RE: App Installation error : Failed to list domains: 403 message: [object Object]

This can be set to solved !

Cloudflare reply :

@girish So this is what's happening on the CF side when a cli command is ran :

For now the temporary fix is to create an IP access rule that make an exception for my ASN, waiting for CF to advise on the best way to implement this at a more granular level.

odd, in my laptop, with cloudron cli 5..3.0, it's even worst, it output a similar error message but even before asking for the 2FA code.

Failed to login: Login failed: Status code: 403 message: [object Object]

edit : and again, if I switch to my second cloudron, it login just fine and I can do cloudron list and any other cloudron cli command just fine...

@girish yes, lemme try that

@girish Nope, I'm the admin user and logged-in as such.

Strange part is that on the second cloudron I have absolutely no problem at all, from the same terminal, same setup, it's really strange

@robi Yes, 5.3.0

And I can definitely access my second cloudron just fine, without any error
so this is limited to my first cloudron, is it something related to my cloudron subscription?

Something definitely going on here with the login Token, because usually, when you the login session is valid, it shouldn't even ask to login, here, every time I do "cloudron login" even just after a login success I get to login again.

my cloudron.json looks fine though

I have tried to create a Token manually, with read/write access but it's all the same, it asks me to login again.

I'm having a strange error when installing my custom cloudron app https://github.com/osintukraine/media-search-cloudron-app

• my cloudron build worked just fine
• my docker login is fine
• my cloudron login seems to be fine, but i think that's where something is wrong?

So obviously when I try to install the app after the successful Build and Push
I get :

App Installation error : Failed to list domains: 403 message: [object Object]

So I thought, OK token may have expired ? So I do cloudron login my.domain.com again and the first line is :

Existing token possibly expired 403 message [object Object]

So I login again and same thing ??

It feels like my error is a bit similar to this one : https://forum.cloudron.io/topic/8366/failed-to-install-app-402-message-missing-token/23

Any idea what's going on here ?

@scooke

by default it is =false
but if the VPS is fresh, if nothing else have been done to the box
It seems to be safe to redo the install IF it crashed at some point.

redo="false" to "true"

@nebulon you're right, probably a network glitch

solution :
so I edited the cloudron-setup file, modified the line number 70 variable redo="false" to "true" and ran the install again, it all went flawless.

@potemkin_ai agreed, that would make it all super simple to setup, without having to add anything special on cloudron side, perhaps different webhooks for different alerts and then leave to N8N/ntfy node the definition of how it has to be processed.

@girish Oh great, that seems good then, happy to test it when it's available !

@potemkin_ai It seems ntfy is now available in the app store :)))

it would be really neat to be able to use ntfy priority management of notifications to on the cloudron side define which notifications are more important than others, so to be able to have silent notifications or very visible popup notification for more important alert, but I guess for this to work, Cloudron should have a notification API that could integrate at the cloudron level with ntfy ?

@benborges said in serious Cloudflare goof:

@girish just thinking out loud but if this is implemented, then other areas where an action create a subdomain on the fly should also have this proxying option available, such as that is, if the domain is handled by CF dns.

Maybe I'm confused, but unless this logic isn't build at the app deployment too, then yes for the main deployment it will work, but not for individual app additions ?

Ideally, if the domain is handled by CF, having a check box to directly proxy the sub-domain installations through CF would be great, but I understand that would add to much CF specific things to the app deployment at cloudron level ?

@girish said in serious Cloudflare goof:

Oh well, I added a checkbox to set the proxying flag for new DNS records. I was in two minds but "security" is plastered all over cloudflare's marketing and docs about this feature. So, people will always have whatever opinion that cannot be changed (including mine ).

It's disabled by default. From Cloudron's point of view, this is the secure default.

I think this one is great, it will already improve CF + Cloudron for tons of use cases

@girish Yes that's I'm currently doing, I mean, heading to CF dns dashboard each time I add a new sub domain/app but this means that during a brief period of time, the IP leaks without being proxied.

I understand if Cloudron does not want to head that way but this means that for high-threat level environments, cloudron should not be used behind CF.

@girish just got the same issue on a clean new contabo vps with ubuntu 22
=> Cloudron version 7.3.6 ...

it appears to be related to node v16.18.1

this is the end of the cloudron-setup log file :

Setting up docker-ce-cli (5:20.10.21~3-0~ubuntu-focal) ...
Setting up pigz (2.4-1) ...
Setting up git-man (1:2.25.1-1ubuntu3.10) ...
Setting up docker-ce (5:20.10.21~3-0~ubuntu-focal) ...
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /lib/systemd/system/docker.service.
Created symlink /etc/systemd/system/sockets.target.wants/docker.socket → /lib/systemd/system/docker.socket.
Setting up git (1:2.25.1-1ubuntu3.10) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.19) ...
2023-02-23T11:37:39 ==> installer: switching nginx to ubuntu package

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
Package 'nginx' is not installed, so not removed

Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Reading package lists...
Building dependency tree...
Reading state information...
nginx-full is already the newest version (1.18.0-0ubuntu1.4).

0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
2023-02-23T11:37:42 ==> installer: installing/updating node 16.18.1
node-v16.18.1-linux-x64/bin/
node-v16.18.1-linux-x64/bin/node

gzip: stdin: unexpected end of file
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now

@girish just thinking out loud but if this is implemented, then other areas where an action create a subdomain on the fly should also have this proxying option available, such as that is, if the domain is handled by CF dns.

Would love a ntfy.sh integration for this, much easier to "consume" and stay alert on than email in my opinion

@nebulon I'm getting Timing buffered disk reads: 906 MB in 3.01 seconds = 301.48 MB/sec
this again seems to be a contabo issue more than anything else

@nebulon This was a strange episode, still unclear what happened, but everything "came back" to normal for some reason.

@girish on another note, I'm noticing serious issues with the cloudron mail server when used in conjunction with CF, emails sent to me bounce back and the contacts have no way to alert me that their email bounced back, it's still unclear to me why they bounce back, but Cloudron + CF + Self-hosted email server is definitely not working as it should : thunderbird or outlook autodiscovery of email setting fails and even they don't (not sure why in some case they fail and some case they don't) it's impossible to use thunderbird with CF + Cloudron, there is just no way to add the mailbox user.

no issue sending emails, no issue with app emails sending emails to emails hosted by the cloudron, no issues sending emails outside.

problem seems to be getting them. Took me months to notice this problem for instance because i wasn't keeping an eye on the Mail log.

@girish true, haven't explored that part yet, but I'll have a look and report back

@girish I'm using cloudron + CF for osintukraine.com, these consideration are super important in adversarial environments, (the question here is not about CF ethics etc..I'm fully aware of them, but still had to use CF for a bunch of very valid reasons)

So yes, the proxy at setup of the app itself would definitely help CF users, I can confirm that every installed app in a CF handled domains, requite to login to CF and manually set proxy enabled.

Since cloudron has full access to CF via the API it would be perfect to allow to set the proxy from the get go, including for the my subdomain.

The problem I'm seeing is that my subdomain is also the MX dns entry
so even if all apps get proxied properly from the start, the MX entry in itself almost render the use of CF + Cloudron useless in a very critical environment.

OSINTukraine will be moved back to registrar DNS because ultimately, my domain is already burned, the only thing that kinda save me is that I setup a system that redirect any direct targeting of the box IP back to CF, but again, my IP is burned.

1 year after, I can say that the environment does not seem to be that dangerous for the project I'm running, hence considering to move back.

@nebulon nope, nothing, that's odd

@nebulon not sure why/what happened but the N8N came back to live just now and the Element & Matrix app too...I may need to move some app out then, will test,

thanks !

Opening this topic here in relation to this https://forum.cloudron.io/topic/8559/upgrade-to-version-4-16-2-end-in-not-responding-state?_=1675002144383 because I want to report what I did.

I restored backups from up to Two weeks ago in an attempt to recover my N8N app but to no avail, no matter what I do all I see is the container being recreated and starting and then nothing, absolutely nothing, no log, not error, nothing.

none of these backup restore managed to reboot the app properly.

So right now I'm not even sure what's happening, reverting back to previous version with Nextcloud worked fine (app is now running with upgrade disabled) but for Metabase and N8N I can't understand what's happening.

Because I have another cloudron to compare and none of these issues are happening.

@girish email sent, but not sure you received it?

@JLX89 I suspect the name of the fields on each side must be the same for the mapping to work ?

The more I dig about this the more I think it may be unrelated to Nextcloud?

I have right now, NocoDB, N8N and Metabase apps in "not responding" mode after the their respective last package upgrade.

this for one cloudron v7.3.4 (Ubuntu 22.04.1 LTS)
Nocodb log are strange, crash just after the app start and nginx config done

it's like the logging stop but still display the last "running" log when the app was online? the timing match the time it has been down and the two package upgrade that occured.

N8N logs also stopped the 29 this is just when the app started its upgrade, then rebooted and stopped logging ??

Same for Metabase :

I can restart the app or go in recovery mode and see the log working for these steps, but the moment the apps should actually boot, logs stop and that's it

But curiously, 2 N8N instance on v7.3.5 (Ubuntu 22.04.1 LTS) do not seem to be suffering the same issue.

These apps in "not responding" mode seem to be crashing without any log beyond the restarting progress in the terminal, nothing happens after that.

Should I bring this over to email support ?

@girish 200 but again, right now I'm not on that version, i'm on the version that works just fine.

@girish that's the thing, even with debug, I can see nothing

curiously, other Nextcloud app on the same cloudron are upgrading in automated mode just fine, so that should be a hint that it's maybe a particular nextcloud app provoking this in this particular nextcloud.

i'll debug some more and try to update again with debug true at the get go and see if I can catch something

@murgero I wish Cloudron would have some kind of native integration with self-hosted ntfy.sh

that would be dope, to organize events alerts

I spent a few hours trying to make the upgrade work

• disabled all apps
• even in recovery mode I could not access the web terminal
• enabled debug to True, but nothing came up
• even with all apps disabled by renaming the apps/ folder, it would not boot core nextcloud beyond the /healtcheck point

I had to restore to 4.15.0 to have it back online

• Nextcloud 25.0.1

context Cloudron v7.3.4 (Ubuntu 22.04.1 LTS)

@Supaiku When I needed filesystems mount a few months ago (on top of sshfs mounts) I remember I struggled quite a bit to mount filesystems folders, but one thing worked :

• Create /srv/YourFolder
• Symlink that folder to the folder you want on the filesystem
• mount that path inside Cloudron

That's how I read SQLite files from other apps from say NocoDB or other cloudron apps.

@kevin-k Strange...can you try to revert back to a working backup, reinstall community modules again, reboot once again and go to that page see if everything stick ?

I had issues first time I installed, had to reinstall once, but then it went smooth...

@nebulon Testing it!

This is really neat because the numbers of node/third-party connectors from the community are really interesting to use !

It seems there is now a fork of Gitea here : https://codeberg.org/forgejo/forgejo

Also removed

wp-content/plugins/disable-wordpress-core-update

and a rss plugin throwing some errors, updated to latest package and i'm up and running !
Thanks all

@girish Wordpress dev, here is the log https://pastebin.com/iKFwNHmG

@girish Having the same issue, so I dropped a PHP_VERSION file and in it specified : PHP_VERSION=8.1
but I keep having the same error, as if the PHP_VERSION file wasn't being taken into account by the wordpress container.

Anything else I can try ?

@dev-cb Ohhh this is exciting, wondering what happens if N8N gets an upgrade that breaks a community node..what would be the upgrade path? wait for community node upgrade, then upgrade existing installed custom packages and restart N8N ?

@nebulon same here, I can change the ports but the UI is confusing, "only default works", why allow us to change the ports if only the defaults ports will work?

@ajtatum correct, but that's not a cloudron limit, that's how cloudflare & DNS work
the MX can never be proxied hence, somewhat nullifying the whole idea ??

in my usecase, the only solution I have found is for anyone that attempt to resolve my IP directly is sent to my.cloudron.domain (hence cloudflare proxied) but there is nothing you can do for the MX.

@girish i will try to check with tom on the n8n forum, thanks for looking!

@girish Oh that's really great !
I use different jitsi for different domains, for very small team but it's really neat if I could host two in the same server !

@girish I'm not sure what to say, the community nodes UI is there, live on the cloudron package, but without being able to test an install and subsequent N8N upgrade I'm not sure how I can provide more information

@BrutalBirdie Installing is not an issue, but getting it to work properly is the problem.
try your jitsi instance that is not running on default port, it will not work.

Does the fact Jitsi can only run on default port makes it that only one Jitsi instance can be installed on a given cloudron or is there any workaround ?

Having the same issue, I think cloudron package need to be modified to allow community nodes to be installed.

n8n-nodes-rss-feed-trigger

Oct 25 10:41:44 2022-10-25T08:41:43.938Z | warn | npm command failed "{\n errorMessage: 'Command failed: npm install n8n-nodes-rss-feed-trigger\\n' +\n 'npm ERR! code EROFS\\n' +\n 'npm ERR! syscall mkdir\\n' +\n 'npm ERR! path /home/cloudron/.npm\\n' +\n 'npm ERR! errno EROFS\\n' +\n \"npm ERR! rofs Invalid response body while trying to fetch https://registry.npmjs.org/n8n-nodes-rss-feed-trigger: EROFS: read-only file system, mkdir '/home/cloudron/.npm'\\n\" +\n 'npm ERR! rofs Often virtualized file systems, or other file systems\\n' +\n \"npm ERR! rofs that don't support symlinks, give this error.\\n\" +\n '\\n' +\n 'npm ERR! A complete log of this run can be found in:\\n',\n file: 'helpers.js',\n function: 'executeCommand'\n}"
Oct 25 10:41:44 ERROR RESPONSE
Oct 25 10:41:44 ResponseError: Error loading package "n8n-nodes-rss-feed-trigger":Package could not be installed - check logs for details
Oct 25 10:41:44 at /app/code/node_modules/n8n/dist/src/api/nodes.api.js:79:15

The old way of packaging custom npm modules could be ditched in favor of the ability to install community nodes https://www.npmjs.com/search?ranking=popularity&q=keywords%3An8n-community-node-package

is there any plan to do so ?

When I realized I had been waiting for nothing for 4 days I reverted back to snapshot, so now I'm on Ubuntu 20 and I can't find anything.

but it's very clear that the process was going on for ever, without even the docker running (even tho the service was active and loaded)

I went and stopped the process, started it all over again but this time I managed to catch that there is a problem with the script right at the beginning, I can't have the log file because I reverted back to my snapshot of Ubuntu 20

But the error is about docker network not being able to get an IP fro the box network and when it try it fails but then continue with the "recreation" of containers as if the previous step had worked properly ?

So on Friday I launched an upgrade process to move from Ubuntu 20 to Ubuntu 22.
I followed the doc here https://docs.cloudron.io/guides/upgrade-ubuntu-22/

And everything appears to be going as planned, but the recreating containers script part is running since Friday and is still not over, progress is still ongoing, I see little dot on my terminal displaying fine every few seconds but I have no idea what this script is doing, there is nothing that indicate containers are being regenerated, the box is literally doing nothing but printing dots on my terminal.

I'm worried of interrupting the process, I don't know where I am in the process.

I obviously have full backups and snapshot ready, so I can go back anytime but if I can get this done and finished, I'd rather stay on Ubuntu 22.

Any hint, is it normal that this container cgroup v2 recreation is taking.....Days & Nights ?

I had perhaps some 40 containers running, some bigger than others, but nothing out of the ordinary.

Does it matter for this recreation ?

box.log output this every few minutes, so I'm thinking the recreation is ongoing and when it's done it should start the platform following the script directive...

Friday night, saturday, night, sunday, night, Monday morning and it's still printing dots...

2022-09-12T06:53:23.963Z box:locker Lock unreleased platform_start                                                     

Oh my god I love cloudron ! Solved !

it's working !!

I have nocodb reading this sqlite file and I can add layers of data on top while tg-archive is feeding new posts to the base itself,

tldr :

I have tg-archive running at /home/tg-archive/

there I have a site folder that sync from telegram and output static sites.

But I wanted to be able to have research, filtering, sorting with a simple front-end, that's where nocodb comes in.

All I did was a clean symlink for yellowtent user/group from /home/tg-archive/sites/telehunt/ to /srv/telehunt/

ln -s /home/tg-archive/sites/telehunt/ /srv/telehunt

sudo chown -h yellowtent:yellowtent telehunt/ inside /srv/

then I added this as filesystem mount in the volumes view pointing to /srv/telehunt/ with name telehuntsrv

next I attached this volume to the nocodb container, when it's running, I added the path to the sqlite file /media/telehuntsrv/data.sqlite

And voila

Well I don't know but /SRV with proper permissions (yellowtent) works !
I can finally see the content of the mount from the file manager.

Maybe my problem is that I have to remount these volumes now that I changed ownership ?

anyway, will try some more but this is a good step forward :

I'm wondering if I'm doing anything wrong or if what i'm doing cannot be done ? and at the same time I'm so close to get it how I want, I hope I can do this with this static sqlite file

Maybe I shouldn't have mounted these volumes from /OPT and instead used /MNT or /SRV to have these filesystem mounts, does it matter ?

As you can deduce, I want to read that sqlite file that I symlinked inside /opt/amplifyukraine and then mounted as filesystem volume so that I can add it to the container, it all appears to work but the moment I want to get inside the mount and actualy read the file, or even just LS into the folder, I can't..

"no such file or directory"