Upgrade to Cloudron 8.0 Beta - Success!

Well just gone through the upgrade process on a fresh instance through Hetzner to Ubuntu 24.04:

• Upgraded to Cloudron 8.0 and took backup to storage box. Downloaded the backup metadata file.
• Wiped server with ubuntu image from Hetzner and apt failed to do upgrade, moaned about missing files on the mirror. Tried to resolve but I wanted to try out an iso installation from Ubuntu directly rather than using the Hetzner images anyway so gave that a go.
• Installing from ISO is actually easier than I thought it would be, there was no messing around with the routes as discussed in Hetzner docs. IPV4 works out of the box, I decided to take the netplan config file supplied by Hetzner's imaging process for my server and used that on the fresh Ubuntu install to get IPV6 working.
• After wiping and reinstalling the new system I changed the SSH port and then ran Cloudron-setup. It installed 8.0 for me as it detected a Ubuntu 24.04 install.
• In the setup wizard clicked on the restore option and supplied the file. Realised then I didn't have my storage box password so had to change that in the interface. However once changed the restore happened and all my apps were back in around 15 minutes.
  Nice work guys, and I've always wanted to test the bear-metal restore from backup.

Hi.

I had a similar issue running this on my home lab setup when I was testing out Cloudron before I put it in my VPS. I diagnosed the issue because I was funneling all traffic through my own DNS server and blocking all outbound DNS queries using a firewall. From what I could see the default Ubuntu Unbound setup makes the system act as a recursive DNS server on 127.0.0.1 using root hints and the system's default resolution uses this server. I may be completely off the ball with this but this was what I was seeing back in November.

Andrew.

I've just done a migration of a few small VPS instances to a larger Cloudron instance, main reason because I wanted to run a small Mastodon instance. Mailman is the only app I've had to install manually alongside Cloudron. I can post notes here on how I did it but if we can get a Mailman package started that would be fab. I've experience with the Docker Mailman images as well as installing using Pip. My current setup uses a subdomain Cloudron doesn't know about, the mail for that is handled outside of Cloudron email via Exim. Only shared component is Nginx which is running the Cloudron apps as well as hosting the reverse proxy to Django using Uwsgi. Really impressed with the Cloudron ecosystem by the way.

I wouldn't mind betting that the majority of Mailman 2 instances now run on a CPannel host, there is nothing like that for Mailman3 and setting up Mailman3 isn't trivial and has put several people off. I've done some consultancy work for some small orgs who want to implement Mailman3 but there isn't much out there. I think it would be a real boost to get Mailman3 on a platform such as Cloudron.

Relating to the mail setup I'm not fimiliar with Haraka in any way. Would you look at controlling the lists in Mailman via the Cloudron interface so Haraka knows what lists exist for a given domain, or have the lists on a dedicated domain that Haraka sends mail out to via LMTP? Since Mailman 3.3.6 we can use RCPT TO callout verification via LMTP which may help. Prior integrations either use Postfix with generation the transport maps via Mailman or with Exim as each list has a directory in the filesystem which Exim can check to ensure it is actually a valid list.

Andrew.

I've tried for a while to get a good UK based VPS as I moved away from Bytemark a while ago and haven't found anything as good. I'd love to go with Mythic Beasts but they aren't competitive. I use Hetzner right now but there was doubting voices about them on Mastodon a couple of months back when they failed to stop some abuse, not sure what was exactly going on there.

I don't think this is possible unless there is a document I have missed somewhere. I wanted to do this myself for the same reason. I ended up moving SSH to port 202 and disabling password authentication, this has cut down all the SSH connection attempts. Cloudron configures the firewall to allow inbound port 202, no need to explicitly allow that port.

@girish Mailman only accepts messages via LMTP. If your mail server has issues with LMTP, you could get the Mailman container to run an MTA like Exim or Postfix. Haraka could send the email via SMTP to the MTA running inside the Mailman container, which would then do LMTP to Mailman.

Mailman has been Dockerised before: https://github.com/maxking/docker-mailman

These containers assume an MTA is running on the host and can pass LMTP to the Mailman container via the Docker network.

Hi.

So I'm running Cloudron on a Hetzner box as its providing me the cheapest VM size for the money. However I have identified one issue with Hetzner and that is the IP addresses being on most blacklists. I am looking at setting up a cheap VM elsewhere to run a mail relay for the Cloudron instance as I don't want to use a transactional email solution to solve this problem as they mess about with the headers too much, and I'm on just over 100 emails a day with the apps installed on this VM.

My paid Cloudron instance is on the Hetzner box but it would be really cool if we could have a second instance as part of a cluster and say mine out the email capabilities to that second instance. Is that something that could be looked at?

Thanks.
Andrew.

Hi.

I'm interested in moving my domains from Gandi to Mythic Beasts. There is a primary DNS API here:
https://www.mythic-beasts.com/support/api/dnsv2

How easy would it be to get this API integrated into Cloudron's domain management? Another option for me is to use Hetzner as primary DNS as I'm using them for the VPS.

Thanks.
Andrew.

I have been doing this for around 2 years as I run a Mailman instance alongside Cloudron and it works very well, however on occasions (upgrades) I find the /etc/nginx/applications directory is oblitterated and I have to copy my custom .conf file again.

Is there any chance we could get an include setup for a directory like sites-enabled where Cloudron doesn't touch files in that directory? I'm also interested if we can use the reverse proxy configuration tool in Cloudron itself to provide this capability but suspect it won't allow me to set up the custom features in Nginx I want.

I realise this is only supported on a best-guess effort but it would be really good if we could have a "you're on your own" directory where we know it won't wipe out the contents where we can add our own custom Nginx configuration.

Andrew.

I was looking at setting up an AdguardHome instance but wanted it to use the recursive Unbound DNS server as upstream rather than a third-party DNS server like Google or CloudFlare. Some questions on the Unbound config:

Unbound is used primarily for RBL queries (host 2.0.0.127.zen.spamhaus.org)

We cannot use dnsmasq because it is not a recursive resolver and defaults to the value in the interfaces file (which is Google DNS!)

In my case Unbound is using Hetzner DNS servers based on Netplan config. Should Cloudron use Google DNS by default?

server:
port: 53
interface: 127.0.0.150
interface: 172.18.0.1

Does this mean that in Adguard Home I can use 172.18.0.1 as the upstream DNS server?

[...]

    cache-max-negative-ttl: 30
    cache-max-ttl: 300

Though these options may make this unviable.

Thanks.
Andrew.