SignServer - online document signing

Could be useful, don't think we have already an app for this.
https://www.signserver.org/
https://hub.docker.com/r/primekey/signserver-ce

I'm sure something similar has been asked already but I couldn't find it on the forum.

Would it be possible to add to following features of User & Groups in future version of Cloudron:

• subscribe users to a specific domain (say with another drop down option for each users: default being "all" but with the possibility to select domains individually - as it is down for selecting group membership). Those users would then only be allowed to login on apps which are installed under that/those particular domain(s). Effectively this is no different that manually creating a group for each domain and then manually setting the correct access permission when installing apps, except that it would automate that process by creating those groups in the background for each domain and setting the correct rights automatically. Also it would be helpful for implementing the "3. per domain user management" aspect of the "domain admin" feature below

• create a "domain admin" role to give some members admin rights but only on certain domains so that they can (and only can): 1. access all apps and email settings on a given domain(s); 2. an managed all of apps on that/those domain(s) 3. can see all users subscribed to that/those domain(s) and can invite new users to that/those domain(s). So as role we'd have: Owner, Admin (would automatically be administrates all domains), Domain Admin (which when selected would open the drop down menu to select domains without the "All" option), Users (which when selected would open the drop down menu to select domains, with default choice on the "All" option).

It feels these two features would greatly enhance cloudron management for cases where you don't necessarily want to have admins able to administrate all domains (either for security reasons and for reducing admin time) but still want someone able to configure email accounts / lists, manage apps and invite people.

Here is just some concepts and some ideas on how it could work on the UI side. Hope this proves useful.

Hello,

Is it possible to integrate mailman to cloudron to be able to manage email lists?

It would be a great feature to have.

@girish Yes you are right that the post started with different domains but this is because I had in mind the case of an organisation that uses separate domains for different activities, with different people being in charge of those different activities. While you are right that Cloudron does a fantastic job as isolating access to apps with the Group feature, as soon as if you give Admin right to someone, then they get full access to everything irrespectively of group / user access rules (which is of course kinda of the point of an admin!).
The issue is that in the case I mentioned, it would still be useful to give some people the ability to at least managed emails, users and apps for their particular domain / area of the organisation.
While this may not be a "common" case, I reckon it is not super rare either.

That said, the thread though as kinda of evolved into looking at ways to fine tune the rights of the Admin role rights rather than a split per domain as it started original. Lots of ideas in there. Maybe another intermediate Admin role could be step in that direction to delegate some rights (like email management) to people which would be useful in large organisations (see my second post) without granting full admin rights ?

@scooke I too would very much like to use Kopano Meet with external users (without them to login into my Cloudron), so like you I think it would be a great feature to have but still, I think we should be grateful on the fact some developer bothered making a Cloudron package even if there are limitations for now and not be too harsh or focused on criticisms and enjoy that we got a videoconference app running on Cloudron. And maybe kindly ask for support if you're trying to do something which you cannot do on your own (I believe the Kopano Meet Cloudron app has an open source code which you could be modify to add the functions you want, if you know how to do it).

As @fbartels explained, Kopano does have this functionality, it "just" needs to be configured. Now the "just" doesn't seem very straightforward and yes it'd be great if someone could package the app with that function turned on. Maybe @fbartels can help? Personally I'm not a developer so I can't help with this but appreciate any work anyone can put into this or into anything else that makes Cloudron better.

@jdaviescoates said in Meet Kopano (unstable version) - a few questions & problems :

with full p2p WebRTC apps like Kopano Meet all users need to have enough bandwidth for all streams or something

Here is a nice explanation of the pros and cons of the three main typologies used for video conference: p2p / MCU / SFU

Is there any update on this app? It would be awesome to have it!

Also might be of interest:

An article which test a methodology to compare SFUs, and then test a few of them. Results probably do not reflect real case scenario though.

@jdaviescoates I see, thanks for enlightening me! And thanks to @marcusquinn for support this and to @murgero for doing it! I'd also be happy to support this and will talk about it with some colleagues too.

Would be great to manage mailing on cloudron.

There is a topic on mailman so here is another one for Sympa which looks like a pretty good option too.

www.sympa.org

@jdaviescoates Thanks! That would make sense, I just wonder in that case why what seem to take time are the cp commands (and not the rsync)?

This is probably more a questions than a problem...

I am using incremental backups (rsync with hardlinks) on my Cloudron instances (to a Hetzner storage box via CIFS). Nevertheless backing up takes over an hour even if there have been no changes (for e.g. if I trigger one backup after another).

The time spend is on the transfer of the app container e.g.:
box:shell copy spawn: /bin/cp -dRl /mnt/cloudronbackup/snapshot/app_af90ceac-46a1-476a-88f8-26d36c6e2bcd /mnt/cloudronbackup/2021-09-25-082136-063/app_eg.mydomain.com_v4.10.2

Is there a reason for this or is this a problem?

Many thanks

Hi,

I have three Cloudron instances, two VPS hosted with Hetzner, one hosted with netcup. I have a Hetzner storage box for backups.

All three VPSs are doing backups on the Hetzner storage box mounted via CIFS (with exact same config, just different backup directories).

On the instance hosted with netcup, backups regularly fail, usually with "code 1 signal null".
Sometimes starting a backup manually works (i.e. the backup complete fine), other times I still get the "code 1 signal null" when running it manually in which case I have to reboot the whole server then I can trigger the backup manually and it works.

After a server reboot, automatic daily backup might work for one day or two and then stops working and fail everyday.

Looking elsewhere on the forum I tried to remount the storage box but it does not help. Backups work fine on the two other VPSs. I also made sure backups don;t happen at the same time on all three instance in case that would create issues.

I have several log files corresponding to each time a backup failed, can you put them up here or is there sensitive info in them?

@oj Great thanks.
@staff @appdev Do you know if all those requirements can be baked in to the current Cloudron NC app or would it work best as an additional app that links with NC?

@girish Makes sense. It's just I hadn't seen a minor Nextcloud release before so I got confused with this one (especially as it doesn't look like there is the usual patch release a month after the initial NC22 release).

Update: ok so in fact this is a new thing. Though in their blog post they seem to imply that this minor release does include a large bunch of bug fixes over 22.0.0 and is safe to upgrade (in fact they strongly advice to do so). There will not be a 22.0.1 and because they did include one small new feature (multiple email addresses) they named it 22.1.0 instead.

So wouldn't it make sense to push that one instead?

I'm sorry if I ask a dumb question but I saw that in some of my Cloudron the update to nextcloud to 22.0.0 had been pushed, whereas 22.1.0 is out, is this normal? Isn't 22.1.0 correcting bugs from 22.0.0?

I'm not too familiar with the middle digit release update in nextcloud release cycle so unsure what it actually means (as it is neither a major, nor the usual minor update). I don't think I have seen those before (nor do I see any in the nextcloud server github).

@girish Ok I'll let you know if it happens again. Anything I should be watching out for when it happens again to help figuring out where the issue comes from?

Regarding version: the first time the issue happened was on 14 July so a good week after the nextcoud upgrade to 21.0.3 (package 4.9.2) and almost a month after the upgrade of the group folder app to 9.0.2. In between three times the issue happened there was no version change (or upgrade) of either the nextcloud package or the group folder app.

Nextcloud 22 advertise as a feature the integration with EIDEasy, Docusign, LibreSign for document signing, yet only LibreSign seem to be available.

And the LibreSign nextcloud app requires installing some components manually (Java and JSignPDF) which sounds a little problematic if integrated with Cloudron. Does anyone know if this is doable. It would be great to be able to sign documents using Nextcloud.

See details here: https://github.com/LibreSign/libresign/blob/main/README.md#setup

An alternative is to use something like SignServer but that's a whole other app to package which sounds like more work than adding the capability to nextcloud.

@jdaviescoates I'm not actually sure what it involves to enable this but do we know if anyone is working on it? Is it actually a separate app or just some specific config with a reverse proxy and redis? Does anyone know what are the missing pieces for it to work on Cloudron?

@girish Sure, I've disabled the update