Cloudron Forum

Update on the Cloudron NetBird package The packaging scaffold at https://github.com/marcusquinn/cloudron-netbird-app is fairly complete -- it uses the combined netbird-server binary behind an internal nginx that consolidates all the path-based routing (gRPC, WebSocket, REST API, dashboard) onto a single HTTP port for Cloudron's reverse proxy. What works (in theory -- needs real-world testing): Management API, Signal, Relay, STUN, and Dashboard all in one container Cloudron SSO via the OIDC addon Cloudron's built-in TURN server for NAT traversal relay PostgreSQL via Cloudron addon Backup/restore of all persistent state The one feature that can't work on Cloudron: NetBird's Reverse Proxy (v0.65+) This is NetBird's newer feature that exposes internal services on mesh peers to the public internet with automatic TLS. It requires Traefik with TLS passthrough -- the NetBird proxy container needs to terminate TLS itself. Cloudron's nginx terminates TLS before traffic reaches the app, so there's no way to pass through the raw TLS connection that NetBird's proxy needs. I looked at whether alpine/socat (TCP socket forwarder) could bridge this gap, but it can't -- the problem is Layer 7 (HTTP path routing, gRPC protocol handling, TLS termination order), not Layer 4 (TCP forwarding). socat only does port-to-port TCP forwarding and has no understanding of HTTP paths, gRPC, or WebSocket upgrade headers. This doesn't affect the core VPN functionality at all -- peer-to-peer WireGuard tunnels, NAT traversal, access control, DNS, network routes, and the management dashboard all work fine without it. The reverse proxy is an optional add-on for publicly exposing internal services. What's needed next: Testing on a real Cloudron instance (I haven't done this yet -- the packaging is based on docs and the combined container architecture) Verifying the internal nginx correctly handles the gRPC h2c proxying that Signal and Management need End-to-end OIDC flow testing with Cloudron SSO TURN relay testing for peers behind strict NAT If anyone wants to help test, the repo has a full testing checklist in the README. Would be great to get this into the Cloudron App Store. feedback welcome!

Hi James, Here's the config: File encryption used Storage: scaleway-objectstorage (tgz) at Paris (FR-PAR) / cloudron-backup-jf Content: Everything Schedule: Every day @ 02:00 Retention Policy: 7 daily, 4 weekly, 12 monthly Last run: 23 Feb 2026, 02:00 am

@nebulon User error confirmed after 15 minutes of testing. Note: adding another domain to Collabora requires the format [a-zA-Z0-9_\-.]*domain1.org|[a-zA-Z0-9_\-.]*domain2.org plus a restart. We should probably update the settings page with this info.

The root cause is that self-hosted Teams have no customerId (Stripe ID). The migration copies it onto the Subscription, gets NULL, then deletes the Subscription. Run these before upgrading: sqlUPDATE "Team" SET "customerId" = 'cus_selfhosted_' || id WHERE "customerId" IS NULL; Then create Subscription records for any Teams missing them. If you've already attempted the upgrade and it failed, you'll also need to clean up 10 partially-created tables before retrying.

Consider this an upvote/+1, along with kudos on @marcusquinn 's packaging of NetBird.

You're going to be seeing alot more of these going forward. Https://Cognitum.one is another impressive FPGA+rPi4 for fast, ultra low power local AI agents

Malwarebytes free on windows. It detected a sneaky and persistent cryptomining malware that windows security missed. You get the occasional notification ad to buy a subscription and a reminder that it hasn’t scanned recent downloaded files. Other than that, no complaints.

What do the logs say when editing? Sounds more like a RO FS issue while editing.

@girish said in Backups redundant?: @robi said in Backups redundant?: Made me ask to what would one restore this if not Cloudron (It's kind of special ! )? There is no standardized format for these backups, would have been great if there was one. One of my previous startups did have such a thing even though the focus was on app migration from any to any.

Wonder if Cloudflare WARP would help? Or own Cloudron VPN?

@marcusquinn Worth a look? Seems to be better in theory? Did you maybe tried both, does any-llm offer sames functionalities?

@rmdes Can you help? Am I doing something wrong?

@lanhild Thank you. I will explore the documentation.