Cloudron Forum

We discussed this issue here: https://forum.cloudron.io/topic/12632/tarextract-pipeline-error-invalid-tar-header/24 I've encountered this problem twice... @sponch I have a question: Were the backups you're trying to restore still in their original location (where they were first created), or had they been moved/copied to a different Hetzner Box before restoring? I’m asking because the files I tried to recover (unsuccessfully) had been transferred between Hetzner Boxes, and I’m wondering if that could be the root of the issue. Edit: Were the files you tried to restore from the Hetzner Box originally created by the same specific Cloudron instance? Or were they from a different instance (e.g., after a reinstall)? I’m asking to help trace the root cause of the issue. @james I believe that in some cases encryption is necessary, so increased security inherently comes with the trade-off of being locked out of the recovery process. However, in this specific case, we should investigate the root cause of the issue, since it seems that has affected multiple users... @sponch @james Another hypothesis that comes to mind is the use of special characters in the password, which might not be interpreted correctly during the backup recovery process – Eg. a Gui problem –. I’ve since updated my passwords to only include uppercase letters, lowercase letters, and numbers (40 characters long), and the issue appears to be resolved... but this is only an hypothesis.

Hello @Laktasekampagne CORS can be configured in the app view in the Cloudron Dashboard. If you supply the exact CORS error, I may be able to help with the CORS setting that needs to be added.

Hello @eddowding I understand that it might seem "unprofessional" but the basic Cloudron subscription only includes: https://www.cloudron.io/pricing.html#self-support Self support * What is Self Support? For the Pro plan, we provide our software with no restrictions and limits. You can use our forum for help. Along with our active community, the Cloudron Team will assist you with any questions and issues at the earliest. For Service Providers, an additional support agreement can be purchased. Since the majority of people have the Pro subscription, a note that directs to the forum is only a formality to guide the user to the place where he gets help the fastest way possible. Do you maybe have a suggestion what we could improve to make it look less "strange and unprofessional"? Happy to get feedback.

Hello @charlesnw Thanks for the clarification.

Ok I found that the configuration is loaded from the login_soruce table, which has a JSON column cfg with OAuth2-specific fields. For reference it works like this: OAuth2 login starts in SignInOAuthCallback This calls GetActiveOAuth2SourceByAuthName to get the OAuth config GetActiveOAuth2SourceByAuthName loads the login configuration from the database This populates a models.auth.Source struct from the login_source table The Cfg field is parsed into the source-specific struct services.auth.source.oauth2.Source which contains the GroupClaimName and AdminGroup fields. Then SignInOAuthCallback calls function getUserAdminAndRestrictedFromGroupClaims to read these fields to get the user's admin status from the oauth claims. I looked at my login_source table: SELECT * FROM login_source WHERE type = 6 /*OAuth2*/ AND name = 'cloudron' AND is_active = 1; +----+------+----------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+--------------+-----------+-------------------+ | id | type | name | is_sync_enabled | cfg | created_unix | updated_unix | is_active | two_factor_policy | +----+------+----------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+--------------+-----------+-------------------+ | 1 | 6 | cloudron | 0 | {"Provider":"openidConnect","ClientID":"<snip>","ClientSecret":"<snip>","OpenIDConnectAutoDiscoveryURL":"https://my.<cloudron domain>/openid/.well-known/openid-configuration","CustomURLMapping":null,"IconURL":"","Scopes":["openid email profile"],"RequiredClaimName":"","RequiredClaimValue":"","GroupClaimName":"","AdminGroup":"","GroupTeamMap":"","GroupTeamMapRemoval":false,"RestrictedGroup":""} | 1752293846 | 1752293846 | 1 | | +----+------+----------+-----------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+--------------+--------------+-----------+-------------------+ Here you can see the JSON fields GroupClaimName and AdminGroup in the cfg column. So these configuration settings can be updated today with a query like this: UPDATE login_source SET cfg = JSON_SET(cfg, '$.GroupClaimName', '<group claim name>', '$.AdminGroup', '<operators group name>') WHERE type = 6 /*OAuth2*/ AND name = 'cloudron' AND is_active = 1; Obviously it would be better if this setting was exposed in app.ini, but this is enough for testing. And we'll have a stronger case for a PR to add this if we come with a live use-case. To me it seems like the next steps are: Figure out if Cloudron even exposes the group names and the app's operators group via OAuth2 claims Test to see if changing it by sql works Decide if this makes sense as a default Update the app to use it by default a. start.sh can open a subshell that tries to update these settings by direct query, checking in a loop every 5 seconds waiting for the schema to populate on first boot and for the login_source row to be created from config. b. Add the settings ENABLE_PASSWORD_SIGNIN_FORM = false and ENABLE_BASIC_AUTHENTICATION = false, and remove the first-time setup task to change the root password. c. Open an issue with Gitea to expose these settings via app.ini, remove the subshell workaround and use the exposed config options when they are available.

I've my Last.fm account since 2010, but nowadays I'm also scrobbling to https://listenbrainz.org/ as a backup in case Last.fm dies. I also aim to make my own scrobbler/stats independently from ListenBrainz and Last.fm, taking inspiration from https://coryd.dev/posts/2024/tracking-the-music-i-listen-to and https://sive.rs/ti

@Neiluj said in twenty - A Modern Open Source CRM: Reaching v1.0 seems like the milestone that should bring packaging this app for Cloudron into consideration no? This, as a modern CRM, would be a great and worthy addition to Cloudron I feel. This would be great to have.

I get this: docker inspect 5130e1789e1e | grep Memory "Memory": 5368709120, "MemoryReservation": 0, "MemorySwap": -1, "MemorySwappiness": null,

@timconsidine Well, it is good fun to see from which country you have a visitor, and maybe if you make it to double or even triple figure readership. If you are less confident in your skills, it helps you feel that you have the site up and running, too!

Has there been any consideration of adding RustDesk to Cloudron, or are there specific challenges preventing its inclusion?

@enerch Cloudron librechat package is not bundled with RAG API yet, so maybe we should wait next update to have it works

Thanks, I've been using SnappyMail for a while. It's mostly pretty good but also has some annoying little bugs and the developer isn't very active any more... This seems significant: Advanced mail search syntax with more possibilities – you can now use e.g. is:unread to only match unread messages. The test file has a list of implemented keywords. I also wonder if this can be leveraged by Cloudron? Improve support for OAuth2 (e.g. supporting OpenID Connect discovery URLs).