Proposal: The CUR - Cloudron User Repository

The Cloudron User Repository - CUR

The what?
CUR is deviated from AUR - Arch User Repository

AUR is awesome and makes it very easy for Arch Linux Users to install software from other users.

In similar fashion I would love such a feature in Cloudron.
I packaged:

• Greenlight
• Valheim Dedicated Server
• FiveM GTA V Multiplayer Server

From my 3 packaged apps only Greenlight made it into the app-store. Yet!
Why did Valheim and FiveM did not make it?
Simply put, the lack of users testing the app and reporting back.

Does Cloudron need an CUR?

Arch Linux is loved for the AUR and I am sure that CUR would also have this effect for Cloudron.
I believe many users do not test apps since they are used to the app-store and even the thought of touching the shell to install a community app with the cloudron-cli is very spooky to the targeted end-user of cloudron.
Especially on productive systems doing such thing is a no-go, since you want stable prod which does not fail you.

Now imagine a CUR.
With a simple click in the setting you can enable the CUR and can install a community app to test and give feedback.

This would decrease the barrier for end-users and @appdev(s).

This could also decrease work for maintaining apps if they stay community apps and are not suited for the general Cloudron app-store.
CUR should be excluded from Cloudron Support for obvious reasons.

I would love to get some thoughts on this.

Cheers,
Elias

(ps: I am aware of many side effects of AUR/CUR and stale unmaintained packages, but AUR still rocks )

@uiguy okay lets start

@uiguy said in How to Take Cloudron Even Further:

I appreciate that there is the package maintenance aspect, but from what I have seen about the support structure, there seem to only be 2/3 guys supporting the maintenance... how can this be enough to support an entire app ecosystem

Everyone having the APP DEV to their name is a Cloudron App Developer, so in extend a supporter of the ecosystem.
For example I am the maintenance guy of the Greenlight app.
My job circles around Greenlight and BigBlueButton as well. So its in my own best interest to provide updates which just works without any hustle since I have a lot of Greenlights running for customers and doing something that does NOT work effects my own work

Another example would be Dolibarr from @erics who is a developer of Dolibarr.

@uiguy said in How to Take Cloudron Even Further:

I am battling to see why we would rely on cloudron and the associated app store is quite limited as opposed to something like running docker direct?

Reliability and Repeatable.
I have restored multible Cloudrons from full backups, single app backups and literally never had it fail me.
Having the option to roll back to the previous version with 1-Click. What a dream!
Not to mention the package / backup policy to minimize the backup footprint.
For example my self maintained Valheim Gameserver App where we discuss about what is backup worthy.

Having the option to sync Cloudron to an external LDAP also just adds another cherry on top.
Having multible Cloudrons synced to a central LDAP. Sweet.
User und Customer management from 1 place deployed to X Servers with Groups and Permissions.

@uiguy said in How to Take Cloudron Even Further:

I guess, what I am in need of, is some education as to why I would advise we invest in cloudron when we could simply deploy docker with something like portainer and watchtower for package maintenance?

I don't mean to sound negative at all, but I simply want to understand what the value proposition is, especially if I have to compare the available packages on docker vs cloudron?

That is the best part, you don't have to!
You can make your own app, you are NOT limited.
The so called gilded cage with Cloudron is the knowledge you wish to have about the system.
Gitlab of every app https://git.cloudron.io/cloudron

There is more which I could mention, but these are just some thoughts of mine.
Check out this topic where people tell what are your favourite things features about cloudron

https://github.com/ViViDboarder/vaultwarden_ldap

https://github.com/dani-garcia/vaultwarden/wiki/Syncing-users-from-LDAP

Since the Vaultwarden app right now has its own user management it would be nice to also have the LDAP functionality here as well.

Some Ground Rules I made myself:

USE GIT!
Nothing is more frustrating then having a kinda working state, tinkering more, have a completely broken state again and then don't remember what changes you done.

/app/code - the application binary

Everything binary which shall not be changed and belongs to the application belongs in /app/code and can mostly be done in the Dockerfile.

If parts of the application require on premise files, like cache or temporary files which need to have read-write access it should go in either /tmp or /run (This can not be tested in the Dockerfile since it's at runtime).

/app/data - The userdata

Everything that is backup worthy belongs into /app/data for example a config file which the application uses with the users configuration.

Debugging and Testing

If something needs to be done while runtime it can be hard to debug?
Kinda.
If your first deployment of the app fails, don't run back into your editor and tinker around.
Put the app in recovery mode and then start the application in recovery mode to see which parts fail.

You can tinker around in recovery mode and try to get it working.
BUT! With each step you fix in recovery mode it will get harder to backtrace all the fixes you done.
Each fix should be noted down or coded in the start script for the application.
Don't run yourself into a rabbit hole with 10+ fixes and then restart the app to then lose all those fixes again.

Being Stuck

Don't worry, it's normal.
Take a break, get 5-10 Minutes of fresh air for each 1 Hour of coding.

Don't be afraid to ask questions.
If you are packaging an app you can create a forum post and 'blog' your progress and struggles.
There are many users here who will chime in and give useful advise.

A Copy-Cat is bad!
Really? No.
Take a look at other apps and how they got packaged.
Maybe a solution for your problem is in one of the other apps.
If something is working and can be reused, go for it.

https://store.steampowered.com/app/892970/Valheim/

This game got recently released on steam and hit quite the trend.

https://steamdb.info/app/892970/graphs/

Having this server as an app would be nice.

And the work is already done!

https://git.cloudron.io/BrutalBirdie/valheim-gameserver-app

Needs some fine work with doc, screenshots and all.

But it's live and running at https://valheim.deadsec.net/

@jdaviescoates Not directly
I am not hired by Cloudron but working with them very close.

@scooke

I will try to make it very short and understandable
Example from Greenlight => https://git.cloudron.io/cloudron/greenlight-app

git clone ssh://git@git.cloudron.io:6000/cloudron/greenlight-app.git
cd greenlight-app
docker build --file Dockerfile --target dr.cloudron.dev/org.bigbluebutton.greenlight.cloudronapp:1.0.20 .
docker push dr.cloudron.dev/org.bigbluebutton.greenlight.cloudronapp:1.0.20

Now if you view your Cloudron Docker Registry you should see your pushed docker image.

In this screenshot you can see docker images build by cloudron build by the cloudron build service with automated tags, that's why they seem a bit cryptic.

Now make sure you have setup your docker registry to be used in your Cloudron Server.
https://my.domain.tld/#/settings => Private Docker Registry

Now you should be able to install:

cloudron install --location test --image dr.cloudron.dev/org.bigbluebutton.greenlight.cloudronapp:1.0.20

App is being installed.

 => Queued
 => Registering subdomains
 => Registering location: test.cloudron.dev.......
 => Downloading image ..
 => Creating container
 => Waiting for DNS propagation ...
 => Wait for health check .......................

App is installed.

Cheers

---

Explaining some stuff you asked.

IF SO, then at what point do I push all this my Cloudron's Docker registry??? After the clone? Before the Build? After the Build? After the Install? And, regardless of the answer to that, once I've pushed the image to my own Docker repository... what's the point? It seems like all the work is done on the Ubuntu VM, in the cloned repository. And to then update... I need to pull from @nj's original Github repository, right?? To anyone brave enough to try to help me, thank you.

I hope my confusion is clear! I'm asking all this before doing anything else other than the initial clone from @nj's Github repository so that I understand it all well and can avoid missing some crucial step

You cant push / publish anything if you don't build it first.

what's the point

well.. your cloudron server can't just download the docker image from your local computer.

1. Community behind Cloudron (Devs / Forum / Community)
2. click restore / backups ! reliable backups !
3. LDAP Integration

Also who is the Cloudron "Team"?
Yes there is the "Staff" @staff @girish @nebulon and myself.
(btw. I do not have admin permissions here I just help out where I can since I work with Cloudron every day)

BUT! Big BUT imho the @appdev guys and every active cloudron user here in the forum is part of the "Team".
(edit: Sorry! @translator you guys are equally important! )

As expressed before:
https://forum.cloudron.io/topic/4594/how-to-take-cloudron-even-further/9

I believe the Community (you guys!) behind Cloudron is part of the Team.
Why else would everything be discussed and displayed so open here

I love posting my own mistakes and point out issues of Cloudron it self even tho I carry the 'staff' badge since I strongly believe this only shows you guys, that we care and are open to errors.
Since ignoring and hiding them does not improve them.

https://forum.cloudron.io/topic/6529/shooting-a-cloudron-server-right-in-the-brain-i-deleted-appsdata-and-boxdata-by-accident

@jlx89 I think this is what you are looking for.

https://docs.cloudron.io/backups/#import-app-backup

I would like someone to review my greenlight-app.
Just heads up this is my first app for Cloudron so I expect some issues but I will be happy to fix and learn from them.

@loudlemur said in Monkey See, Monkey Do: Cloudron Video Explainers:

It might be a bit much to ask for the person who is knowledgeable about Cloudron to also have a sense of humor

Excuuuuuussseee meeeeeeh?

Are you suggesting that using Cloudron and being knowledgeable about it robs you of all humor since it drains your life essence?

---

Common we Germans are known worldwide for our humor

@LoudLemur

I manage a Cloudron with, wait let me count... 50 domains.
Each Domain has it's own Website and E-Mail I/O.
~150 Users

Each Domain has its Cloudron Group which can access only their Domain Website and apps.

So yea it works.

This setup also triggered this error
https://forum.cloudron.io/topic/5474/installing-webmail-app-leading-to-database-error-er_data_too_long-data-too-long-for-column-value-at-row-8

@doodlemania2 @micmc

Top notch roles from https://galaxy.ansible.com/geerlingguy
https://www.youtube.com/user/geerlingguy
Consider donating to him

I can understand the wish for a chat, but I agree with @nebulon and everyone else endorsing the official forum.

Having the conversation in the official forum has many benefits.

Lets just switch into the mindset of a new Cloudron user / developer.

Just as an example:

• I need the lamp app but with php 5.X.
• Why is there no php 5 lamp app?
• How can I create a custom php 5 app?

What do most people do? They will type that question into a search engine.

Chat vs. Forum

If this discussion would take place in the chat, there would be no way for a new user to find public and easy access to that information about this issue/question.
How should they know they need to go threw a chat with X people talking about all different kind of topics.
Also you lock this information behind a software like matrix, rocketchat, slack, matermost yada yada.

New users want answers which are accessible without needing to sign up for anything.

Compared to an open discussion in the forum, which will be scraped by search engines and will be publicly available with no need to sign up or do anything to access this information.

IMHO chat is nice, but when using one there has to be a policy where findings and solutions must be also published in this forum.
And enforcing such a policy or even establish such will be hard.

That's just what I have in mind about a chat.

Cheers

Compared to 'just doing it yourself' you should way in some factors.

• Do you have a reliable backup solution?
• How much time do you want to invest into hosting?
• Are you able to keep the self hosted site secure? (Including the whole system)

If you want 'set and forget' Cloudron could be the solution for you.
Try it. It's free with the documented limitation.

You can have two apps. Surfer / LAMP for your current site (simple migration) but as @privsec recommended migrating your WP to the Cloudron WP App could pay out for even more 'set and forget'.

Give it a shot on a small server with backup setup and then if you want to you can migrate the whole Cloudron to a dedicated big server or start with a scalable solution from the get-go.

Ok... this is getting into a convoluted mess.

Now I found out there should be a per-user-encryption:
https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_details.html#key-type-user-key

Funny how this is missing in the doc for the encryption ooc commands...........
https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#encryption-label

And also not mentioned in the main doc where they show and tell about the Enabling users file recovery keys.

I've set up a new Nextcloud (with user managed by the app) and installed the Default Encryption Module then went into the Nextcloud app web-terminal and did a:

root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:disable-master-key
Warning: Only perform this operation for a fresh installations with no existing encrypted data! There is no way to enable the master key again. We strongly recommend to keep the master key, it provides significant performance improvements and is easier to handle for both, users and administrators. Do you really want to switch to per-user keys? (y/n) y
Master key successfully disabled.

Then I enabled the server wide encryption.

Ok understandable because: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys

So I set a recovery key. Good? Ehhhh... with that I can decrypt files from a user if he allows it.
Wait... if the user allows it? By default it's not allowed.
So if I try this in the web-terminal:

root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:decrypt-all eha
Disable server side encryption... done.


You are about to start to decrypt all files stored in eha's account.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!

Do you really want to continue? (y/n) y
prepare encryption modules...

Prepare "Default encryption module"

You can only decrypt the users files if you know
the users password or if he activated the recovery key.

Do you want to use the users login password to decrypt all files? (y/n) n
No recovery key available for user eha
Module "Default encryption module" does not support the functionality to decrypt all files again or the initialization of the module failed!
 aborted.
Server side encryption remains enabled

So now I impersonate the user... and allow it?

Please no....

Please don't tell me now that I can decrypt the user files afterwards.

root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:decrypt-all eha
Disable server side encryption... done.


You are about to start to decrypt all files stored in eha's account.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!

Do you really want to continue? (y/n) y
prepare encryption modules...

Prepare "Default encryption module"

You can only decrypt the users files if you know
the users password or if he activated the recovery key.

Do you want to use the users login password to decrypt all files? (y/n) n
Please enter the recovery key password: 
 done.





 starting to decrypt files... finished 
 [============================]


Files for following users couldn't be decrypted, 
maybe the user is not set up in a way that supports this operation: 
    eha
        /eha/files/allowed_recovery.md
        /eha/files/deny_recovery.md

Server side encryption remains enabled

thank god.

If I now look into the security tab as the user:

This looks bugged.
So disable it again:

and enable it again:

Hmmm this Recovery Key enabled did never happen as impersonated user.
So this could be used as an indicator if an admin tried to decrypt your files... good to know I guess.

So now I can decrypt the user files with the recovery password?

root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:decrypt-all eha
Disable server side encryption... done.


You are about to start to decrypt all files stored in eha's account.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!

Do you really want to continue? (y/n) y
prepare encryption modules...

Prepare "Default encryption module"

You can only decrypt the users files if you know
the users password or if he activated the recovery key.

Do you want to use the users login password to decrypt all files? (y/n) n
Please enter the recovery key password: 
 done.





 starting to decrypt files... finished 
 [============================]


all files could be decrypted successfully!
Server side encryption remains enabled

Yep worked.
...
Okay I will write that down a bit clearer tomorrow. (And try this again with LDAP instead of user management by the app)

My head is smoking.
This documentation of Nextcloud is a nightmare!

Looks like we are all good now.
I will submit a PR for the docs on gitlab for a migration step.

@LoudLemur you have to use the website it self, when you click the app in your cloudron dashboard.
Just visit your Vaultwarden url, there it will work.

@d19dotca

Update. I have finished my mail server name change.

All the dns records where updated automatically, even the custom MX record on namecheap if it existed before.

The one thing that confused me second was the PTR record aka. reverse dns.

Just went to hetzner and fixed that. All working no problems.

@jordanurbs said in Can we have a "Freelance Work" group on the forum please?:

Yes please! I need help installing forks of certain apps as custom cloudron apps. I have the skillset to figure it out eventually, just not the time.

Because of that, i would love to throw someone a little money to help get me started.

For future readers:

This doc explains what is needed - https://docs.cloudron.io/custom-apps/tutorial/

TL;DR

• Create an account on DockerHub - https://hub.docker.com/
• Go to your Cloudron instance https://my.domain.tld/#/settings and configure the Private Docker Registry Server: docker.io and your login details
• Install the cloudron cli on your local machine

  sudo npm install -g cloudron
  

• Get your forked app

  git clone https://git.cloudron.io/cloudron/tutorial-nodejs-app nodejs-app
  

• Build the image and push it

  # enter app directory
  $ cd nodejs-app
  
  # build the app
  $ docker build -t username/nodejs-app:1.0.0 .
  
  # push the image. if the push fails, you have to 'docker login' with your username
  $ docker push username/nodejs-app:1.0.0
  

• Install

  cloudron install --image username/nodejs-app:1.0.0
  

Done.
For further information please visit the official documentation.

@loudlemur

curl wttr.in

Could you be a bit more precise?

I am currently working on the greenlight Cloudron App for BigBlueButton.
So far the basic functionality is working fine but the ldap-auth is giving me trouble.

Right now the /app/code/bin/start script writes these variables

sed -i -e "s/LDAP_SERVER=.*/LDAP_SERVER=$CLOUDRON_LDAP_SERVER/g" /app/data/.env \
&& sed -i -e "s/LDAP_PORT=.*/LDAP_PORT=$CLOUDRON_LDAP_PORT/g" /app/data/.env \
&& sed -i -e "s/LDAP_BASE=.*/LDAP_BASE=$CLOUDRON_LDAP_USERS_BASE_DN/g" /app/data/.env \
&& sed -i -e "s/LDAP_BIND_DN=.*/LDAP_BIND_DN=$CLOUDRON_LDAP_BIND_DN/g" /app/data/.env \
&& sed -i -e "s/LDAP_PASSWORD=.*/LDAP_PASSWORD=$CLOUDRON_LDAP_BIND_PASSWORD=/g" /app/data/.env \
&& sed -i -e "s/LDAP_METHOD=.*/LDAP_METHOD=plain/g" /app/data/.env \
&& sed -i -e "s/LDAP_UID=.*/LDAP_UID=cn/g" /app/data/.env \
&& sed -i -e "s/LDAP_AUTH=.*/LDAP_AUTH=simple/g" /app/data/.env \
&& sed -i -e "s/LDAP_FILTER=.*/LDAP_FILTER=\(\&\(objectclass=user\)\(\|\(username=%uid\)\(mail=%uid\)\)\)/g" /app/data/.env \
&& sed -i -e "s/LDAP_ATTRIBUTE_MAPPING=.*/LDAP_ATTRIBUTE_MAPPING=uid=uid;name=displayname;email=mail;nickname=givenName;/g" /app/data/.env

But the LDAP Login fails.

INFO: [af608168-79eb-41e2-818c-1e514f0306bd] method=POST path=/auth/ldap format=html controller=SessionsController action=ldap status=302 duration=17.26 view=0.00 db=0.71 location=https://greenlight.stage.gzevd.de/ldap_signin host=greenlight 
INFO: [70994248-8131-4f51-bfdb-db159292bca0] method=GET path=/ldap_signin format=html controller=SessionsController action=ldap_signin status=200 duration=21.65 view=15.03 db=0.86 host=greenlight 

Maybe someone can help out?

I just pushed my work here: https://git.cloudron.io/BrutalBirdie/greenlight-app
ps: Please ignore my .gitlab-ci.yml this is for my own gitlab for deploying and testing the App.

EDIT:
Thanks @nebulon
The LDAP_UID was wrong. Has to be username
And the Filter can be deleted.
Pushed.

Ahhhh @LoudLemur let me guess you did not visit the website but searched in the browser addon or desktop app?

Well that is misleading. Understandable.

@cs9103 Well this is a rather disappointing answer.

Please when writing forum posts, questions, answers always keep in mind that the other person reading your text must understand you precisely to prevent misconceptions.
At best there should be no room for speculations since these lead to mistakes understanding you.

Right now I read @micmc answer:

either on your local network, OR on a remote location (i.e on a VPS in the cloud).

You @cs9103 answer with:

it always was

"It always was", what!? local machine or VPS?
Please understand that this kind of communication can get frustrating really fast when it could be done so much easier with a bit more precise wording.

Again.

Please provide a precise explanation of your setup.

@loudlemur I thought about doing just that multible times now.

@jdaviescoates but its bad, really bad! - And Outdated! 2.3.0 < 2.3.10
I maintain the official Ansible role for BBB and stay in close contact to at least 25 Admins from universities in Germany.
They basically uniformly agreed that the Hetzner BBB app is unusable for any real work with BBB.

The Ansible Role:
https://github.com/ebbba-org/ansible-role-bigbluebutton

Maybe we should add this to the doc?
https://docs.cloudron.io/installation/

Minimum Requirements

Cloudron requires at least 1GB RAM, 20GB Disk space. Make sure the firewall does not block port 80 (http) and 443 (https). Cloudron does not support running on ARM, LXC or OpenVZ.

Maybe adding Docker in there as well to prevent confusion.

@robi Yes of course this works! I am well aware of that and as I stated to often, backup and restore imho is one of the best features of Cloudron.

But Monke only setup Mailserver! Monke ignores error message!

---

In my Head.

First Video

Disclaimer.
Informing about the resources.
Docs, Forum, Gitlab yada yada.
Consequences.

Second Video

Backups!
How to setup and even how to test your Backup (dry run)

---

Everything else can be done after that.
But these two parts should come first.

@privsec use the ansible role and you have a major win.

I currently maintain multiple BBB clusters, Load-Balancers and Turn servers all via ansible and my work time for that is pretty much zero thanks to ansible.

@staff
This is important.

Cloudron tho runs mostly on java script.
I highly doubt Cloudron it self is affected in any way.

Here some sources:

https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228

https://www.lunasec.io/docs/blog/log4j-zero-day/

And if you are more of a video type:

Youtube Video

@LoudLemur since its a demo it does not matter
In the settings the Time Zone got changed to Kiev. that's why.
does not matter at all

@DIP-Afrique Polls are included in the recording.
If you are thinking about an export feature like "Save poll result" I don't believe BBB supports this by default at the moment.

The only feature close to that is the learning dashboard after the conference has ended.

Example:

(alt: Screenshot showing the BBB learning dashboard in the poll view, showing 3 polls with no votes, true/false answers and a custom text answer)

ps: if your BBB Server does not display the learning dashboard after the end of an conference, it got disabled by the BBB provider, please speak to your BBB provider if that is the case.

Got that in mind?
(this page could then be printed or saved ctrl+p)

ps: @jdaviescoates is right, technically this is the wrong forum to ask that question Still I am happy to help.

@briankb-0 said in Root Domain Hosts Shopify Site Subs Are Cloundron:

What happens if I add the domain to Cloundron so I can use it to setup sub-domains for NodeBB and Ghost?

By default, nothing.
The bare domain is not used by default, only the my.* subdomain is used by default.

Only if you assign an app the TLD it will be overwritten, also only if you use a programmatic dns provider and not manual.

@Mastadamus why not like this:

Write the tutorial here?
You don't have all time for people to ask you question.
There are different time zones in this world, are you willing to help out at night?

I would love to see a tutorial on this topic instead of running after people to get some help.
Also if the tutorial is good it can be added to the docs.

@colonelpanic said in How To Sell Digital Goods with Cloudron:

printing letterpress business card

Sorry I watched this movie some days ago and had to think of this immediately.

fun fact: all business cards in the movie have a typo: top right corner should be mergers & acquisition but is misspelled mergeres

Now I am running crowdsec on my cloudron.
I will report back for more findings.

@privsec
kutt short url as a QR code to => Mautic / Webpage with content.

This way you get the first track via kutt and then to the content and more tracking / analysis.

Also you can update the kutt short url with a new pointer if there is an update. aka. dynamic QR-Codes.

https://www.cloudron.io/store/it.kutt.cloudronapp.html

https://www.cloudron.io/store/org.mautic.cloudronapp.html

Cheers,
Elias

@infogulch said in My Kutt was hacked! How? Check yours!!:

maybe it deserves to be highlighted more prominently in the install notes, or the default adjusted.

The Problem is you need to have registration enabled by default, because otherwise you can't sign up on the first run.

Already added a PR for a post install note.
https://git.cloudron.io/cloudron/kutt-app/-/merge_requests/1

Oh wow?
For some reason the /app/data/config/production-linux.json reset I guess and the documented part https://docs.cloudron.io/apps/onlyoffice/ for the secret got reset to changeme I put in my old secret which I had in nextcloud, restarted the onlyoffice app now its working again.

@qwinter
after the initial install if you click the app a post install message should appear.

This app is pre-setup with an admin account. The initial credentials are:
Username: admin
Password: admin
Please change the admin password immediately.

Also if you somehow skipped this message, you can always view it afterwards here:

@scooke
I run a ~8TB Server with a Cloudron running only 32 Minio Apps for all the Backup space I need for other Cloudrons.
(not only 32 as the number more like only Minios)

The only problem I had so far where load spiked when all Cloudron Servers tried to backup at the same time so I poor man load balanced that by switching the times when the backups happen around.

Using the Minios as space for apps tho, hmmm did not try that yet.

@p44 said in Where I can find SMTP credentials for Statping?:

@brutalbirdie Of course I checked doc references before post a message here... also searched several keywords in the forum, on the docs.

But it would be redundant and useless to specify each time before posting a question: "Hello, I did a search before to post, I googled, I searched docs, I searched forum, so this is my question and bla bla bla".

I could have easily opened a ticket for technical assistance and had a private answer, but the answers to the questions asked in private can be useful to the whole community.

Posting a question on the forum, which is not clearly answered in the app documentation, may make it easier for other users to search for the same thing and find a path to resolve issues.

In fact, first bullet in app documentation is:

Questions? Ask in the Cloudron Forum - Statping

You should understand that not everyone here is a developer. Is only a simple user. Also with Linux command line, not everyone here is expert like you.

Commands like "printenv", "grep", and so ... never used that before.

That's why I'm a Cloudron customer: to make life easier.

So I totally reject your starting answer: I'm not here to take lessons of netiquette.

I learned "on the ground" that installing a Worpdress instance or a LAMP instance, you can find credential in "credential.txt"...

About your suggestion: I appreciate very much your answer, and time you spent finding a solution, thank's a lot for advice.

With printenv | grep -i CLOUDRON_MAIL I solved my question so I can move forward.

Many many thank's for your patience and sorry if my answer can little bit hitting you.

Edit:
@girish May be it could be useful to write "credential.txt" also for Statping?

I think you got me totally wrong.
I did not intend to imply you did not read the docs or did not try.
Or appear to disliked you asking this. I fully agree with your statement:

Posting a question on the forum, which is not clearly answered in the app documentation, may make it easier for other users to search for the same thing and find a path to resolve issues.
No, not at all!

I am fully aware most cloudron users, use cloudron because it makes things a lot easier.
And I do not expect every user to be a linux power user.
My reply was more like a "help for helping yourself" if this makes sense.

My solution is written in a mindset of general help for any app, which also helps people in the future reading this or searching for this.
We all know forums where people just reply - Yea this is the solution but since the project scope and features can change I try to do my best to provide feedback which has long term help. In this case of educating the workflow of finding information about an app.

If I have offended you in any way I am sorry about that and did not intend to do so.

@jeau hmm another good catch.

The problem with Greenlight is also, every time you make .env file changes you need to restart the app to take effect.

I will look into this option and make an update tomorrow.

Thanks for reporting.

Also just adding the official help article here.

https://bitwarden.com/help/article/change-client-environment/#browser-extensions-desktop-apps-and-mobile-apps

---

ps: I also use bitwarden every day, and here is one of my favorite projects to use with bitwarden on a linux client.

https://github.com/mattydebie/bitwarden-rofi

@humptydumpty Vaultwarden does local caching by the way, so even if the Server went down you would still have full access to your latest online version.

I understand where the idea is coming from and it would be nice feature.

Oof nope.
I have packaged the GTA V FiveM Server for Cloudron which is stable, but I did not care enough to release it

I got asked by at least 5 communities I am supporting if cloudron can support more game apps.
We could start packaging every server available from https://linuxgsm.com/servers/.

But pfffffffffffffffffttttttttttttttttttt.... if someone wants that they can request it

@micmc sorry but the variables are so big for errors.
https://docs.bigbluebutton.org/support/troubleshooting.html#webrtc-errors-1001-1002

1007: ICE negotiation failed - The browser and FreeSWITCH try to negotiate ports to use to stream the media and that negotiation failed. Possible Causes:

NAT is blocking the connection
Firewall is blocking the UDP connection/ports

I am never running coturn on the same server as BBB, since I want my coturn to run on port 443 for very restrictive networks.
For example state agencies who only allow outgoing 80,443,25,465,587 and some more.

You can check your turn server here: https://webrtc.github.io/samples/src/content/peerconnection/trickle-ice/
When starting a BBB Session press F12 go to the console and search for turn you will the credentials for this session which you can use for testing with trickle-ice.

Looks something like this

Sun Nov 28 2021 10:46:52 GMT+0100 (Central European Standard Time) | sip.UserAgent | · sessionDescriptionHandlerFactoryOptions: {"peerConnectionConfiguration":{"iceServers":[{"urls":"stun:turn.DOMAIN.TLD"},{"urls":"turns:DOMAIN.TLD:443?transport=tcp","credential":"N0ABNdyp4PaFQLowdq8sekjgGjI=","username":"1638179212:w_mcllm4lvdd4y"}],"sdpSemantics":"unified-plan"}}

Also a good place to look in firefox is about:webrtc to see where the connection between your client and the server the error occurs.

Like I said, many variables

edit:
Also you can force the usage of turn in firefox by going to about:config and setting media.peerconnection.ice.relay_only to true this way turn is forced.

https://git.cloudron.io/cloudron/vaultwarden-app/-/blob/master/Dockerfile#L16

https://github.com/dani-garcia/bw_web_builds/releases

Why? Because :

Unhide the API Key section under My Account

Which is missing in the current version.

Lets use this topic to collect some ideas what sort of videos would be best.

---

As a note from myself. In my opinion.

The first video, if there is going to be a series, having Monkey See, Monkey Do in mind is informing the viewer of the consequences should be the first and most important step.

You can use and love a product for years until it fails and the monkey will be mad at the product, even if it was an user error.

---

Your server, your data, your Cloudron. But more important your responsibility!

I already have a user in my mind, which just follows the X-th video on Cloudron Mailserver and everything works fine.
He uses Cloudron as his own private Mailserver for maybe two years.
Switches from Gmail to his own Cloudron Mailserver

But then suddenly the Data-Center is burning down (OVH Fire - The Register | OVHcloud Wikipedia) .
Oh no! He never setup the backup and only had it on the server drive!

Yes you can blame the user, but trying to mitigate this is very important.
Cloudron does a lot to ensure everything works as intended.
Cloudron will annoy you every day that your backups are not safe!

---

There is so much more.
Finances? To make sure the user understands that if he commits to use Cloudron as his own private Mailserver, Nextcloud yada yada. He has to understand that he will have to pay for this server.

Legal stuff? OpenVPN? Nice! Here buddy use MY OpenVPN... Wait you downloaded REDACTED with my VPN and now I get a letter from company XYZ to pay for ¿? or a criminal charge?

This sounds so simple, I know but... Monkey See, Monkey Do

I turned down approximately 10 people from running their own Cloudron since I had to explain to them the consequences.
And after thinking about the consequences they decided they did not want such responsibility.
Which is OK! And its better to realize this early.

But! From those 10 people three came back and challenged them self.
And these three users are still running Cloudron and yes they hit me up now and then but my answer is almost always... Did you read the docs and if so did you ask the forum?

---

Just my thoughts printed out.
Have a good night!

@subtlecourage OK so default the volume is mounted with permissions for root.

You can check this in the web terminal:

ls -lah /media/

root@d2ff17d2-7106-48bc-87bc-fab2342c0059:/app/code# ls -lah /media/
total 12K
drwxr-xr-x 1 root root 4.0K Oct  3 20:07 .
drwxr-xr-x 1 root root 4.0K Oct  3 20:07 ..
drwxr-xr-x 3 root root 4.0K Oct  3 20:09 portfolio

But this is wrong. If you check the permissions of /app/data/

ls -lah /app/data/

rwxr-xr-x 4 cloudron cloudron 4.0K Oct  3 20:06 .
drwxr-xr-x 1 root     root     4.0K Oct  3 20:07 ..
drwx------ 3 cloudron cloudron 4.0K Oct  3 20:09 config
drwxr-xr-x 2 cloudron cloudron 4.0K Oct  3 20:06 folders

The user is cloudron.

We can also check which user is running the process:

ps uax

USER         PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root           1  0.1  0.0  28480 23648 pts/0    Ss+  20:17   0:00 /usr/bin/python3 /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i syncthing
cloudron      12  0.0  0.0 725144 16408 pts/0    Sl   20:17   0:00 /app/code/syncthing -gui-address=127.0.0.1:3000 -home=/app/data/config -no-browser -auditfile=-
root          13  0.0  0.0  18840  6184 pts/0    S    20:17   0:00 nginx: master process /usr/sbin/nginx -c /app/code/nginx.conf
cloudron      18  0.0  0.0  19188  3376 pts/0    S    20:17   0:00 nginx: worker process
cloudron      19  0.0  0.0  18984  2372 pts/0    S    20:17   0:00 nginx: cache manager process
cloudron      24  2.2  0.0 728088 49152 pts/0    SNl  20:17   0:02 /app/code/syncthing -gui-address=127.0.0.1:3000 -home=/app/data/config -no-browser -auditfile=-
root          39  0.0  0.0   4240  3460 pts/1    Ss   20:17   0:00 /bin/bash
root          58  0.0  0.0   5896  2828 pts/1    R+   20:19   0:00 ps uax

and the process is also running as user cloudron.

Now you can simple change the permissions for /media/portfolio

chown -R cloudron:cloudron /media/portfolio

Then reload Syncthing (browser refresh).

Now there is this warning / error hmmmm

People switching to Cloudron might have Gitlab running somewhere else already and want to migrate their Gitlab to the Cloudron app.

Problem is trying to follow the official Gitlab documentation for restoring from a backup.

https://docs.gitlab.com/ee/raketasks/backup_restore.html#restore-gitlab

A guide with Cloudron would be great!

Did anyone ever did this?

@robi said in Chat channel for cloudron app packaging:

@appdev
It would brilliant if NodeBB could instatiate a chat within the appdev group right here in NodeBB.

That would do for quick discussions, and no need to leave the forum.

You can start a chat with anyone from appdev and add the members.

I can do that now as an example.

I think the best option would be, if you have a question to start a forum topic and just @appdev directly.
Yes you could argue that every one gets a notification, but in the chat it would be the same thing, kind of.

Adding to that, I also see no setting for Notifications & Sounds in NodeBB to stop notifications from @appdev mentions.

@bigbucketboy for example Thunderbird always looks up the mail.* subdomain when trying to auto configure everything.
If you use my.* it (afair) fails to auto setup.
So basically it could be argued there is some UX involved.

afair = as far as I remember

@cs9103
This has come cluttered and confusing.

Please provide a precise description of your setup.

The url should be https://<THE IP OF THE DEVICE RUNNING CLOUDRON>/.

If you are this stuck, maybe it would be good to start from step 0.
Reinstall Ubuntu and start from the get-go.

@msbt Nice guide!

There is something that I miss tho.
I like to run my cloudron apps local first so I can see if everything is working as intended.
This only works to a certain level for example this can't work if a database addon is used.
But everything before that step can be tested locally.

A full local test suite would be awesome, so I the developer don't have to push every test and deploy it.

For example this is how I do some local testing before I push my image.

Needed software is jq for json parsing, docker, bash, sed

Script explained with words:

• Get the ID and version Tag from the CloudronManifest.json and use them for docker build.
• Create local folders for /tmp /app/data and /run so I can emulate cloudrons readonly behavior.
• Cleanup local folders so every test is fresh and clean
• Build the docker image with Data from CloudronManifest.json
• Run the freshly build Image in readonly mode with local test folders and an interactive bash session so I can debug / test some stuff.

#!/bin/bash

set -x

ID=$(jq -r ".id" CloudronManifest.json)
VERSION=$(jq -r ".version" CloudronManifest.json')

echo "=> Create Test Data dir"
mkdir -p ./cloudron_test/data ./cloudron_test/tmp ./cloudron_test/run

echo "=> Cleanup Test Data"
rm -rf ./cloudron_test/data/* ./cloudron_test/tmp/* ./cloudron_test/run/*

echo "=> Build test image"
docker build -t dr.cloudron.dev/$ID:$VERSION .

echo "=> Run $VERSION tag of build image of $ID"
docker run -ti --read-only \
    --volume $(pwd)/cloudron_test/data:/app/data:rw \
    --volume $(pwd)/cloudron_test/tmp:/tmp:rw \
    --volume $(pwd)/cloudron_test/run:/run:rw \
    dr.cloudron.dev/$ID:$VERSION \
    bash

@ruihildt wait what? OHHH IT DOES!

I did not know about this feature as well

Here is what I did once for ~200 Users which I also had in a CSV. Converted the CSV to JSON.

Python

import json
from pprint import pprint
import requests

data = [
  {
    "Surname": "Testing",
    "Name": "Tina",
    "Login": "tina.testing",
    "Mail": "tina.testing@domain.tld",
    "Password": "_SUPER_SECURE_CLEAR_TEXT_PASSWORD_"
  }
]

url="https://my.DOMAIN.TLD/api/v1/users"

headers = {
    "Content-Type": "application/json",
    "Authorization": "Bearer CLOUDRON_API_TOKEN"
    }

for value in data:
    values= {
        "email": value["Mail"],
        "displayName": f'{value["Name"]} {value["Surname"]}',
        "role": "user",
        "username": value["Login"],
        "password": value["Password"],
        "admin": False
    }
    jdata = json.dumps(values)
    try:
        # pprint(data)
        r = requests.post(url, data=jdata, headers=headers)
    except Exception as e:
        pprint(e)

I had no need for group mapping that is why the group user is hard coded and not mapped from the values.

If you can convert your CSV to fit JSON Object required for the request it should be even easier.

{
    "email": "jjnTB@eOvbuuolIyPahhKbpYAXiYncqvbIQQ.tl",
    "username": "cillum do dolore cupidatat",
    "displayName": "in dolore Lorem",
    "password": "nostrud Ut dolor consectetur",
    "admin": false
}

https://docs.cloudron.io/api.html#tag/Users/paths/~1users/post

@zylstra true, just ask

@privsec && @humptydumpty

https://docs.cloudron.io/apps/kutt/

Watch out for the open registration for kutt, after creating your users disable the registration, otherwise spammers can use your kutt.