Hello all.
I have a Debian 12 VM running librenms and syslog-ng. All of my systems (other than Cloudron) send all their logs (vis rsyslog) to it.
I would like to feed all the Cloudron OS/docker logs to that server. Having a proper/supported/GUI way todo so would be very nice.
Also (for those who don't have a syslog server) logrotate/logwatch support would be good as well.
By the way, for these requests, I am happy to help hack on them, test them out etc.
For anyone who wants to follow my packaging work:
https://git.knownelement.com/KNEL/KNELProductionContainers/src/branch/master/PackagingWorkspace
I have this working in both directions now!
The key was :
14 su www-data -c 'git config --global user.name ReachableCEO'
15 su www-data -c 'git config --global user.email charles@turnsys.com'
And I then created a page in grav and it synced up to my repo:
Thanks to everyone for the assistance!
Hello everyone. I am beginning to actually package up applications. Do you all have a discord/slack/telegram/etc room ? Would be great to co-work/hack/collaborate with core team as I work on all these apps. 
I have two milestones defined:
The July milestone is finalized. I de-scoped a handful of (redundant) apps . I decided to keep librenms/mailpiler in a VM on-premise and grocy in the HomeAssistantOS VM. Eliminated homebox/homechart as redundant with grocy. Oh also keeping sipwise on-premise in a dedicated VM (because DHCP/tftp/port forwarding from my router). And sipwise really wants to have full control of the VM.
@girish This is incredible. Thank you so much for sharing this.
Iām in the process of adding it to Claude Desktop.
Connecting...
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply# gup
Already up to date.
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply# cat /app/data/.bashrc
cd /app/data/public/KNEL/FetchApply
alias gup='su www-data -c "git pull"'
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply#
Ah this opens up all manner of creature comforts. Excellent! Really appreciate the prompt response @joseph
Thanks!!! That's awesome. That did EXACTLY what I needed.
I believe you can achieve this with a normal cloudron user (even on another domain) and using masquerading?
As for the "automatic DNS" , that's a checkbox option when you are setting up mail for the first time on a domain. It is checked by default. That could perhaps be un-checked by default.
I would also like this.
Currently (I think?) this needs to be done by the mailbox owner inside Roundcube or other MUA.
Would also like anti virus scanning (inbound/outbound) and a quarantine queue.
Who owns the overall mail system feature? Does it have a roadmap? An area in the forum?
@ekevu123 MCP is highly application specific. It is out of scope for Cloudron to have an "MCP server" (except, as discussed in the thread, perhaps for Cloudron itself).
Each app has it's own functionality to be exposed/consumed/orchestrated by an MCP client.
What use cases do you have in mind ? Can you describe how you would use MCP with Cloudron apps?
@fbartels An MCP server for Cloudron would be useful. I would like to be able to use Claude for orchestration and not (necessarily) need to rely on the cloudron npm cli tool.
However it would only be for Cloudron itself. Each app would still need to have an MCP written for it.
I am about to be spending all day every day in Claude and I am living the MCP life (currently Redmine/Joplin). And working on packaging (via Claude) about 50 apps for Cloudron.
Per @james , I am putting in a feature request instead of a support topic.
Context:
I am running about 20 of the Cloudron LAMP app instances.
I have been updating them via WINSCP/FileZilla. I'm switching to doing a git pull (since all of the content is managed in a git repo).
Currently I have to:
su www-data -c "git pull"
Otherwise I get:
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply# git pull
fatal: detected dubious ownership in repository at '/app/data/public/KNEL/FetchApply'
To add an exception for this directory, call:
git config --global --add safe.directory /app/data/public/KNEL/FetchApply
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply# git config --global --add safe.directory /app/data/public/KNEL/FetchApply
error: could not lock config file /root/.gitconfig: Read-only file system
I want to make an alias for the su -... command.
Editing .bashrc says read only filesystem.
Question 1: Should we have the ability to customize the root shell on cloudron? Does this compromise the integrity of the system? What are the downsides? What are the rollback / recovery mechanisms?
Question 2: Should we have the ability to change shells? (I am a huge zsh user, cloudron is the only system in my fleet not using zsh).
Question 3: How should different kinds of customizations be handled? For example, aliases/ps(x)/themes etc? Should it only be a single custom file where you can put "whatever you want"? Should it be a set of files?
Question 4: Can the files be able to be pulled from version control?
I will put in a feature request now and we can discuss further in that thread.
In the interim I can utilize autohotkey/espanso to type that out for me. So it's not a big deal. Still, it would be nice to have a way to alter the bash environment (I would love to be able to use zsh on my cloudron server). I realize that interaction via the shell isn't really expected (as the primary UI) (vs the web ui).
I'll want to roll out CI/CD soon (all my sites are mdbook, so I'll need to pull the compiled assets from the git repo), and will need to be able to git pull as part of that process.
I am running about 20 of the Cloudron LAMP app instances.
I have been updating them via WINSCP/FileZilla. I'm switching to doing a git pull (since all of the content is managed in a git repo).
Currently I have to:
su www-data -c "git pull"
Otherwise I get:
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply# git pull
fatal: detected dubious ownership in repository at '/app/data/public/KNEL/FetchApply'
To add an exception for this directory, call:
git config --global --add safe.directory /app/data/public/KNEL/FetchApply
root@16405153-e269-41e3-ab8d-095606d5b07e:/app/data/public/KNEL/FetchApply# git config --global --add safe.directory /app/data/public/KNEL/FetchApply
error: could not lock config file /root/.gitconfig: Read-only file system
I want to make an alias for the su -... command.
Editing .bashrc says read only filesystem.
For me, I have avoided all HA/replication (with the exception of backups). In my 20+ year career as a professional system admin/engineer/architect in increasing levels of responsibility/authority I have only seen HA/replication cause more issues than it's worth.
To be clear, I am referring to things with state (databases). Starless (application frontends) and clustered "semi stateful" (think memcached/redis) is quite welcome/acceptable.
Database replication with appropriate monitoring/resiliency/planning could be useful. It can also go sideways in nasty ways.
I have found Cloudron backup/restore to be quite fast (presuming your Cloudron instance is network close enough to your backup target). The upcoming backup changes are quite welcome and address all of my concerns.
Add a CDN in the front and enjoy stateless/horizontal scaling.
As I understand it, swapping out your data store to a cluster (and keeping the docker/readonly/app bits in Cloudron) should be easy? Just need to update the DB_ related environment variables?
I (and my company) are very heavy users of Cloudron. Being on a single box hasn't been an issue for us. When we need to scale (we expect to have some massive read heavy apps using some complex GIS stuff) we will use a CDN. We are spinning up a large k8s cluster to run a number of high compute workloads. All of the command/control will be via Cloudron hosted apps (BOINC/SLURM).
Cloudron is for "bootstrap/core" "pets" (but using a kind of "cattle" architecture/model)(this combination is very powerful) , k8s is for your scale out cattle. (k3s/rancher/longhorn) makes k8s deployment quite easy).
Would it be possible to set (chrony/timesyncd/ntp pick your poision) parameters in the GUI?
I run a stratum1 high precision timing source on my network and have all my (non cloudron) systems configured to use it.
I presume I can alter the underlying configuration of Ubuntu to point at it, but I try to make zero changes to the underlying OS.
I would like Cloudron to support password complexity setting.
Allowing for (ideally via GUI and some kind of json/yaml etc file that can be version controlled/deployed via IAC):
(checkboxes/fields for setting:)
The default should be the same as it is now (to not break any existing users).
Will do.
What about adding SNMP support (in the GUI) (community setting and ACL)?
I have a pretty customized snmpd.conf (which I would need to modify for Cloudron) . It would be good to have support for custom snmpd.conf (even if it needs to be pasted into the gui).
Also SMART support/reporting? (my snmpd.conf uses smartmontools).
Feel free to move this (entire topic/parts of it) to the best category as appropriate.
As my company/businesses mature and I am pursuing larger contracts/fundraising, I have more involved due diligence requirements from my board and counter parties.
Using Cloudron as our central IDP, we would like to be able to set password complexity requirements. For now, using 2fa (since everything we use now supports OIDC with the recent dollibar update) we can get an exception to the complexity requirements, but that won't last forever. Any possibility of being able to set complexity requirements? Even if it needs to be done via changing a json file or something?
Centralized logging (OS/container) logs. I have a Librenms VM I run on premise (where all my bulk/slow storage is) running syslog-ng integrated into Librenms.
Official support for Tailscale (or other overlay networks such as Netbird). Currently installing Tailscale into the Cloudron VM and editing /etc/resolv.conf to point at my Librenms Vm (running a DNS docker container) allows everything to work.
Support for the Wazuh agent (for compliance reporting/enforcement)
Hardening of the underlying Ubuntu server (via say https://github.com/ComplianceAsCode ) (and also things like hardening the SSH configuration).
I am happy todo all of the heavy lifting in regards to the above. I have a set of provisioning scripts https://git.knownelement.com/KNEL/FetchApply ) and am working on all of the security hardening/system monitoring/centralized logging on all of my non Cloudron servers. I would like to work with the project to "officially" integrate (in a maintainable/supportable way) these more "enterprise" focused things into the Cloudron product. I realize that it's a slider between hardening and convenience and that (many? most?) Cloudron users are small/medium businesses/(pro)sumers who don't necessarily want these things. Product management/positioning is very difficult!
I imagine, many/most of the Linux hardening things will have zero impact on most users, and only serve to make attackers life harder.