Dolibarr OIDC

I will wait for @vladimir.d to reply Otherwise I'll attempt to set it up as a Cloudron OIDC client in next couple days.

Looks like it’s OIDC ?

Hello.

I was doing some research and I see Dolibarr supports OIDC.

https://wiki.dolibarr.org/index.php?title=Authentication,_SSO_and_SSL

Any possibility of switching to that from LDAP?

Dolibarr is my only Cloudron app using LDAP and not 2fa protected.

Oh yes. I’m sure I’ll need to make some tweaks. So far it’s been pretty good results across languages. It searches as it works and pulls the results into how it builds the output.

I’ve yet to do any testing. I hack in the open from the very get go

Hello all.

I’ve used Claude to do first cut of packing apps I want in cloudron.

Here’s the repo:

https://git.knownelement.com/KNEL/KNELProductionContainers/src/branch/master/Techops

Here’s the prompt I use :

https://git.knownelement.com/KNEL/KNELProductionContainers/src/branch/master/Techops/CloudronPackagePrompt.md

I’ll do a bit of restructuring into a Cloudron and non cloudron directory. Check the history for the stuff I’ve been doing :

https://git.knownelement.com/KNEL/KNELProductionContainers/commits/branch/master

How about using Keycloak for this? Now that Keycloak is in the Cloudron App Store

Did you get this working ?

Is the app setup out of box to federate to the Cloudron LDAP?

I want to use this as the IDP (proxy) for NetBird since that’s officially supported / documented in the NetBird docs (va attempting to use cloudron OIDC directly which I haven’t been able to fully wrap my head around).

I’m open to either. Though, of course , Keycloak is a common IDP and supported by many things out of the box. And since cloudron doesn’t really have fine grained admin permissions , Keycloak could be a way for me to delegate (for non cloudron apps) admin permissions.

I tried to drop down to the www-data user but no success.

root@b1e03a66-bb9e-4808-aecf-68c518fed0d5:/app/code# ../data/tasks-via-email.sh 
rake aborted!
ArgumentError: Missing `secret_key_base` for 'production' environment, set this string with `bin/rails credentials:edit` (ArgumentError)

          raise ArgumentError, "Missing `secret_key_base` for '#{Rails.env}' environment, set this string with `bin/rails credentials:edit`"
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application/configuration.rb:519:in `secret_key_base='
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application/configuration.rb:503:in `secret_key_base'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application.rb:470:in `secret_key_base'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application.rb:205:in `block in message_verifiers'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/message_verifiers.rb:132:in `build'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/messages/rotation_coordinator.rb:85:in `block in build_with_rotations'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/messages/rotation_coordinator.rb:85:in `map'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/messages/rotation_coordinator.rb:85:in `build_with_rotations'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/messages/rotation_coordinator.rb:19:in `[]'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application.rb:232:in `message_verifier'
/run/redmine/vendor/ruby/3.3.0/gems/activerecord-7.2.2.1/lib/active_record/railtie.rb:355:in `block (3 levels) in <class:Railtie>'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:97:in `class_eval'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:97:in `block in execute_hook'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:87:in `with_execution_control'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:92:in `execute_hook'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:62:in `block in on_load'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:61:in `each'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:61:in `on_load'
/run/redmine/vendor/ruby/3.3.0/gems/activerecord-7.2.2.1/lib/active_record/railtie.rb:354:in `block (2 levels) in <class:Railtie>'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:94:in `block in execute_hook'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:87:in `with_execution_control'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:92:in `execute_hook'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:78:in `block in run_load_hooks'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:77:in `each'
/run/redmine/vendor/ruby/3.3.0/gems/activesupport-7.2.2.1/lib/active_support/lazy_load_hooks.rb:77:in `run_load_hooks'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application/finisher.rb:94:in `block in <module:Finisher>'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/initializable.rb:32:in `instance_exec'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/initializable.rb:32:in `run'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/initializable.rb:61:in `block in run_initializers'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/initializable.rb:60:in `run_initializers'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application.rb:435:in `initialize!'
/app/code/config/environment.rb:16:in `<top (required)>'
/run/redmine/vendor/ruby/3.3.0/gems/zeitwerk-2.7.2/lib/zeitwerk/core_ext/kernel.rb:34:in `require'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application.rb:411:in `require_environment!'
/run/redmine/vendor/ruby/3.3.0/gems/railties-7.2.2.1/lib/rails/application.rb:559:in `block in run_tasks_blocks'
/run/redmine/vendor/ruby/3.3.0/gems/rake-13.2.1/exe/rake:27:in `<top (required)>'
/home/cloudron/rbenv/versions/3.3.4/bin/bundle:25:in `load'
/home/cloudron/rbenv/versions/3.3.4/bin/bundle:25:in `<main>'
Tasks: TOP => redmine:email:receive_imap => environment
(See full trace by running task with --trace)
root@b1e03a66-bb9e-4808-aecf-68c518fed0d5:/app/code# 

Has anyone gotten this to work?

I am using Redmine, not OpenProject.

If someone could provide an example shell script I can call from cron, it would be appreciated.

How do I start the line? I tried various combinations of bundle rake/rake_exec with no success.

@BrutalBirdie Thanks.

I also notice that /etc/aliases isn't setup and no mail command exists.

How is mail to/from root handled by Cloudron? That's particularly important for things like logwatch. Also what about cron jobs running as root etc?

I realize that Cloudron is meant (and does a fantastic job) of abstracting away from the underlying VPS (essentially the VPS can be treated as "read only" after Cloudron install).

Still, the OS may occasionally alert on something. Especially if say someone is running a RAID array and wants alerts or has smartmon setup etc. The default/easiest way most of those OS level tools work is e-mailing root , and the expectation is that any forwarding etc is handled by /etc/aliases and an OS level SMTP setup.

I do see that docker is listening on 25:

root@tsys-cloudron:~/.ssh# netstat -punta|grep 25
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1192/dockerd

Perhaps something like msmtp could be setup to listen to 127.0.0.1:25 and forward to the Cloudron SMTP instance?

I briefly searched the forum and didn't find anything on this topic. Feel free to point me to existing topics.

1. Is off-box/remote logging possible? I presume I can drop to the root shell and tweak the (r)syslog configuration to send things to a remote target. I would prefer a UI/API way todo this task (to ensure it doesn't break anything).

2. Same for other logging settings (retention/rotation).

3. Integration of logwatch

4. Is the /etc/aliases (root) alias setup to send to whatever Cloudron (SuperAdmin)(s) e-mail addresses?

5. What about docker logs? (Targeting/retention)?

Cloudron is wonderful and covers many of my needs. However I also have a Coolify server and it's running things like Graylog/Librenms and other infrastructure bits that Cloudron doesn't provide. For those of us with a bit bigger "enterprise" type setup/requirements, Cloudron could use some lightweight integration points/support.

@joseph Right. But Cloudron does check for e-mail setup. It seems what's being asked for (and I agree) is ipv6 related mail health check as part of the periodic e-mail health check Cloudron does already.

@marcusquinn PTR setup would require a bit deeper integration into various hosting provider API (if they even allow one to set PTR via API). Checking could indeed be automated.

@girish said in What's coming in Cloudron 9:

Show backup/restore progress

Can you expand on this a bit? The current backup UI shows the progress.

Granular Backup schedule / Multiple Backup Desinations

As in per application? That would be awesome. For example, I would want say Nextcloud/Gitea/ Redmine backed up multiple places and daily, but MiroTalk/Searxng monthly and to one place. If it could be done off of tags, that would be wonderful. I would tag apps as stateful, stateless myself (and perhaps some kind of priority tag). If one could have some kind of Recovery Time Objective/Recovery Point Objective , that would be very "enterprise". Honestly just per app / tag granular backup schedule/destination would let one achieve that.

Thanks to everyone for the responses. I fully understand the backups now and have reported to my board that it's indeed production ready for our organization.

How can I restore the user database ? How can I restore an individual email account?
What is the backup frequency of email and the user database?

These are key questions for using this in the enterprise. My board of directors wants a better understanding of the backup and restore capabilities of Cloudron as we move into production.

From the cloudron backups page:

“
Only the database and app user data is backed up
“

How can I verify that? Can you prove that? What file names / patterns should I be looking for?

How is the cloudron user database backed up?

What about email accounts ?

What about the application access settings / groups etc?

How can I perform a complete backup of my cloudron instance ?

Yes , the application data is safe. That’s very important of course. User files and other data.

However user emails don’t appear to be backed up and neither does the user database.

Make these two things match:

Groups doesn't have a search function, where users does.