Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • 1 Votes
    5 Posts
    101 Views
    d19dotcaD

    It seems the issue here may have been a lot of CPU steal on my VPS, my provider has moved my VPS to a different host server and now it seems to be no longer timing out. Still monitoring, but seems to be the situation.

  • Turn off IP logging

    Moved Feature Requests
    16
    1 Votes
    16 Posts
    428 Views
    jadudmJ

    @tomw Apologies; I wasn't trying to suggest you shouldn't do this. I was only trying to emphasize that there is an entire system/chain that leads to your server.

    You might have:

    The nation-state working in tandem with local (or, are they state-owned?) ISPs to implement man-in-the-middle cert attacks, so that attempts to securely connect to your server are actually plain-text. The nation state, working with ISPs to compromise/log all traffic through DNS servers. ...

    https://www.cisa.gov/news-events/alerts/2015/04/30/securing-end-end-communications

    is an article that speaks to some of the kinds of things that you might have to do to begin securing end-to-end communications.

    Ultimately, I really don't know. I'm just suggesting---YMMV, etc.---that this sounds like something with high stakes.

    I wish you and your colleagues all the best of luck.

    PS. https://www.cjr.org/tow_center_reports/guide_to_securedrop.php looks interesting as well. Again, it doesn't apply directly to your case, but speaks to the broad spectrum of design considerations that go into architecting and delivering secure systems, where "systems" means "a combination of technology and people."

  • Add time to the event logs

    Feature Requests
    5
    2 Votes
    5 Posts
    241 Views
    ruihildtR

    Once I didn't find it, I hypothesized that by dowloading the logs, I would get more info, but I couldn't download them.

    Not sure if it would be useful, but I figure I'd mention it.

  • Domains & Certs Logs not clickable

    Solved Support
    2
    1 Votes
    2 Posts
    135 Views
    nebulonN

    Ah I see, there is a stylesheet bug when a background image is used. Fixed with https://git.cloudron.io/cloudron/box/-/commit/ccb925be5d9c9280a34b2a6e506a02d211ca5e9f

    Anyone curious about the issue, if filter properties are applied, all child nodes will be put on the same plane and thus multiple z-index values for that node tree does not apply.

  • Log view doesn't respond on session timeout

    Solved Support
    5
    1 Votes
    5 Posts
    282 Views
    nebulonN

    This is fixed for the next version.

  • What's the meaning of these log entries?

    Solved Support
    2
    0 Votes
    2 Posts
    118 Views
    girishG

    redis logs are of the format pid:role timestamp loglevel message . pid is container local.

    Role is:

    X sentinel C RDB/AOF writing child S slave M master

    Unfortunately, there is no way to change the log format in redis (afaik). We just need the message really (others are not useful on Cloudron). See also https://github.com/redis/redis/issues/2545

  • Increase logging duration

    Solved Support
    3
    1 Votes
    3 Posts
    122 Views
    andreasduerenA

    @girish perfect thanks!

  • Delete all logs of connectivity from users to server

    Discuss
    10
    1 Votes
    10 Posts
    493 Views
    marcusquinnM

    The rabbit hole is when you have to delete from backups too. Some people I'm sure try to weaponise GDPR to cost you time and the most inconvenience.

    (Best not even say here if you think that's the case, they might even try to claim they are identified by implying.)

  • 0 Votes
    6 Posts
    478 Views
    M

    @nebulon perfect, thanks for confirming!

  • 4 Votes
    1 Posts
    947 Views
    No one has replied
  • /dev/vda1 is almost full (docker?)

    Unsolved Support
    9
    0 Votes
    9 Posts
    1k Views
    girishG

    logrotate is run via the system cron. You can check these:

    /etc/logrotate.conf should contain the line include /home/yellowtent/platformdata/logrotate.d in the very end.

    The file /home/yellowtent/platformdata/logrotate.d/platform should contain /home/yellowtent/platformdata/logs/turn/*.log

    As for cron configuration, systemctl status cron should say Active/running. There should also be a file /etc/cron.daily/logrotate .

    Other than that, it can only mean that turn server generated a massive amount of logs in a single day (seems quite unlikely but who knows).

    Does it rotate if you run logrotate manually? - Run /usr/sbin/logrotate /etc/logrotate.conf ?

  • Implement default NGINX logging

    Solved Feature Requests
    2
    4 Votes
    2 Posts
    473 Views
    girishG

    @mastadamus thanks so much for investigating. I have removed it for next release (7.1) - https://git.cloudron.io/cloudron/box/-/commit/6492c9b71f80120413ff4ae7eefa2f03dc96ea0f

  • logs explanation

    Support
    2
    0 Votes
    2 Posts
    328 Views
    girishG

    @vladimir-d The only other case an app is restarted without anyone triggering it is if an app using the tls addon had the certificate renewed. Unless this is a custom app, there is only the AdGuardHome app that uses the tls addon. So, is this app AdGuard Home?

    I think you can get more insight by looking into the corresponding logs at the lines above those lines. What does it say above the lines you posted?

  • Log viewer performance does not scale well

    Support
    9
    1 Votes
    9 Posts
    689 Views
    robiR

    @girish lol, "Just do it!" πŸ˜‰

  • NodeJS app logs do not show IP address of clients

    Solved Support
    3
    0 Votes
    3 Posts
    843 Views
    jimcavoliJ

    Note: It took me a minute to put this together while @nebulon was responding and I got pulled onto something else for a minute, but I think the detailed writeup is worth having for posterity, so I'll post it anyway.

    So what's going on here is that the app in question isn't reading the "right" headers to find the remote address. Basically, the inbound requests come in and hit the box-level nginx reverse proxy, which forwards the request on with the original inbound IP in the X-Forwarded-For header. Since from the sound of it, you're just routing straight to your app in the container, you'll want to either reconfigure your logging library to use the forwarded IP header as the client IP or drop nginx or similar as a reverse proxy in front of your app and configure it to rearrange the incoming headers as your app needs.

    Sounds like you can just adjust a configuration so that this (your existing flow) works nicely:
    container-sans-rp.png
    Basically, here, the headers are adjusted in the "Step 1" processing as they reach the Cloudron so when they reach your app, the proxied headers have already gone into place. Again, this configuration should be fine with the configuration that @nebulon mentioned going in, since that should reconfigure your framework to read these adjusted headers correctly.

    Failing that, or for apps with more complex setup or which aren't able to read those headers on their own by configuration, the solution is to further proxy those requests, by adding nginx or similar to take over the "Step 3" handoff and smooth out any specific details (like re-adjusting headers) for the app, and having it proxy those requests down to your app, all in-container, so that the logging and such in your app will all match up with expectations/reality. The whole point of the second reverse proxy when it's added it to make the world appear as it needs to for the app and/or its components inside the container.
    container-rp.png

  • Cloudron time vs App time mismatch

    Support
    2
    0 Votes
    2 Posts
    324 Views
    nebulonN

    @robi for the first logviewer mismatch, this is because the first time shown is from the logservice itself and is translated into the local time of your browser, whereas the second comes from the app itself and is just treated as a plain string. Apps normally run in UTC.

    For the winscp part, I am not sure how winSCP translates timestamps. The folder names are set from server time.

    I don't think any of this will have anything to do with DB reconnection, if you have any issue there, please make a new entry in the TS forum section with some more info.

  • How to dedupe lines in a file efficiently

    Discuss
    10
    0 Votes
    10 Posts
    609 Views
    robiR

    @girish I am referring to any that don't need to be written to disk.

    You can use the lines for what you need in memory.

  • Understand what caused CPU intensive use

    Support
    9
    0 Votes
    9 Posts
    688 Views
    P

    @girish Yes, in fact I did not understand... 😞 To many logs to check with vi

  • Application logs not available

    Solved Support
    7
    0 Votes
    7 Posts
    650 Views
    marioM

    @nebulon clearing the cache did indeed help - thanks @girish