about private pki which might be interesting in my job but I personally don't need it.
https://cert-manager.io

I will mark this as solved. LDAP standard hasn't moved to support 2FA and neither have apps settled on a pseudo standard. There is not much we can do.

@girish said in Improved global E-Mail signatures:

Is the idea to extend our current global signature to use template/variables (from the authenticated user sending the mail)?

Practically, yes that would be amazing! Variables I would like to be able to use:

First Name
Last Name
Email
Company (Could come from the cloudron branding name)
Job Titles (This would require an addition to the user database
Profile Photo or image url for static images like logos etc.

Yes, I can see how that would make sense, however, keeping the subdomains while allowing for the domain.tld to change is I think the best of both worlds. If there needs to be a checkbox at restore to keep or discard subdomains, that would be a bonus.

@girish

Yes and maybe if a call for it to pull fields from log-in providers like Google Workspace.

I do know there was someone working on a registration page so people can register for accounts on a Cloudron server, but that was 2022 and has been dead since.

@necrevistonnezr that's an excellent post which I forgot about! I just proceeded to set up a backup of my laptop with restic+minio. Let's see how it goes!

by the way, that link was a link from security now, a podcast i regularly listen to.
here is the official duo security address.
my business has used it before, so i think its pretty good at what it does.

@robi I'm sorry to disappoint you, but the HTML files I created are very simple. The fancy stuff happens on the uptime kuma page. If you are still interested, here's the code:

<!DOCTYPE html> <html> <head> <title>HTTP 503 - Service unavailable</title> </head> <body> <center> <h1>HTTP 503 - Service unavailable</h1> <p><b>Ooops, sorry. The service you requested is not loading at the moment.<br> Hopefully it's just a restart as part of regular maintenance, so</b></p> <h2>please try again in a few minutes.</h2> <p><b>If you keep getting this error message, please visit our <a href="https://status.42bit.io">status page</a>, which usually has more details about longer outages.</b></p> <p>If you think the 42bit.io / blueplanet.social admin should have a look at this, please reach out to <a href="mailto:admin@42bit.io">admin@42bit.io</p></a> </center> </body> </html> <!DOCTYPE html> <html> <head> <title>HTTP 404 - Not found</title> <meta http-equiv="refresh" content="15; url='https://42bit.io'" /> </head> <body> <center> <h1>HTTP 404 - Not found</h1> <p><b>Sorry, I cannot find what you were looking for.</b></p> <p><b>All I can do is redirect you to my <a href="https://42bit.io">home page</a>, which I will try in a few seconds.</b></p> <p>If you think the 42bit.io / blueplanet.social admin should have a look at this error, please reach out to <a href="mailto:admin@42bit.io">admin@42bit.io</p></a> </center> </body> </html>

I think git link / image registry link is the most flexible.

Essentially it could run the code that Cloudron CLI runs anyway.

@girish Trrruuueeee 😄 but . . . errr. . .
Still would be a cool option for maintenance tasks, so you can announce them. 🙂

In the documentation is an example for using Gitlab for auth instead: https://docs.cloudron.io/apps/docker-registry/#without-cloudron-directory

But I don' t think there is way with the app to skip auth for local users only.

@MooCloud_Matt said in Add a 3rd Party section after App Store:

i really think that installing an custom app from UI is easy, as API are there to do that.

Have you made any progress on this for a single custom app?

@girish said in Add notification for Certificate errors:

@andreasdueren sorry, I meant if your Cloudron is able to send outbound email. Does sending a test email work - https://docs.cloudron.io/email/#send-test-email

Yea works no problem

@tomw Apologies; I wasn't trying to suggest you shouldn't do this. I was only trying to emphasize that there is an entire system/chain that leads to your server.

You might have:

The nation-state working in tandem with local (or, are they state-owned?) ISPs to implement man-in-the-middle cert attacks, so that attempts to securely connect to your server are actually plain-text. The nation state, working with ISPs to compromise/log all traffic through DNS servers. ...

https://www.cisa.gov/news-events/alerts/2015/04/30/securing-end-end-communications

is an article that speaks to some of the kinds of things that you might have to do to begin securing end-to-end communications.

Ultimately, I really don't know. I'm just suggesting---YMMV, etc.---that this sounds like something with high stakes.

I wish you and your colleagues all the best of luck.

PS. https://www.cjr.org/tow_center_reports/guide_to_securedrop.php looks interesting as well. Again, it doesn't apply directly to your case, but speaks to the broad spectrum of design considerations that go into architecting and delivering secure systems, where "systems" means "a combination of technology and people."

Thank you very much!