What's coming in 4.2

murgero

@yusf If you don't mind a bit of a "hack-n-slash" you could open up ports 389 and 636 in iptables to access the cloudron ldap server remotely

yusf

@murgero That sure is filthy but if also IP restricted and/or tunneled it may be okay?

murgero

@yusf You can restrict the port in IPTABLES as well, I don't remember if cloudron uses just IPTables or UFW but here is a rule for both that would work for routing to internal networks only:

UFW:
ufw allow from 192.168.1.0/24 to any port 389
(This allows from the 192.168.1.0 network to TCP/UDP port 389. You can change the word "any" to "tcp" to restrict it to TCP only as well.)

IPTABLES:
iptables -I INPUT -p tcp -s 192.168.1.0/24 --dport 389 -j ACCEPT

Please research what cloudron uses as it's firewall (I am almost positive it is iptables).

Also note - This is an unsupported modification too.

Also also note - You can probably make an app that can proxy this connection instead, using a different port, you can proxy to the LDAP server instead. (Say port 1389 as an example). This would probably work better since LDAP clients normally allow you to configure a port to connect to anyway.

yusf

@murgero Thanks! Though very unsupported also very interesting. Thought about the proxy app approach but you know my level id of expertise: not enough.

murgero

@yusf Maybe it will be my weekend project this week. Build an LDAP Proxy app for Cloudron.

I'll hit you up on Matrix if I get something working.

iamthefij

@murgero I’ve been meaning to do the same.

Should be doable with something like HAProxy, but I wanted to use some better auth mechanism, so I’ve been working on this: https://git.iamthefij.com/iamthefij/dockamole

The server is essentially just an ssh server that is configured to disallow running commands and only allow port forwarding. The client can be run anywhere and it exposes the ports for you.

I’m planning to run a server on my Cloudron to forward LDAP and Graphite (hopefully), and then I can deploy a client on my other VPS. I also plan to do the same with my NAS at home so I can have my VPS access it without exposing http access to my home network.

There are many ways to do this though.

fbartels

@iamthefij said in What's coming in 4.2:

There are many ways to do this though.

True. I was more thinking of using stunnel for this.

yusf

@yusf said in What's coming in 4.2:

It's out!

Nope, it's not out. I've recieved a notification of the new version on one Cloudron but I can't install it yet.

nebulon

It is not out yet due to regressions in the app task management. We are working on this and will announce it when it is really out. Sorry for all those update available notifications which appeared to have been issued in between.

girish

Alright, we have started rolling out 4.2 slowly. If someone here wants it early, ping us on the chat as always. Thanks for your patience!

yusf

I’ve received another notification saying

Cloudron v4.2.5 is available

but this update too is nowhere to be found.

girish

@yusf Did it work out?

4.2 is now available for all

yusf

@girish It did update, yes.

necrevistonnezr

I have one SSD and one HDD in my homeserver running Cloudron 4.2.6 - neither are shown in "Graphs"...

girish

@necrevistonnezr Can you open a separate thread for that (since I am going to close this release thread and announce 4.2.). Can you also please provide the df -h output in the post. Thanks!

fbartels

Hi, I was wondering if there is already some documentation for the external LDAP support. Wanted to see if I could hook my cloudron to the ldap tree exposed from my Univention UCS.

yusf

I've this problem with 4.2.x now that makes the memory graph only show app memory usage from my main domain. Reproducable?

murgero

@yusf My memory graph is seemingly ok, I can see all 3 of my domains in it.