Questions about Cloudron from a newb admin
-
I'm not really sure how to ask all this, I've seen the power of Cloudron, but not sure how to think about using it so that I don't set myself up for failure later.
All Cloudron apps work well together I guess? If I just have one server, it will be fine to use any Cloudron app with any other right?
In what cases should I consider using 2+ servers rather than one? Can one Cloudron manage multiple servers? i.e. I log into one my.domain.org (for example) , but really Cloudron has access to more than one server underneath.
Or is it better to run Cloudron with just one server? I'm guessing if I host it with something like a digitalocean droplet, then I can just upgrade my droplet as I need more resources and both Cloudron+DO gracefully adjust to each other?
I would think in some cases though it would be better to have multiple servers (if this is possible, please share links for how to set this up), for example, maybe having a server totally dedicated to something like a Matrix/Riot instance (so that its as fast a possible), and then have another server maybe for something like NextCloud. Please correct me if I am wrong... I guess there is also the question of cost, and whether one big server, or multiple servers dedicated to specific use-cases would optimize both cost and performance.
The other question I have is about user-management. I understand that Cloudron has its own system... But can other systems take over that role of user management from Cloudron? What are the recommended alternatives here for someone wanting to orchestrate something on the level of like multiple schools in a school system... and providing each of those groups with something like a SSO experience, but with a different set of tools made available in each case. (maybe this more abstract user management + auth is what would be used to span multiple Cloudron servers and give me that Holistic experience even if Cloudron can't do that entirely itself across multiple servers?)
I ask these questions because I am trying to set up a system that would let me do something like a school system, but where the "schools" are more like small informal learning groups who coalesce around a topic of interest, and then pull together a minimal set of tools to enable them to learn together in their domain of interest. Part of the point would be then to teach them how to self-host their own tools (likely on Cloudron too if thats how I'm learning to do it), so in some ways, my primary Cloudron instance would be more like a big sandbox for these groups to come learn and play in, with the intention of later leaving to their own space, and hopefully finding a way to federate.
Any help/advice here would be appreciated, even if its not related to something specific I asked above.
-
Welcome @Bortseb
Cloudron currently only supports one server where it is installed. Scaling the resources is done by scaling up the VPS itself and Cloudron will automatically adapt. A multiserver setup will come in the future, however so far we haven't found a customer who would be willing to fund such development, since scaling the server itself works quite well in our experience.
All apps will run isolated from one another, so it is totally ok to run many apps even multiple instances of the same app on the server.
Regarding your other question, there are mostly two different ways to achieve that. Cloudron has user groups, where you could separate those users and then setup the access controls accordingly for each app or to provide full isolation, you could just create multiple Cloudrons as such, one for each school/organization.
On top of this, Cloudron supports external LDAP/ActiveDirectory to sync users from an external directory into the Cloudron. This is especially useful to avoid duplication of user records in various systems.
-
Thanks! A couple more questions came up from your reply @nebulon
So if Cloudron is using an external LDAP system, then that becomes where users are managed from? or you can use both a LDAP and Cloudron's user management system at the same time?
Can I have multiple domains pointing at the same Cloudron server? Does Cloudron deal with something like this itself? or I would need something like nginx/caddy to deal with that? Can I so something more sophisticated like let someone log into what's effectively the same Cloudron server from different domains, but the domain that they choose to log in from determines what user, or facet of a user, they then interact in Cloudron with? (Maybe this is where the group system you mentioned could come in too?)
-
You can use both the external LDAP/AD or the Cloudron user management. Users synced from LDAP will be marked accordingly in the Cloudron dashboard.
Cloudron also can handle as many domains as you like, however the dashboard is only installed on one. So all users logging into that dashboard would have to use the same domain. From what I understand your case, it may be better to just create individual Cloudron instances per organization, then all this is probably easier to manage.
