I would like Cloudron to support password complexity setting.
Allowing for (ideally via GUI and some kind of json/yaml etc file that can be version controlled/deployed via IAC):
(checkboxes/fields for setting:)
The default should be the same as it is now (to not break any existing users).
Feel free to move this (entire topic/parts of it) to the best category as appropriate.
As my company/businesses mature and I am pursuing larger contracts/fundraising, I have more involved due diligence requirements from my board and counter parties.
Using Cloudron as our central IDP, we would like to be able to set password complexity requirements. For now, using 2fa (since everything we use now supports OIDC with the recent dollibar update) we can get an exception to the complexity requirements, but that won't last forever. Any possibility of being able to set complexity requirements? Even if it needs to be done via changing a json file or something?
Centralized logging (OS/container) logs. I have a Librenms VM I run on premise (where all my bulk/slow storage is) running syslog-ng integrated into Librenms.
Official support for Tailscale (or other overlay networks such as Netbird). Currently installing Tailscale into the Cloudron VM and editing /etc/resolv.conf to point at my Librenms Vm (running a DNS docker container) allows everything to work.
Support for the Wazuh agent (for compliance reporting/enforcement)
Hardening of the underlying Ubuntu server (via say https://github.com/ComplianceAsCode ) (and also things like hardening the SSH configuration).
I am happy todo all of the heavy lifting in regards to the above. I have a set of provisioning scripts https://git.knownelement.com/KNEL/FetchApply ) and am working on all of the security hardening/system monitoring/centralized logging on all of my non Cloudron servers. I would like to work with the project to "officially" integrate (in a maintainable/supportable way) these more "enterprise" focused things into the Cloudron product. I realize that it's a slider between hardening and convenience and that (many? most?) Cloudron users are small/medium businesses/(pro)sumers who don't necessarily want these things. Product management/positioning is very difficult!
I imagine, many/most of the Linux hardening things will have zero impact on most users, and only serve to make attackers life harder.
Hello all.
I am in the process of packaging up many apps for Cloudron (several of which are from this forum category).
Working on them in the open here: https://git.knownelement.com/KNEL/KNELProductionContainers/src/branch/master/Cloudron
It's a long list across many different areas of focus and levels of complexity.
Who wants to help me?
Full disclosure:
Would it be possible to set (chrony/timesyncd/ntp pick your poision) parameters in the GUI?
I run a stratum1 high precision timing source on my network and have all my (non cloudron) systems configured to use it.
I presume I can alter the underlying configuration of Ubuntu to point at it, but I try to make zero changes to the underlying OS.
Hello all.
I’ve used Claude to do first cut of packing apps I want in cloudron.
Here’s the repo:
https://git.knownelement.com/KNEL/KNELProductionContainers/src/branch/master/Techops
Here’s the prompt I use :
I’ll do a bit of restructuring into a Cloudron and non cloudron directory. Check the history for the stuff I’ve been doing :
https://git.knownelement.com/KNEL/KNELProductionContainers/commits/branch/master
My Cloudron details:
Hosting Provider: Netcup
Hosting Product: VPS 8000 G11 iv 12M MNZ (16 core, 64gb ram, 2048 SSD)
Total Apps: 158
Backup provider: Backblaze B2
I and my company are all in on Cloudron.
I use it for my business and for my family office. In the process of packaging up a number of applications for Cloudron that a fully self-hosted business would need.
As I have said, I'm deploying a FLO stack (with Cloudron at the core) into a startup that I'm building (as CIO/CTO). We have to be CMMC compliant. Making sure Cloudron works on a 100% compliant base system is the first milestone. While you may not consider them issues, they do need to be addressed to be compliant. That's "my problem". If a fully compliant base system causes an issue in Cloudron , that's "our problem". 
While you, and many Cloudron users may not care about CMMC/HIPPA/SOC/PCI compliance, I (and my board) do. I'm also building a small side business which will sell Cloudron as a service (pre setup/configured, all applications have admin password changed, admin passwords stored in Bitwarden) (the new Bitwarden SSO makes that possible without bootstrapping issues) and it will have CMMC/SOC/PCI/HIPPA compliance (at the higher tier).
@girish said in What's coming in Cloudron 9:
Show backup/restore progress
Can you expand on this a bit? The current backup UI shows the progress.
Granular Backup schedule / Multiple Backup Desinations
As in per application? That would be awesome. For example, I would want say Nextcloud/Gitea/ Redmine backed up multiple places and daily, but MiroTalk/Searxng monthly and to one place. If it could be done off of tags, that would be wonderful. I would tag apps as stateful, stateless myself (and perhaps some kind of priority tag). If one could have some kind of Recovery Time Objective/Recovery Point Objective , that would be very "enterprise". Honestly just per app / tag granular backup schedule/destination would let one achieve that.
I have this working in both directions now!
The key was :
14 su www-data -c 'git config --global user.name ReachableCEO'
15 su www-data -c 'git config --global user.email charles@turnsys.com'
And I then created a page in grav and it synced up to my repo:
Thanks to everyone for the assistance!
This is now working for me. Unless anyone else is still having an issue, I think this issue can be closed.
Oh yes. I’m sure I’ll need to make some tweaks. So far it’s been pretty good results across languages. It searches as it works and pulls the results into how it builds the output.
I’ve yet to do any testing. I hack in the open from the very get go
For me, I have avoided all HA/replication (with the exception of backups). In my 20+ year career as a professional system admin/engineer/architect in increasing levels of responsibility/authority I have only seen HA/replication cause more issues than it's worth.
To be clear, I am referring to things with state (databases). Starless (application frontends) and clustered "semi stateful" (think memcached/redis) is quite welcome/acceptable.
Database replication with appropriate monitoring/resiliency/planning could be useful. It can also go sideways in nasty ways.
I have found Cloudron backup/restore to be quite fast (presuming your Cloudron instance is network close enough to your backup target). The upcoming backup changes are quite welcome and address all of my concerns.
Add a CDN in the front and enjoy stateless/horizontal scaling.
As I understand it, swapping out your data store to a cluster (and keeping the docker/readonly/app bits in Cloudron) should be easy? Just need to update the DB_ related environment variables?
I (and my company) are very heavy users of Cloudron. Being on a single box hasn't been an issue for us. When we need to scale (we expect to have some massive read heavy apps using some complex GIS stuff) we will use a CDN. We are spinning up a large k8s cluster to run a number of high compute workloads. All of the command/control will be via Cloudron hosted apps (BOINC/SLURM).
Cloudron is for "bootstrap/core" "pets" (but using a kind of "cattle" architecture/model)(this combination is very powerful) , k8s is for your scale out cattle. (k3s/rancher/longhorn) makes k8s deployment quite easy).
The prompt file is here :
I’ve been busy building out the front office (physical facilities ) of my rental businesses. That’s finishing up this weekend.
So now I’m coming back to building out the middle / back office , and that means lots of cloudron packaging!
Hello.
I was doing some research and I see Dolibarr supports OIDC.
https://wiki.dolibarr.org/index.php?title=Authentication,_SSO_and_SSL
Any possibility of switching to that from LDAP?
Dolibarr is my only Cloudron app using LDAP and not 2fa protected.
For anyone who wants to follow my packaging work:
https://git.knownelement.com/KNEL/KNELProductionContainers/src/branch/master/PackagingWorkspace
I would like the ability to search in the domain list when I’m deploying an app from the Cloudron application store.
Basically , every list selection box should be searchable. Users , groups , domain etc
This is the out of the box results on a fully patched/updated Cloudron per Wazuh (as of about 90 seconds ago).
I will be deploying a test instance of Cloudron on a VM with a set of CIS/NIST ansible playbooks to get the node to 100% compliance and see if anything breaks.
Any update on this ? Where is the roadmap being set ? How can i help hack on this and send a PR?
(I realize this is an old post, but I can't let such things go un-addressed).
@LoudLemur said in Configuring Apache Superset to install and show demo data on Cloudron:
Will do! I love Cloudron and it is a pleasure to recommend it, though this is tinged by the licence.
Really?
You won't pay $1.00 a day for Cloudron? Why not?
How can you not see the cost/value/return on investment of $1.00 a day for all the amazing work/time savings etc that Cloudron provides?
Why would you attack such a successful business model? They could easily charge $50.00 a month as a base level and it would be worth it.
I'm using Z.AI GLM5 exclusively . It is an amazing model and the 30.00 a month rate is incredible. I can't seem to hit the quota no matter how much work me and other users are doing