Cloudron Forum

Just got interested in this myself, seems like they use Docker Compose https://github.com/gramps-project/gramps-web/blob/main/docker-compose.yml

@girish said in Suggestion: Change WordPress app health check endpoint to /wp-json/ or alternatives: Have to investigate, but I think WP JSON API can be disabled (in fact, many sites recommend this) and one of these WP firewall plugins disables it. Agree, the first thing I do after installing a new Wordpress site is deactivation of the rest-api: https://nl.wordpress.org/plugins/disable-wp-rest-api/

It won't let me change it. root@sftp:/etc/ssh# chmod 600 ssh_host_rsa_key chmod: changing permissions of 'ssh_host_rsa_key': Read-only file system root@sftp:/etc/ssh# sudo chmod 600 ssh_host_rsa_key chmod: changing permissions of 'ssh_host_rsa_key': Read-only file system

@joseph said in Old system backups are not listed: wonder if the backupcleaner removed the entries from the database by mistake. Have you tried searching for the old backup in the eventlog? Maybe it hits one of the backupcleaner tasks . Just a thought. Thanks, Joseph. I checked the Event Log, but I don’t see any entries from backupcleaner or anything indicating that older backups were removed or pruned. All older backup folders are still present on the storage, but Cloudron simply doesn't list the system backups created before the upgrade to 9.x. To clarify: Older app backups are visible under each app, but older system backups are missing entirely, and restoring an older app backup fails with the fsmetadata.json ENOENT error. So it doesn't look like backupcleaner deleted the files – it just seems Cloudron no longer recognizes the old backups after the upgrade. Let me know if there is anything else I should check.

@SolarSimon I'd never even spotted those settings before but see e.g. here https://github.com/nextcloud/server/issues/53705#issuecomment-3012715584 In short, open the web terminal and run: occ config:system:set updatechecker --value=true --type=boolean It should then reappear for you: [image: 1764933999185-img_20251205_112552.jpg]

I guess that's a question for me. @d19dotca I haven't found the time yet, this will probably only be in 9.1 . Currently, we are getting the final 9.0.14 release out (and that's it to 9.0)

The intent of the page is to expose what is in the hardware/OS. I think you should ask OVH to set these values, maybe. We could make a new field entirely for a user to set, like server description, but the existing values should not be over writable. (Thing of it as akin to CPU name/OS name/OS version etc. These are not meant to be 'customized' or touched by the user).

Hello @vk182 @vk182 said in Hiding apps behind the proxy app to enable cloudron authentication: Do I understand correctly, that proxyAuth add-on will respect the Access Control setting of the app and allow access only to the allowed users via their Cloudron authentication? The target app may want the extra auth then but that is fine. You understood correctly. @vk182 said in Hiding apps behind the proxy app to enable cloudron authentication: Is there a way to add proxyAuth for the existing app? Yes that can be done. You can think of that process like an app update, that only updates the app to use the Cloudron proxyauth add-on and does nothing with the application itself. @vk182 said in Hiding apps behind the proxy app to enable cloudron authentication: p.s. Just as a side note, what is the best way to isolate the particular app from the public interface? If you have apps, that should not be publicly accessible, you could always only allow connections from specific IP-Addresses like e.g. a VPN. Example setup could look something like this: Main Cloudron server - running the VPN app and all other public apps Separate Cloudron server - named intranet running all apps that should only be accessible from whitelisted IP-Addresses like the VPN (public IP of Main Cloudron) non-public apps on this Cloudron intranet server People who should be allowed to access the intranet server get a VPN client cert The Cloudron intranet server can be connected to the Main Cloudron User Directory, thus syncing users for apps that have OIDC/LDAP For the Intranet Cloudron server, you'd have to configure the firewall on a hosting provider level to only allow access from the Public IP of the Main Cloudron Thus isolating public from intranet and still maintaining the comfortable setup of Cloudron User Directory. Also comes in handy if you don't want your public apps (like Website or Shop) to go offline only when you need to update/reboot the intranet server.

@james Thank you for pointing to this file. It's incredible to me that in 2025, with all the security issues around, that they decide to drop such a feature. This sounds inherently insecure. Astonishing! I followed your advice and established a new user and proceeded to delete the old admin user. Thank you for this suggestion. To other users of this app - they decided to call the admin role "Can manage settings and invite members, with full administrative access" instead of calling it "admin".

@AartJansen Looks like they now fully and openly abandoned the open source model which means users will likely have to migrate to other solutions.

@joseph excellent work. Seems like it was designed for an RPM distro.

The fix for this to clear the search filter on ESC if the view is active: https://git.cloudron.io/platform/box/-/commit/425e196dfc4f4c7e31870f36df7cab0417f7a523