Notes on Cloudron, crowdfunding app packaging
-
@bmann servethehome did all the homework regarding SFF PCs that are great as a home server https://m.youtube.com/playlist?list=PLC53fzn9608B-MT5KvuuHct5MiUDO8IF4
-
@bmann said in Notes on Cloudron, crowdfunding app packaging:
“It’s easy” -> is there a step by step guide? There’s a blog post from 2018 and various tips scattered across forum threads.
Good point. This has been pointed many times by now. I will merge that blog post in our main installation docs so it gives a better impression that it is a living document.
If Cloudron were serious about home hosting, building in first class support for Tailscale, Cloudflare, and similar providers would be the way to go.
Mostly home hosting and VPS hosting don't really differ that much minus the networking complications that come with a home network or an intranet. I don't think you need Tailscale or Clouddflare for home hosting though. Why would you want to send all your traffic to Cloudflare for a home server? Why is tailscale needed to host web apps (in fact, I don't even know exactly what it is, other than it is some advanced VPN tunnel)?
I’d also love a built in config for one or more CDN providers (not just for home hosting!) which would take load off a server AND keep static sites up and running in the case of a server outage.
If you need a CDN for home hosting, I think use cases are getting mixed up. To clarify, in my mind, the home hosting use case is meant to replace personal use cases like photos, calendar, notes, documents, files etc (think NAS use cases). None of these require a CDN. If you want to host an online web shop or a video website or public blog or email server, go ahead and put it on a VPS. Hosting at home is not the right solution for those use cases.
-
@girish said in Notes on Cloudron, crowdfunding app packaging:
Mostly home hosting and VPS hosting don't really differ that much minus the networking complications that come with a home network or an intranet. I don't think you need Tailscale or Clouddflare for home hosting though. Why would you want to send all your traffic to Cloudflare for a home server? Why is tailscale needed to host web apps (in fact, I don't even know exactly what it is, other than it is some advanced VPN tunnel)?
One argument pro something like Tailscale etc. is that the average home network setup does not offer the same security abilities as a professional data center. My router has plain port control but not much more (e.g. the - often requested - network blocklists). Of course, one single home server has also a different risk vector, hopefully. In any event, securing some sensitive apps (such as Nextcloud / Vaultwarden) via a "advanced VPN" solution might make sense.
-
@necrevistonnezr said in Notes on Cloudron, crowdfunding app packaging:
One argument pro something like Tailscale etc. is that the average home network setup does not offer the same security abilities as a professional data center.
True. Initially, I added a basic firewall in Cloudron with blocklist but I found that all the traffic from china was entering my local network and getting dropped at the VM. Comcast treats this as traffic anyway and downscales the full network speed. I had to somehow stop traffic from even hitting the network. That's when I found my previous router (netgear) doesn't even have a basic firewall When I went shopping 6 years ago, I found that firewall was now sold only in "business" routers which are > 600 bucks. I ultimately settled on synology router (which is not a very well known product, but it works really well).
In any event, securing some sensitive apps (such as Nextcloud / Vaultwarden) via a "advanced VPN" solution might make sense.
It's in our TODO list to allow access to specific apps only via VPN. The ever growing TODO list
-
Just to say, in many ways all apps that staff package, and all the apps in the app store which they maintain are already crowdfunded, in that they are funded by the crowd of customers who buy Cloudron licenses
-
I have added https://docs.cloudron.io/installation/home-server/ and also https://docs.cloudron.io/installation/intranet/ for a start. They are also linked from the main installation page.
-
@girish said in Notes on Cloudron, crowdfunding app packaging:
In any event, securing some sensitive apps (such as Nextcloud / Vaultwarden) via a "advanced VPN" solution might make sense.
It's in our TODO list to allow access to specific apps only via VPN. The ever growing TODO list
@necrevistonnezr Might be useful to know that there is a Nextcloud app, "Restrict Login to IP address" that can be used to restrict access to Nextcloud except via enterprise VPN. I used that successfully for a number of years, though as with everything Nextcloud it can break on updates if the app doesn't keep up!
Having used cloudron in both the business (SME) and home settings, I concur with everything that's been said here about cloudron being completely suitable for home use, albeit with different use cases.
On the install guide it might be useful to explicitly mention the subsections on Home Server and Intranet, in case people don't look at or see the side bar (easy to do outside of viewing full screen). Something as simple as something at the end like "Additional information is provided for those seeking to install Cloudron on a home server or intranet."
-
@girish a CDN can perform a number of different purposes.
Including if I’m hosting stuff behind a home connection that I’d like to stay up! Eg my home internet goes down, a CDN can keep serving up static content.
And: serves up cached content that never has to be fetched from my home connection.
And of course — ALL of this stuff is pretty far beyond basic home use. It’s great that Cloudron enables it at all.
-
@girish Tailscale is what many people use to access their home networks. It’s a private overlay network that makes it very easy to connect any devices as if they were on a private routable LAN.
Lots of run stuff at home geeks have it on their phone / laptop / home desktop as a way to access their devices from anywhere.
You can specify egress points. So, if you and a very small / cheap VPS / cloud something, you could use that to expose your home network without having to deal with what your router can do.
It’s built on the Wireguard protocol that is now in the Linux kernel.
There are of course tons of professional uses too, like making arbitrary private networks between any devices.
There’s an open source implementation called Headscale https://github.com/juanfont/headscale
-
@jdaviescoates said in Notes on Cloudron, crowdfunding app packaging:
Just to say, in many ways all apps that staff package, and all the apps in the app store which they maintain are already crowdfunded, in that they are funded by the crowd of customers who buy Cloudron licenses
No that’s the business of Cloudron: maintaining and supporting the core software, and deciding which apps to add and maintain or drop.
As I mentioned elsewhere, getting a strong signal from paying Cloudron customers could be helpful in understanding which apps to keep.
I get the analogy you’re trying to make, and I’d welcome a formal “fund this new app” run by Cloudron.
Luckily, the packaging format is all open, so we can also fund private / custom apps as we like. And the team can even choose to take over maintenance and offer it officially if they like!
-
@robi yep! The dual edge sword of "fund the feature" and "fund the long term maintenance" has always been a challenge in open source.
It might be interesting for active members here to make a stack ranked list of the apps they run a lot / would "vote for".
-
@jdaviescoates not by paying licenses, which is what most aligns with Cloudron’s business model and effort required.
Also, people don’t change their votes. There’s a “decay function”. Maybe I loved AppX when it came out, but want AppY now.
Anyway, this is most interesting to look at over an arc of years, and hopefully Cloudron can continue to be sustainable.
-
@LoudLemur _DNSLink is a feature of the IPFS protocol that you map a TXT record of the hash of the root of your published website or app and then CNAME at a single IPFS gateway. This means you don’t need to run a gateway for each domain.