Cloudron 9.0 (beta) bug reports

Lanhild

@girish yeah of course, it just gave me a good excuse to report some of my findings

Great work on this release as always.

andreasdueren

login dashboard has minor CSP error:

kjFizNC6g5WWSmRHHlAqzX34uPV4YhB8kglL3_b3O5A:1 Refused to load the font 'data:font/woff2;base64,d09GMk9UVE8AAA/IAAkAAAAAIi4AAA9/A4EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAATYCJAQGBmADgRwFiH0AghwHIA22GYUWESMRdnLSigfwXxK0JUN3PWgtIVtGtFABIUcjR8vMKvVNUhctBQIndOh7wFzNSdpf090C0MDGNSSuod3GJyMkmSUKlm72kk6vLpKqU4SDLlGqOoHx7wzNIRzzvZseTSBF/CoWaAkVRa5inol55lqxm5oz/9pr/qq+GXmakr21m0KxnJeWZ3dOoSo0//sTGj5e/r///znN1cDq77IugUrslFAFYg2CIfrG8Y3Q37GCqLAnZVKJvSuQC/x0zjP8v7/fp1rJjZ8tzGQcKS6iBFIAJMtql0EBKwIFJDuugO7Ztucm55fDg6nLQiMNIEFoAX1WesldzzU7W7qlB5C8/++0N/TOuYAMJkEJWxa0H6VUF8my5XljyWqW/HtHCdpC8/dzpf3Zo1xx...5FI3LRfrLhMDFvEwF2uOoME+/Gh0MqYxkm4s05u6D4DyLBRemu4kMtB6Nv/NOFUZPitzFD8qL8o0r+kYrPnnsY0vWZd5GEzsCREC+Wz3APkfzeqsAp0tZw0lLrhuy2DNy1E1VNM1LqdhIO45OPIwT3rftapv3Bq7mdNHFSgnKIkN8flMKWHNJF9U1BMQglWyx3EZ7e5f02oBD3RnnUPJn1p0wir+pGFraC2kyNDOKF8tvhNtQ4Hcy0KjTgZz2eIU55xre6wlnEltXkEBDbif0x/5SQnkBBsVWmb3r49ic42aAZm9yFY1aRg7n+S55ntbIbUFoODVCE879nRYAuMN+ACxenLXW8IjGFgtIdIwdl+hm8IjDZChcfQWQE4njeBgZtMFXgB6tKKFfpy23VFRCE125CitD/JeFiLDnXDHDSEnA6F9x0fPn4hNuPX1WQu8Z38LPLmCxI8nJVmHouX1lTh3BMEinPhg07NI3cNPSeEiWEBfG4rV6SAQMAAAA=' because it violates the following Content Security Policy directive: "font-src https: 'self'".

background:1  GET https://my.tld.com/api/v1/cloudron/background 404 (Not Found)

Then on, enter password additional error:

style-CMkpM2bh.js:12426  POST https://my.tld.com/openid/interaction/kjFizNC6g5WWSmRHHlAqzX34uPV4YhB8kglL3_b3O5A/login 401 (Unauthorized)
request @ style-CMkpM2bh.js:12426
post @ style-CMkpM2bh.js:12456
onSubmit @ oidc_login-oGYAt-kS.js:60
callWithErrorHandling @ style-CMkpM2bh.js:1922
callWithAsyncErrorHandling @ style-CMkpM2bh.js:1929
emit @ style-CMkpM2bh.js:5971
onClick @ style-CMkpM2bh.js:13965
callWithErrorHandling @ style-CMkpM2bh.js:1922
callWithAsyncErrorHandling @ style-CMkpM2bh.js:1929
invoker @ style-CMkpM2bh.js:7517

and on the 2FA page the TOTP Token Submit button doesn't use the translation but displays login.signInAction

These errors persist on the dashboard:

(index):59 Refused to load the font 'data:font/woff2;base64,d09GMk9UVE8AAA/IAAkAAAAAIi4AAA9/A4EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAATYCJAQGBmADgRwFiH0AghwHIA22GYUWESMRdnLSigfwXxK0JUN3PWgtIVtGtFABIUcjR8vMKvVNUhctBQIndOh7wFzNSdpf090C0MDGNSSuod3GJyMkmSUKlm72kk6vLpKqU4SDLlGqOoHx7wzNIRzzvZseTSBF/CoWaAkVRa5inol55lqxm5oz/9pr/qq+GXmakr21m0KxnJeWZ3dOoSo0//sTGj5e/r///znN1cDq77IugUrslFAFYg2CIfrG8Y3Q37GCqLAnZVKJvSuQC/x0zjP8v7/fp1rJjZ8tzGQcKS6iBFIAJMtql0EBKwIFJDuugO7Ztucm55fDg6nLQiMNIEFoAX1WesldzzU7W7qlB5C8/++0N/TOuYAMJkEJWxa0H6VUF8my5XljyWqW/HtHCdpC8/dzpf3Zo1xx...5FI3LRfrLhMDFvEwF2uOoME+/Gh0MqYxkm4s05u6D4DyLBRemu4kMtB6Nv/NOFUZPitzFD8qL8o0r+kYrPnnsY0vWZd5GEzsCREC+Wz3APkfzeqsAp0tZw0lLrhuy2DNy1E1VNM1LqdhIO45OPIwT3rftapv3Bq7mdNHFSgnKIkN8flMKWHNJF9U1BMQglWyx3EZ7e5f02oBD3RnnUPJn1p0wir+pGFraC2kyNDOKF8tvhNtQ4Hcy0KjTgZz2eIU55xre6wlnEltXkEBDbif0x/5SQnkBBsVWmb3r49ic42aAZm9yFY1aRg7n+S55ntbIbUFoODVCE879nRYAuMN+ACxenLXW8IjGFgtIdIwdl+hm8IjDZChcfQWQE4njeBgZtMFXgB6tKKFfpy23VFRCE125CitD/JeFiLDnXDHDSEnA6F9x0fPn4hNuPX1WQu8Z38LPLmCxI8nJVmHouX1lTh3BMEinPhg07NI3cNPSeEiWEBfG4rV6SAQMAAAA=' because it violates the following Content Security Policy directive: "font-src https: 'self'".

utils-CAYJrJwJ.js:529 Already activated
index-B27HHYVP.js:41649 Cloudron dashboard v9.0.3
uid-7a405c74-4ed4-4512-9b5c-cdc35e949680:1  GET https://my.tld.com/api/v1/profile/avatar/uid-7a405c74-4ed4-4512-9b5c-cdc35e949680?ts=1760915353587 404 (Not Found)

girish

Thanks, the woff issue is already being tracked here - https://git.cloudron.io/platform/box/-/issues/859

msbt

Unsure if I'm not just missing the right place to look, but I can't see more than one automated backup in the /#/backup-sites view (or in the app directly)

That list should show multiple MinIO backups (since they're daily with a week retention), but it only showed the one from last night and now the one I triggered manually (now I'm not even sure if it showed the MinIO at all). Where can I see the list of all current backups?

girish

@msbt it should be listed in the System Backups. Can you check the Logs drop down? Maybe something failed?

msbt

@girish nothing failed so far:

So it should at least show the MinIO from 01:00 and the one I triggered manually at 09:57, I'll check back tomorrow what it says.

luckow

No user feedback if mandatory fields are not filled in (backup-formats & save button)

msbt

@girish I remembered correctly, the automated MinIO backup isn't showing at all:

nebulon

@luckow that went down a rabbit hole, but should be fixed now.

girish

@msbt thanks! There was a nasty bug in the backup cleaner where one site was trying to clean up the backup of another site... Fixed now.

andreasdueren

When using the search, it should also return domains. Also, the domain filter doesn't search for redirects. And maybe the tags and domain filters should be searchable for people with lots of domains and tags?

andreasdueren

Another thing I don't really understand is the current default sorting mechanism. it doesn't seem to srt by domain name or App name

nebulon

Right turns out the sorting in the grid view is actually by app id, which is just a uuid. That is indeed not great nor predictable.

I pushed a change to sort alphabetically by displayed label for a start now.

nebulon

Also pushed a change to enable the dropdown search input for filters with more than 10 entries.

andreasdueren

Previously, shut down applications were greyed out, this is no longer the case.

nebulon

Good catch, that got lost during the transition. It is back now for next release.

andreasdueren

There is an issue with the selector for access restrictions. Doesn't list any items on installation of app but can be restricted afterwards.

nebulon

Oh great catch, that regression somehow slipped through in that latest patch release. Fixed now in https://git.cloudron.io/platform/box/-/commit/27f975f3c5420dd432a2fcd92589122cc98ca633 with better type checks to avoid that in the future.

Kubernetes

After upgrading to Cloudron 9 I cannot send e-mails with Masquerading-Feature. It got disabled for all Domains, but even after enabling it again, my e-mail client (Apple Mail) still fails to send with another e-mailaddress.

Logfile of email service:

Nov 08 20:45:33 [NOTICE] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [core] connect ip=****** port=51653 local_ip=***** local_port=2587
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [dns-list] pass:******.combined.mail.abusix.zone
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [helo.checks] helo_host: smtpclient.apple, pass:bare_ip, dynamic, valid_hostname, host_mismatch, literal_mismatch, fail:rdns_match
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [spf] identity=helo ip=***** domain="smtpclient.apple" mfrom=<postmaster@smtpclient.apple> result=None
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [spf] scope: helo, result: None, domain: smtpclient.apple
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [tls] secured: cipher=ECDHE-ECDSA-AES128-GCM-SHA256 version=TLSv1.2 verified=false
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [core] hook=unrecognized_command plugin=tls function=upgrade_connection params=STARTTLS retval=OK msg=""
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [helo.checks] helo_host: smtpclient.apple, pass:bare_ip, dynamic, valid_hostname, host_mismatch, literal_mismatch, fail:rdns_match
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [cloudron] Authenticated as MYUSER@SOMEDOMAIN.COM
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D] [core] hook=unrecognized_command plugin=cloudron function=hook_unrecognized_command params=AUTH retval=OK msg=""
Nov 08 20:45:34 [INFO] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D.1] [core] hook=mail plugin=cloudron function=authorize_mail_from params=<MASKED@SOMEDOMAIN.COM> retval=DENY msg="Authenticated user MYUSER@SOMEDOMAIN.COM cannot send mail as MASKED@SOMEDOMAIN.COM"
Nov 08 20:45:34 [NOTICE] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D.1] [core] sender <MASKED@SOMEDOMAIN.COM> code=DENY msg="Authenticated user MYUSER@SOMEDOMAIN.COM cannot send mail as MASKED@SOMEDOMAIN.COM"
Nov 08 20:45:34 [NOTICE] [1BC2F871-D6E6-46D3-888B-3E7A2D3C716D.1] [core] disconnect ip=***** rdns=****.t-ipconnect.de helo=smtpclient.apple relay=Y early=N esmtp=Y tls=Y pipe=N errors=0 txns=1 rcpts=0/0/0 msgs=0/0/0 bytes=0 lr="550 Authenticated user MYUSER@SOMEDOMAIN.COM cannot send mail as MASKED@SOMEDOMAIN.COM" time=1.764

d19dotca

Sorry if this was mentioned already, but it was possible before on 8.x to search by app name in the list of running apps, but this appears to no longer be the case now as of 9.0.7. Is this intentional? Before, I could search for "WordPress" for example and all the apps would filter to the WordPress installs.