30 character password limit

Hello,

I've tried updating the admin password a few times, only to get locked out and have to reinstall. Upon closer inspection, there seems to be a 30 character limit for passwords i.e. if you set a password > 30 characters in length and log out, you won't be able to log back in.

It's going to be an issue for me as I rely on the LDAP sync feature. Can this be fixed from cloudron's end, or is it a Documize thing?

Separately, and not a major issue, but when a login fails, there's no "feedback" e.g. "login failed" message or an animation. Is this usual for the app?

Yes, the issue was due to the LDAP cloudron being behind cloudflare. Thanks for highlighting this.

Hello, I'm having trouble connecting one cloudron to another cloudron's LDAP server. I've configured the following so far:

• Enable ipv6 on both servers.
• Confirm they works via: curl -6 http://ifconfig.me
• Enable ipv6 on the cloudron network page.
• Add AAAA records for "my" (I don't know know how to get cloudron to automatically create this, so I did it manually.
• Enable LDAP directory on cloudron A.
• Whitelist the ipv4 and 6 addresses of cloudron B on cloudron A.
• Attempt to connect cloudron B to cloudron A using the standard menus.

I'm getting a timeout error. Using sudo tcpdump -i any port 389 or port 636, I've confirmed there's data going out from cloudron B, but the same command in cloudron A doesn't return anything.

What am I missing here?

@girish said in Database connections using SSH workaround:

I guess socat is fine too if it works for your use case. Instead of creating a new postgres user, you can just use the database user which is created for nocodb. They are in the env vars of the apps - https://docs.cloudron.io/packaging/addons/#postgresql . Note that when the postgresql database upgrades, your user will not be preserved since it is not part of any backup and cloudron has no idea about this user either (so, it's best not modify postgres).

Re database upgrades, are additional databases I create also excluded from backups?

I restarted a couple of times and retried my setup again using my custom postgres user, and it's working now. But I'm not sure it will hold, it seemed to be flip-flopping between working and not working due to a security error. I am using Superset and Nocodb to test this out.

To re-clarify the setup:

• Use this method to whitelist an external port that will be exposed externally and connect to cloudron B postgres.
  E.g: 5555.

• Use socat to couple cloudron Bs postgres to the external port, as described here.

• Log into postgres and create a new user that, via assigning custom roles, has access to all the necessary custom databases (I don't know if this is recommended, so I'll omit details on what I did here exactly).
  E.g: my_user has access to db_1, db_2, db_3

• Go into the app and login with the cloudron B IP + external port + the custom db user + etc etc.

I will continue to test this out and post back if the errors come back again.

@girish I had tried the SSH tunnel method the other day, with no success, but it appears I should have been using the docker interface instead, as in your example. Is this method or the socat method more meaningfully preferred over the other?

Just had an epiphany...

I had to do create several roles to get the custom user and db working to circumvent the cloudron restrictions in place on the database:

# samerole specifies that the requested user must be a member of the role with the same name as the requested database
host samerole all 0.0.0.0/0 md5

In light of this, I've just tried to log into root (after granting said roles), and it works. So the current issue is the cloudon database security, not the bridge -- that's progress.

1. Does this post now go into another topic?
2. How to deal with the database user security stuff? I dont want to be using root.

I managed to find this post that sounds like what I'm trying to do, but I'm not able to get it to work. I get back the following error:

(psycopg2.OperationalError) connection to server at "x.x.x.x", port 5555 failed: FATAL: no pg_hba.conf entry for host "172.18.0.1", user "my_user", database "my_db", no encryption (Background on this error at: https://sqlalche.me/e/14/e3q8)

x.x.x.x: Either the origin IP or the VPN IP, both return the same error. Using the FQN doesn't work.
Port 5555: The port I've established coupling to the internal postgres server
user my_user and database my_db: I created a custom user and databas within the target cloudron postgres server (using root credentials).

I found two pg conf file. The first one, in /var, I added an entry to temporarily whitelist all IPs for the user, to no avail. The second, in /etc, is not writable.

Is the second causing the issue? Don't think it's possible to edit it as it's a mounted file.

I have another issue that's possibly related.

I've used nocodb to connect to the local postgres. When I try to edit a table, I get the toast notification:

Cannot read properties of undefined (reading 'column_name')

I'm unable to write any row data to the database table. I can add new columns to the table though.

EDIT: Scratch this, I figured out including a primary key on the table avoids this error.

Hello,

I have two cloudrons. I want to hook up nocodb on one to the postgres on the other.

However, it appears that nocodb does not support database connections over ssh.

Given that apps cannot "see" the machine host network, I can't use a port using an ssh tunnel on the server either.

Any ideas on how to achieve this?

I do have a VPN set up between the two cloudrons -- if there's a simple way of bridging the docker and vpn networks, that would suffice. (Admittedly, this would be unfamilair territory for me.)

Thanks

Following my previous post, I've set things up using the alternative method:

• Setup the cloudflare "obscured" cloudon using domain 1, and the "mail" cloudron using domain 2.
• Add domain 1 as an additional domain in the mail cloudron.
• Add a mailbox for domain 1 in the mail cloudron. DNS records for domain 1 should automatically update without exposing the obscured cloudron server.
• Use the SnappyMail app on the obscured cloudron (as far as I know, it's the only email app that allows connecting to external email servers). You need to access the admin page to be able to add in external email servers.
• Login with any email address as needed.

The potential downside is that all email addresses need to be set up on the mail cloudron, which can mean duplicating users across the two cloudrons. Fortunately, there is the shared LDAP feature in cloudron (which I think is only available account-wide with a paid subscrption?)

I have updated my setup as per the link above i.e. the relay server has the main server's domain and I have a "relay" email inbox set up in there.

I am able to send emails if the sending and relay email addresses match. But it doesn't work if the sending email is different to the relay email e.g. send@domain2.com > relay@domain2.com > destination email (Error: 550 Authenticated user relay@domain2.com cannot send mail as send@domain2.com)

At this point, I think I may as well manually repoint my email clients on the main server to use the relay server as the email server. I will test this method out w.r.t sending, receiving and verified dns settings.

@robi That post and the documentation do not go into the specifics of setup.

I've attempted setup myself, I got as far as setting up Cloudron 2 > Email > Outbound relay settings to use Cloudron 1, and I have included an SPF record for domain 1 in the configuration of domain 2. I'm not sure how to configure DKIM. I've also seen mentioned in the Cloudron docs a "Domain verified" setting requisite -- I do not see such an option in the Cloudron email server settings.

When I try to send out an email on Cloudron 2, I get something along the lines of:
Error 550 authenticated user [relay address on server 1] cannot send mail as [sending address on server 2]

@girish Cloudflare is not strictly relevant for the solution, but I am using it for mydomain1.com and I do not want the origin server exposed, hence the relay requirement -- I imagine this kind of setup isn't entirely uncommon.

Hello, is the following configuration feasible? If so, can anyone provide a step-by-step guide on how to set this up? Thanks.

• Relay server = Cloudron 1 = mydomain1.com.
• Main server = Cloudron 2 = mydomain2.com.
• I want to be able to send out emails at hello@mydomain2.com via apps on Cloudron 2 using the relay, so I can obscure the IP of Main server.
• Incoming emails @ mydomain2.com are accessible on apps on Cloudron 2.
• Main server IP address is obscured.
• Relay server IP is not (does not have to be) obscured.

Got it working. Tested for both .co.uk and .com domains.

See line 92 -- there is a second instance of code that needs to be updated as per your initial update.

I'm getting a different error now:
Configuration error: The domain (mydomain.co) doesn't seem to be associated with your account.

It appears there's something wrong with the slicing concatenating somewhere.

FYI I've done a simple get request over the API and I can see all of my domains listed in the response.

Licence:
https://docs.airbyte.com/developer-guides/licenses/license-faq

It uses the ELv2 licence, the main resetriction being that you cannot sell the app as a "managed service". I suppose cloudron's automatic updates would constitute a breach of the licence?

What if patching was left to the cloudron user?

Hello,

Would there be a reason why cloudron is not able to detect .co.uk domains sitting on Namecheap? I'm getting the error "Configuration error: Domain name not found".

I noticed the issue when I set up cloudron for the first time a couple of weeks ago, so I went ahead with a .com domain.

I've gone back to try and install on the .co.uk domain and I'm still getting the same error.

Confirmed other .com domains work fine.
.org domain works fine.
.org.uk works.

Thanks

Dagster is a data orchestration tool, and offers more powerful features compared to Airflow.

https://dagster.io/

Hello,

I would like to request Airbyte be added as an application on Cloudron. Airbyte is a popular open-source cloud ETL tool.
https://airbyte.com/

Thank you

C