We packaged it up for Cloudron here: https://github.com/halecraft/kestra-cloudron
canadaduane
Posts
-
Kestra on Cloudron – Open Source Workflow Orchestration with Developer Symmetry -
Kestra on Cloudron – Open Source Workflow Orchestration with Developer Symmetry@james Updated
-
Kestra on Cloudron – Open Source Workflow Orchestration with Developer SymmetryMain Page: https://kestra.io Git: https://github.com/kestra-io/kestra Licence: Apache 2.0 Docker: Yes Demo: https://demo.kestra.io/
Summary:
Kestra is a powerful, fully open-source declarative workflow orchestration engine. It allows developers and low-code users to define, run, and monitor complex workflows using either a UI or YAML-based code. Kestra integrates smoothly with modern developer tooling, including GitHub, and supports two-way synchronization between the UI and code—making it ideal for teams that blend visual and code-based development styles.
Notes:
I've previously used N8N and ActivePieces on Cloudron. While both have strengths, N8N is difficult to integrate with version-controlled development, and ActivePieces limits its useful features behind paywalls. Kestra offers a more open and developer-friendly alternative. With over 18k GitHub stars and 600+ plugins (including LLM support), it has a vibrant and growing ecosystem. I especially appreciate its ability to sync workflows between UI and code, making collaboration seamless between engineers and non-coders.
Alternative to / Libhunt link:
Alternative to: N8N, Airflow, ActivePieces
Libhunt: https://selfhosted.libhunt.com/kestra-alternatives -
ActivePieces - nocode alternative to Zapier, Make, n8n etcWe have an ActivePieces cloudron package working here:
github.com/canadaduane/activepieces-cloudron
https://github.com/halecraft/activepieces-cloudronAs far as I can tell, there is no OIDC setup for the community version of ActivePieces, so no direct integration possibility with Cloudron users.
-
First try app packaging : librechat - issue with postgresql extention (pgvector)@Valexico is the MIT license ok with you also?
-
First try app packaging : librechat - issue with postgresql extention (pgvector)Thanks @girish! I've added an MIT license. Also, I tested with a basic OPENROUTER_KEY and it seems to work well. I'm not aware of any issues at this time.
-
Where should I share my Work In Progress on app packaging ?I think the
CloudronPackagePrompt.md
file changed locations or was removed. Here is a URL that includes a commit SHA at a time in the repo when it existed:Here is the prompt, licensed AGPL according to the repo:
Cloudron Application Packaging Wizard
You are a Cloudron packaging expert who will help me package any application for deployment on the Cloudron platform. Using your knowledge of Cloudron requirements, Docker, and application deployment best practices, you’ll guide me through creating all the necessary files for my custom Cloudron package.
Your Process
- First, ask me only for the name of the application I want to package for Cloudron.
- Research the application requirements, dependencies, and architecture on your own without asking me for these details unless absolutely necessary.
- Create all required files for packaging:
CloudronManifest.json
Dockerfile
start.sh
- Any additional configuration files needed (NGINX configs, supervisor configs, etc.)
- Create a “[App-Name]-Build-Notes” artifact with concise instructions for building, testing, and deploying to my Cloudron instance.
Key Principles to Apply
CloudronManifest.json
- Create an appropriate app ID following reverse-domain notation
- Set memory limits based on the application requirements
- Configure the proper httpPort which must match your NGINX setup
- Include necessary addons (postgresql, mysql, mongodb, redis, localstorage, etc.)
- Add appropriate metadata (icon, description, author)
- Include a postInstallMessage with initial login credentials if applicable
- Configure authentication options (OIDC or LDAP)
Authentication Configuration
- Configure the app to use Cloudron’s OIDC provider (preferred method):
- Set up routing to
/api/v1/session/callback
in CloudronManifest.json - Use environment variables like
CLOUDRON_OIDC_IDENTIFIER
,CLOUDRON_OIDC_CLIENT_ID
, andCLOUDRON_OIDC_CLIENT_SECRET
- Properly handle user provisioning and group mapping
- Set up routing to
- Alternative LDAP configuration:
- Use Cloudron’s LDAP server with environment variables like
CLOUDRON_LDAP_SERVER
,CLOUDRON_LDAP_PORT
, etc. - Configure proper LDAP bind credentials and user search base
- Map LDAP groups to application roles/permissions
- Use Cloudron’s LDAP server with environment variables like
- For apps without native OIDC/LDAP support:
- Implement custom authentication adapters
- Use session management compatible with Cloudron’s proxy setup
- Consider implementing an authentication proxy if needed
Dockerfile
- Use the latest Cloudron base image (cloudron/base:4.2.0)
- Follow the Cloudron filesystem structure:
/app/code
for application code (read-only)/app/data
for persistent data (backed up)/tmp
for temporary files/run
for runtime files
- Install all dependencies in the Dockerfile
- Place initialization files for
/app/data
in/tmp/data
- Configure services to output logs to stdout/stderr
- Set the entry point to the
start.sh
script
start . sh
- Handle initialization of
/app/data
directories from/tmp/data
if they don’t exist - Configure the application based on Cloudron environment variables (especially for addons)
- Generate secrets/keys on first run
- Set proper permissions (chown cloudron:cloudron)
- Process database migrations or other initialization steps
- Launch the application with supervisor or directly
- Configure authentication providers during startup
Web Server Configuration
- Configure NGINX to listen on the port specified in CloudronManifest.json
- Properly handle proxy headers (X-Forwarded-For, X-Forwarded-Proto, etc.)
- Configure the application to work behind Cloudron’s reverse proxy
- Set up correct paths for static and media files
- Ensure logs are sent to stdout/stderr
- Configure proper authentication routing for OIDC callbacks
Process Management
- Use supervisord for applications with multiple components
- Configure proper signal handling
- Ensure processes run with the cloudron user where possible
- Set appropriate resource limits
Best Practices
- Properly separate read-only and writable directories
- Secure sensitive information using environment variables or files in /app/data
- Generate passwords and secrets on first run
- Handle database migrations and schema updates safely
- Ensure the app can update cleanly
- Make configurations adaptable through environment variables
- Include health checks in the CloudronManifest.json
- Implement single sign-on where possible using Cloudron’s authentication
-
LibreChatWe now have a working LibreChat cloudron container set up. See: https://forum.cloudron.io/topic/12850/first-try-app-packaging-librechat-issue-with-postgresql-extention-pgvector/14?_=1749416165430
-
First try app packaging : librechat - issue with postgresql extention (pgvector)I have a working setup, based on @Valexico 's work here:
github.com/canadaduane/librechat-cloudron
https://github.com/halecraft/librechat-cloudronThe package has been updated to the latest version of LibreChat 0.7.8, and I fixed a few minor wrinkles such as OIDC login, write access to the
public
dir, and postgres support. I haven't yet tested it with all of the providers (this requires access keys in the .env file). -
OIDC Error with Openwebui Latest Update 0.6.11@firmansi Thanks! This worked. It would be better if the URL need not be configured inside the app, but just wanted to note that the solution/workaround is ok.
-
OIDC Error with Openwebui Latest Update 0.6.11 -
First try app packaging : librechat - issue with postgresql extention (pgvector)This is awesome progress @Valexico! Did
pgvector
make it in to the base Cloudron release, and were you able to then connect LibreChat's DB up?BTW I'm very interested in this right now because Open WebUI (the only chat frontend currently supported by Cloudrain AFAIU) recently changed their license to something that is no longer open source (by OSI definition).
-
LibreChatOpen WebUI has changed their license to a not-strictly-open-source license (by OSI definition):
https://docs.openwebui.com/license/
https://www.reddit.com/r/LocalLLaMA/comments/1kg4avg/openwebui_license_change_red_flag/
-
Configuration System Overhaul - from MiroTalk SFU 1.8.00I just noticed they have mattermost integration! From the .env.example file:
# Mattermost Integration MATTERMOST_ENABLED=false # Enable Mattermost (true|false) MATTERMOST_SERVER_URL=YourMattermostServerUrl # Mattermost server URL MATTERMOST_USERNAME=YourMattermostUsername # Mattermost username MATTERMOST_PASSWORD=YourMattermostPassword # Mattermost password MATTERMOST_TOKEN=YourMattermostToken # Mattermost slash command token MATTERMOST_COMMAND_NAME=/sfu # Mattermost command name MATTERMOST_DEFAULT_MESSAGE=Here is your meeting room: # Mattermost default message
Coming from a Slack-at-work setup with huddles (video meetings) this is really cool.
-
ActivePieces - nocode alternative to Zapier, Make, n8n etcCloudron support mentioned here (but not implemented at time of writing):
-
MySQL and Postgresql as standalone appsDoes PocketBase fill that gap?
PocketBase is interesting, but I wouldn't reach for it first for core application state. Postgres is "boring technology" which is great for reliability, well-known, well-understood etc. That said, I'm sure PocketBase fills an important niche.
-
MySQL and Postgresql as standalone appsWould love to see this. Self-hosted database makes n8n much more powerful.
-
Remember to add /ghost to log in to Ghost with primary userIt's been several months (perhaps more than a year) since I tried logging in to my Ghost installation. When I tried to log in, however, it didn't seem to recognize my email. A pop-up said, "No member exists with this e-mail address. Please sign up first."
When I logged in via MySQL I could tell that the email exists in the users table. In fact, it was the only user. However, it still didn't seem to recognize the email.
It turned out that I needed to add "/ghost" to the URL to log in to the Ghost backend. I had forgotten that there is a "member" login for email sign-ups, and the member login is the visible "sign in" button on the typical landing page.
I hope this helps someone else!
-
PeerTube not responding after successful upgrade to v2.17.0I'm having trouble with this as well. Our peertube didn't make the upgrade and is in a restart loop. Running
npm run plugin:install -- -n peertube-plugin-auth-openid-connect -v 0.1.1
as cloudron user in recovery mode yields these errors:err: Error: Command failed: yarn add peertube-plugin-auth-openid-connect@0.1.1 error /app/data/storage/plugins/node_modules/ffi-napi: Command failed. ... /app/data/storage/plugins/node_modules/get-uv-event-loop-napi-h/include/get-uv-event-loop-napi.h:26:30: error: invalid conversion from ‘napi_status (*)(node_api_nogc_env, uv_loop_s**)’ {aka ‘napi_status (*)(const napi_env__*, uv_loop_s**)’} to ‘get_uv_event_loop_fn’ {aka ‘napi_status (*)(napi_env__*, uv_loop_s**)’} [-fpermissive] 26 | napi_get_uv_event_loop__ = &napi_get_uv_event_loop; | ^~~~~~~~~~~~~~~~~~~~~~~ | | | napi_status (*)(node_api_nogc_env, uv_loop_s**) {aka napi_status (*)(const napi_env__*, uv_loop_s**)} ... error: Cannot install plugin peertube-plugin-auth-openid-connect, removing it...
EDIT: In case the build info is useful:
gyp info using node-gyp@10.1.0 gyp info using node@20.15.1 | linux | x64 gyp info find Python using Python version 3.10.12 found at "/usr/bin/python3" gyp info spawn /usr/bin/python3 gyp info spawn args [ gyp info spawn args '/usr/local/node-20.15.1/lib/node_modules/npm/node_modules/node-gyp/gyp/gyp_main.py', gyp info spawn args 'binding.gyp', gyp info spawn args '-f', gyp info spawn args 'make', gyp info spawn args '-I', gyp info spawn args '/app/data/storage/plugins/node_modules/ffi-napi/build/config.gypi', gyp info spawn args '-I', gyp info spawn args '/usr/local/node-20.15.1/lib/node_modules/npm/node_modules/node-gyp/addon.gypi', gyp info spawn args '-I', gyp info spawn args '/home/cloudron/.cache/node-gyp/20.15.1/include/node/common.gypi', gyp info spawn args '-Dlibrary=shared_library', gyp info spawn args '-Dvisibility=default', gyp info spawn args '-Dnode_root_dir=/home/cloudron/.cache/node-gyp/20.15.1', gyp info spawn args '-Dnode_gyp_dir=/usr/local/node-20.15.1/lib/node_modules/npm/node_modules/node-gyp', gyp info spawn args '-Dnode_lib_file=/home/cloudron/.cache/node-gyp/20.15.1/<(target_arch)/node.lib', gyp info spawn args '-Dmodule_root_dir=/app/data/storage/plugins/node_modules/ffi-napi', gyp info spawn args '-Dnode_engine=v8', gyp info spawn args '--depth=.', gyp info spawn args '--no-parallel', gyp info spawn args '--generator-output', gyp info spawn args 'build', gyp info spawn args '-Goutput_dir=.' gyp info spawn args ]
-
How to set up backups after "noop" selected?For the record, the resolution was that I had two accounts, one an admin and one a superadmin (both with a similar username). I believe that my logging into an app as the admin caused my current account in Cloudron to also become admin. This hid the "Configure" button in the Backup section--while admins can see the backup settings, only the superadmin can change them. Logging out of the admin account immediately gave me access to superadmin again.