@nebulon there was no error reported by cloudron. The issue was that if I tried to curl, there was nothing returned back (I don't remember the exact reply -- sorry for that). Basically it was like nginx was not routing properly, as if nothing was running at the subdomain.
I patch the my.domainname.fr.conf with the missing part (taken from my other Cloudron server).
I then uninstalled and re-installed jingo, and everything seems to work fine now.
Sorry @marcusquinn dident see that you was using ghost for your blog.
in that case, SP_mod will be really a bad choose because front-end and back-end are separate similar on how angular/react works.
I really advice you do optimize your image manually for now, and w8 ghost will release some improvement on that.
@girish I think all these % numbers are a bit misleading and opinionated - but as you rightly detail it's a case of looking at the appropriateness of each item and reasonability.
It's impossible to know or remember everything but still a nice too for a quick review to see if there's any easy wins, and I suppose the scoring mechanism could be handy marketing for some once a certain level is considered reasonably hardened.
Changed As it is the default configuration for Roundcube it is working like intended and we could leave it like this? I don't think its a rare use case but maybe it could be added to the documentation (which I always found very helpful).
@girish Went ahead and tried it and it works beautifully! Took a matter of seconds for it to load all my feeds. Really appreciate y'all's work on this. I'm becoming a bigger Cloudron fan by the minute
@ahkg the reason for whitelisting 172.18.0.1 give access to all requests, is that this is the ip of the Cloudron internal gateway into the subnet where all apps are running.
Unfortunately for your case the cloudron healtcheck also comes via this gateway. I think your htaccess file needs to check for the X-Forwarded-For header to check against the correct inbound address.