Community Event - Workshop / Webinar - App Packaging

Hello everyone

I got the idea in my head to host an app packaging "webinar" with a hands-on approach.
Would some of you people be interested in such an event?

The idea would be start with basics, like:

• getting started with docker and the cloudron cli
• changing the version of an already existing app and deploying
• customizing an app
• understanding the read-only nature of cloudron apps

The minium requirement to join would be to bring at least 1 hour of your time and being able to work with a terminal.
(Also maybe streaming this event so it can be watched live and viewed later - YouTube private stream with URL shared in the Forum?)

If you'd like this type of event please let me know here so I can gather some insights and prepare such an event.

Cheers,
~BrutalBirdie

The Cloudron User Repository - CUR

The what?
CUR is deviated from AUR - Arch User Repository

AUR is awesome and makes it very easy for Arch Linux Users to install software from other users.

In similar fashion I would love such a feature in Cloudron.
I packaged:

• Greenlight
• Valheim Dedicated Server
• FiveM GTA V Multiplayer Server

From my 3 packaged apps only Greenlight made it into the app-store. Yet!
Why did Valheim and FiveM did not make it?
Simply put, the lack of users testing the app and reporting back.

Does Cloudron need an CUR?

Arch Linux is loved for the AUR and I am sure that CUR would also have this effect for Cloudron.
I believe many users do not test apps since they are used to the app-store and even the thought of touching the shell to install a community app with the cloudron-cli is very spooky to the targeted end-user of cloudron.
Especially on productive systems doing such thing is a no-go, since you want stable prod which does not fail you.

Now imagine a CUR.
With a simple click in the setting you can enable the CUR and can install a community app to test and give feedback.

This would decrease the barrier for end-users and @appdev(s).

This could also decrease work for maintaining apps if they stay community apps and are not suited for the general Cloudron app-store.
CUR should be excluded from Cloudron Support for obvious reasons.

I would love to get some thoughts on this.

Cheers,
Elias

(ps: I am aware of many side effects of AUR/CUR and stale unmaintained packages, but AUR still rocks )

Road Trip 2025 - East Europe

Cloudron Forum

For the amusement of some people here, I will share my road trip.
Starting today I will travel for two weeks (+-) in East Europe.

The approximate route will be this:

Almost 5000 km in 14 days including a ferry.
I will not be traveling alone, 3 of my best friends are traveling with me.

What to expect from this topic?

Pictures from all over East Europe and little stories about what is going on.
We booked no accommodations at all and will dynamically find what ever suits us.
Budget planned for each person is €100/day.

Mobile Data?

Since I need mobile data for my phone I did some research (yesterday, one day before departing ) for a digital SIM card with unlimited bandwidth and no throttling for Europe.
After some research I found https://www.esim.net/eu-unlimited?country=europe

Including the following countries:

Coverage in Albania, Austria, Belarus, Belgium, Bulgaria, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia. Lithuania, Luxembourg, Malta, Moldova, Montenegro, Netherlands, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, and United Kingdom.

LGTM!? Right?

After reading through the whole contract and TOC/TOS especially the part about "unlimited" data being truly unlimited and not like many others do it, 3GB a day and after that throttled to 1 Mbits.
I found out they are doing something called Fair Usage Policy which is still very vague even with the full description in the TOC/TOS.
But, I will report how it will work out, so you people may have a valid reference of use.

I will also track my daily mobile data consumption and provide this in each update post.
Starting note, even in Germany this eSIM has better data coverage then my primary one !

When to expect new posts?

I will try to write a post every evening. Big emphasis on try!

Car used

We are traveling in a brand-new VW Passat B9 with all features.
Don't have a picture right now since we will pick up the car later this day.
For reference, looks something like this:

@privsec
You visit a website:

1. Figure out how to decline all but essential cookies (disgusting anti pattern)
2. Close the support widget / live chat (bot) asking if I need help
3. Stop the auto-playing video (thanks Firefox you can block this)
4. Close the “subscribe to our newsletter” pop-up / contact us pop-up
5. Try and remember why I came here in the first place
6. A browser message asking if you’ll accept push notifications
7. Another asking if you’re willing to share your location
8. A banner suggesting you download the iPhone/Android app
9. An NPS survey asking you to rate the site.

just to name a few. . .
Does this sound familiar to you?
Please stop building sites like that.
If I only encounter 3 of these above items, I leave the page immediately.

@andreasdueren

For everyone interested we (we as in, my company and me) also offer Cloudron hosting as as a service.
So I can't reveal my whole hand so please be understanding

---

But what you are asking about is pretty simple:

Create a user with sudo permissions and add your ssh public key to that user (don't lose the password for that user since you will need it for sudo)

I also disable all ssh access with password, since this only opens the window for brute force attempts

Depends on the lock down wanted, you can also disable the root login via /etc/passwd by setting the login shell to /sbin/nologin looks something like this:

root:x:0:0:root:/root:/sbin/nologin

Then, even if you try a sudo su - you get this:

This account is currently not available.

But since you can edit the /etc/passwd with sudo access (unless you lock down the system even further) this can be a bit snake oily.

---

There is much more going on in my servers, but since we deploy everything via. Ansible I don't need to keep track of ever single detail, since its infrastructure as a code, I can just read up.
Login tracking, Log Tracking, Monitoring yada yada yada.

If a system farts, I get a message.

I hope this shares some insights.
A step by step guide on how to lock down the root user would simply be me copy pasting google searches.
When it's about Linux security you can do sooooo much: https://wiki.archlinux.org/title/security
there is also a good section on "restricting root"

---

EDIT:

Maybe I can do a step by step guide in the forum when I got some spare time.
But right now its a bit late and I am lazy

@uiguy okay lets start

@uiguy said in How to Take Cloudron Even Further:

I appreciate that there is the package maintenance aspect, but from what I have seen about the support structure, there seem to only be 2/3 guys supporting the maintenance... how can this be enough to support an entire app ecosystem

Everyone having the APP DEV to their name is a Cloudron App Developer, so in extend a supporter of the ecosystem.
For example I am the maintenance guy of the Greenlight app.
My job circles around Greenlight and BigBlueButton as well. So its in my own best interest to provide updates which just works without any hustle since I have a lot of Greenlights running for customers and doing something that does NOT work effects my own work

Another example would be Dolibarr from @erics who is a developer of Dolibarr.

@uiguy said in How to Take Cloudron Even Further:

I am battling to see why we would rely on cloudron and the associated app store is quite limited as opposed to something like running docker direct?

Reliability and Repeatable.
I have restored multible Cloudrons from full backups, single app backups and literally never had it fail me.
Having the option to roll back to the previous version with 1-Click. What a dream!
Not to mention the package / backup policy to minimize the backup footprint.
For example my self maintained Valheim Gameserver App where we discuss about what is backup worthy.

Having the option to sync Cloudron to an external LDAP also just adds another cherry on top.
Having multible Cloudrons synced to a central LDAP. Sweet.
User und Customer management from 1 place deployed to X Servers with Groups and Permissions.

@uiguy said in How to Take Cloudron Even Further:

I guess, what I am in need of, is some education as to why I would advise we invest in cloudron when we could simply deploy docker with something like portainer and watchtower for package maintenance?

I don't mean to sound negative at all, but I simply want to understand what the value proposition is, especially if I have to compare the available packages on docker vs cloudron?

That is the best part, you don't have to!
You can make your own app, you are NOT limited.
The so called gilded cage with Cloudron is the knowledge you wish to have about the system.
Gitlab of every app https://git.cloudron.io/cloudron

There is more which I could mention, but these are just some thoughts of mine.
Check out this topic where people tell what are your favourite things features about cloudron

https://github.com/ViViDboarder/vaultwarden_ldap

https://github.com/dani-garcia/vaultwarden/wiki/Syncing-users-from-LDAP

Since the Vaultwarden app right now has its own user management it would be nice to also have the LDAP functionality here as well.

Some Ground Rules I made myself:

USE GIT!
Nothing is more frustrating then having a kinda working state, tinkering more, have a completely broken state again and then don't remember what changes you done.

/app/code - the application binary

Everything binary which shall not be changed and belongs to the application belongs in /app/code and can mostly be done in the Dockerfile.

If parts of the application require on premise files, like cache or temporary files which need to have read-write access it should go in either /tmp or /run (This can not be tested in the Dockerfile since it's at runtime).

/app/data - The userdata

Everything that is backup worthy belongs into /app/data for example a config file which the application uses with the users configuration.

Debugging and Testing

If something needs to be done while runtime it can be hard to debug?
Kinda.
If your first deployment of the app fails, don't run back into your editor and tinker around.
Put the app in recovery mode and then start the application in recovery mode to see which parts fail.

You can tinker around in recovery mode and try to get it working.
BUT! With each step you fix in recovery mode it will get harder to backtrace all the fixes you done.
Each fix should be noted down or coded in the start script for the application.
Don't run yourself into a rabbit hole with 10+ fixes and then restart the app to then lose all those fixes again.

Being Stuck

Don't worry, it's normal.
Take a break, get 5-10 Minutes of fresh air for each 1 Hour of coding.

Don't be afraid to ask questions.
If you are packaging an app you can create a forum post and 'blog' your progress and struggles.
There are many users here who will chime in and give useful advise.

A Copy-Cat is bad!
Really? No.
Take a look at other apps and how they got packaged.
Maybe a solution for your problem is in one of the other apps.
If something is working and can be reused, go for it.

TL;DR

Create an app password in Nextcloud and use that.

Below is a more in detail explanation of the problem and the solution.

---

Requirements

You have:

• an external Nextcloud with the social login app using Cloudron OpenID
  • (How to setup an external Nextcloud with Cloudron OpenID login)
• within that Nextcloud the calendar app
• an urge to use the calendar in your favorite Client e.g. Thunderbird, mobile phone google calendar

The predicament explained.

Since CalDav needs authentication (username and password) you would use that. Easy.
But now, since we login with Cloudron via. OpenID the User in Nextcloud has no "password" and can also not be set.

So what to do?

Get into your Nextcloud and copy your internal calendar url:
Step 1 - click your calendar

Step 2 - share your calendar / view the calendar sharing information

Step 3 - Copy the internal link

Link should look something like this: https://YOUR.DOMAIN.TLD/remote.php/dav/calendars/my.DOMAIN.tld-USER.NAME/hackradt/ please note that hackradt is the name of the calendar.

Save this into a notepad, you will need it later.

---

Get credentials for your User.
Like above explained our User has no password, but we can set an App password!
Step 1 - click your user profile icon (top right)

Step 2 - click "personal settings" (in the dropdown menu)

Step 3- click "security" (left side)

In the bottom of that page you got "Devices & sessions".
Enter a new app name, I choose "SyncMyDav"

Click "Create new app password"
Note down the Username and Password and be 100% sure to click Done - if you forget the Done part it will not work!

Now you can use these credentials and the URL to configure your Thunderbird or DAVx⁵ for your Android phone.

Finally you can use your external Nextcloud with your Cloudron login, with en extra app password for your calendar.

Day 3 - Austria - Vienna

Data used 12.5GB - all good
Walked ~30.000 steps

Vienna was amazing.
Every 100 meters there is something worth seeing.
The inner city has loads of free public water fountains and even more water vaporizers to cool down the city and the people.

Was Great! Can recommend it!

@scooke

I will try to make it very short and understandable
Example from Greenlight => https://git.cloudron.io/cloudron/greenlight-app

git clone ssh://git@git.cloudron.io:6000/cloudron/greenlight-app.git
cd greenlight-app
docker build --file Dockerfile --target dr.cloudron.dev/org.bigbluebutton.greenlight.cloudronapp:1.0.20 .
docker push dr.cloudron.dev/org.bigbluebutton.greenlight.cloudronapp:1.0.20

Now if you view your Cloudron Docker Registry you should see your pushed docker image.

In this screenshot you can see docker images build by cloudron build by the cloudron build service with automated tags, that's why they seem a bit cryptic.

Now make sure you have setup your docker registry to be used in your Cloudron Server.
https://my.domain.tld/#/settings => Private Docker Registry

Now you should be able to install:

cloudron install --location test --image dr.cloudron.dev/org.bigbluebutton.greenlight.cloudronapp:1.0.20

App is being installed.

 => Queued
 => Registering subdomains
 => Registering location: test.cloudron.dev.......
 => Downloading image ..
 => Creating container
 => Waiting for DNS propagation ...
 => Wait for health check .......................

App is installed.

Cheers

---

Explaining some stuff you asked.

IF SO, then at what point do I push all this my Cloudron's Docker registry??? After the clone? Before the Build? After the Build? After the Install? And, regardless of the answer to that, once I've pushed the image to my own Docker repository... what's the point? It seems like all the work is done on the Ubuntu VM, in the cloned repository. And to then update... I need to pull from @nj's original Github repository, right?? To anyone brave enough to try to help me, thank you.

I hope my confusion is clear! I'm asking all this before doing anything else other than the initial clone from @nj's Github repository so that I understand it all well and can avoid missing some crucial step

You cant push / publish anything if you don't build it first.

what's the point

well.. your cloudron server can't just download the docker image from your local computer.

@jdaviescoates Not directly
I am not hired by Cloudron but working with them very close.

https://store.steampowered.com/app/892970/Valheim/

This game got recently released on steam and hit quite the trend.

https://steamdb.info/app/892970/graphs/

Having this server as an app would be nice.

And the work is already done!

https://git.cloudron.io/BrutalBirdie/valheim-gameserver-app

Needs some fine work with doc, screenshots and all.

But it's live and running at https://valheim.deadsec.net/

@privsec said in Admin and support question:

I wish there was a handy video series or something on how to package an app for cloudron

Uhmm not from the staff team but from appdev team by @fbartels

To the Horillia enthusiast
I am looking for alpha testers of the Horilla Cloudron app.

Public installation with demo data for testing

https://horilla.cloudron.app.cloudron.dev/

Login is admin:admin

I can reset this setup anytime to the default demo state if needed.

Custom private installation

You need the Cloudron CLI

Login to your Cloudron instance:

cloudron login my.$DOMAIN.$TLD

Clone the code:

git clone ssh://git@git.cloudron.io:6000/playground/horilla-app.git
cd horilla-app
git checkout develop

Install the app:

cloudron install  --location $YOUR_CUSTOM_SUBDOMAIN --image brutalbirdie/horilla.cloudron.app:0.0.11

I have added a doc.md file for common task: https://git.cloudron.io/playground/horilla-app/-/blob/develop/doc.md?ref_type=heads

7 days recap after applying your rules.
I believe not one spam mail has hit my spam folder or inbox so far.
normally I'd get ~20x+ spam mails a day since my Inbox also redirects my old legacy mailboxes from web.de which have been leaked and abused over and over again.

I must say, this feels very good.

Day 15 and 16

Driving.
Back to Austria, Bavaria and Germany.
We stopped in Bavaria for the night to visit a common friend who even celebrated his birthday this day. (we did not plan for this )

We went to a "Kirmes" and drank some Maß Bier and enjoyed the last real day of our road trip

The party ended around 03:30 in the morning, and we had to walk ~30 minutes to our hotel.
But a German saying, "Der Fußbus fährt immer"!
Meaning, no matter the time or day or blood alcohol level, you can always walk.

After that, we drove home.
And with this Fußbus image I am done reporting :).

@ccfu said in perpetual licensing:

But out of interest: How much would you be willing to pay for a perpetual license? And how much for an (optional) support contract?

I co-sign this question

@visamp
With Hetzner, try to gauge your Cloudron project.
How much will happen on that instance? Will you start small and grow or do you already have an app stack in mind?

Many customers of mine want to start small, so shared vCPU and CX22 which can be scaled up as needed.
If at some point the normal scaling comes to a threshold where a dedicated server is less expensive then a Cloud server we switch to that.
The Cloudon backup function makes it very easy to fully migrate between servers and providers (not needed when upscaling).

Just one thing to keep in mind! IP reputation for Mail!
If you have to migrate from Cloud to dedicated Hardware, do so with some time ahead since almost all IPv4 addresses have been used before and have a "bad" reputation.

1. Community behind Cloudron (Devs / Forum / Community)
2. click restore / backups ! reliable backups !
3. LDAP Integration