Cloudron Forum

That’s a great point about the automated scrapes. Even if it's 'security by obscurity,' sometimes just not being an obvious target is half the battle! I’m really looking forward to the per-app IP whitelisting mentioned here - that seems like the most solid way to handle this without breaking the external webhooks. In the meantime, the OIDC workaround looks like a solid stopgap to at least add an extra layer.

Thank you, I just wanted to say that this worked!

In the end I used S3 compatible option to set this up successfully. IDK why I could not get the Scaleway option to work. Thanks all for your help & input

@Jamie_Casper can you give us an example that's more specific?

Is cloudron@ the admin or default user?

@LoudLemur i'm working a lot with strapi, developed plugins and more So yeah, it def. has its limitations or "weird edges", but in general i'm happy with it as backend for my apps. And like you said, strapi is more for serious business depending logic (with more effort in CI/CD) while directus is more for non-technical and quick-deploy setups.

In https://forum.cloudron.io/post/118908 @girish rightly questioned how private bundling stock Excalidraw is, and as a result whether it is not just easier to use the hosted version. But I like Excalidraw ! And I want it on my Cloudron ! And I want it to be as private as possible (completely private maybe not possible). And I liked @chmod777 suggestion in https://forum.cloudron.io/post/120436. So I have made package changes and pushed 1.1.2. There is now a file /app/data/user/json where you can set 2 options. {"privacyBundle":true,"useCSP":true} the first removes some stuff from the image (actually technically, builds a stock repo bundle, and a bundle with stuff removed) the second injects headers in your browser to stop the browser calling certain remote sites. Restart container after editing, of course. There is then also a new script in container /app/code/verify-runtime.sh which outputs diagnosis, with a summary at the end : == summary == settings: privacyBundle=true, useCSP=true servedIndex: /app/data/www/index.html bundleMatch: privacy cspMeta: YES cspConnectSrc: 'self' blob: privacyEndpoints: YES externalStringsInBundle: firebasestorage.googleapis.com, libraries.excalidraw.com, scripts.simpleanalyticscdn.com, excalidraw.nyc3.cdn.digitaloceanspaces.com externalStringsMeaning: present in static files, not proof of requests Is it private? I think so, as much as it can be. The glaring violations have been dealt with. If you're in paranoia mode, use browser Dev Tools to check network activity. So, now, it's def worth having this modified Excalidraw on Cloudron EDIT : surprisingly having 2 app versions in the same app does not increase dockermimage size much. I guess because of sharing of layers. But nonetheless

Could you please check whether this applies to the PTR4 record as well? As I hadn’t configured it on the Cloudron – since I was using a relay – I experienced issues with incoming email delivery until I configured it. I then configured the PTR4 record and everything was solved. I know that PTR4 record is related only to outbound, but I want to figure out if there is some relationship on what happened. Thanks a lot

I have pushed a new cli version now which supports showing more help info for cloudron build --help now