Latest OpenWebUI with Openterminal

Is that recommened? Or should it be run on another VM and cross linked via the UI settings? I mean, I suppose its somewhat blast radius limited to the container.

Is anyone running OpenTerminal (either on cloudron as a side car or on a remote server)?

I'm using Z.AI GLM5 exclusively . It is an amazing model and the 30.00 a month rate is incredible. I can't seem to hit the quota no matter how much work me and other users are doing

Conduit is amazing! I'm using it on iphone/ipad constantly. The only thing it doesn't support is sharing chats. But i can easily use the very mobile friendly OWUI interface to share a chat.

It also doesn't appear to support multiple OWUI instances . I run three (main, ITAR/proprietary, preprod). I also have two cloudron user accounts (one i stream from and i consider public, one i consider private) and it would be nice to be able to quickly switch between them in the app. For now I use safari profiles to do that. 99% of the time I'm using the main instance with my public account).

Well worth the price. Its awesome to be able to share things to the app in the share sheet etc.

So gald you posted this. It brings OWUI to the level of ChatGPT/Claude that my friends/family want. They've been using my OWUI instance directly and via the app. OWUI has become the most used app on my cloudron!

Excellent. Thank you. That is what I was looking for. And from that page, it links to https://docs.cloudron.io/user-management/#roles . Excellent. We can close this thread.

I do see a reference (in graphical form) to roles here : https://docs.cloudron.io/user-management , but nowhere in textual form.

Are the docs generated from a git repo by chance? I could have AI do a git bisect

Yes... I'm aware That isn't the issue. The issue is that, when I made my report, a rendering error was present on the introduction page regarding roles.

Also it seems that all references to roles is now gone from the docs?

The reason I noticed this, is I am attempting to create a system to automate user signup on my cloudron for my saas apps via API. And when I was looking the other day, I was very pleased to see a role called "user-manager" (i believe). As that is all I want the SAAS apps to be able todo in the Cloudron.

Um. I don't know if i can. I think it was on the front page https://docs.cloudron.io/api/cloudron-api ? It doesn't appear i can deep link to a section? Also the Authorization section appears to be gone completely from the page now?

The Authorizarion section is broken. It just says:

<!-- Redoc-Inject: <security-definitions> -->

That did the trick! Thank you! We can close this topic now.

If Redis is the worker, and the most recent update is:

"

Package Updates
wrote 6 days ago
last edited by
#118
[5.6.6]

Fix worker configuration
"

it is very much not fixed

Feb 04 22:15:18 RedisException: OOM command not allowed when used memory > 'maxmemory'. in /app/code/lib/private/Memcache/Redis.php:75

It just loops.

Feb 04 22:23:35 Stack trace:
Feb 04 22:23:35 #0 /app/code/lib/private/Memcache/Redis.php(75): Redis->setex()
Feb 04 22:23:35 #1 /app/code/lib/private/AppConfig.php(1373): OC\Memcache\Redis->set()
Feb 04 22:23:35 #2 /app/code/lib/private/AppConfig.php(284): OC\AppConfig->loadConfig()
Feb 04 22:23:35 #3 /app/code/lib/private/AppConfig.php(1832): OC\AppConfig->searchValues()
Feb 04 22:23:35 #4 /app/code/lib/private/Memcache/Factory.php(121): OC\AppConfig->getAppInstalledVersions()
Feb 04 22:23:35 #5 /app/code/lib/private/Memcache/Factory.php(160): OC\Memcache\Factory->getGlobalPrefix()
Feb 04 22:23:35 #6 /app/code/lib/private/Server.php(936): OC\Memcache\Factory->createLocking()
Feb 04 22:23:35 #7 /app/code/lib/private/AppFramework/Utility/SimpleContainer.php(169): OC\Server->OC\{closure}()
Feb 04 22:23:35 #8 /app/code/3rdparty/pimple/pimple/src/Pimple/Container.php(122): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
Feb 04 22:23:35 #9 /app/code/lib/private/AppFramework/Utility/SimpleContainer.php(136): Pimple\Container->offsetGet()
Feb 04 22:23:35 #10 /app/code/lib/private/ServerContainer.php(154): OC\AppFramework\Utility\SimpleContainer->query()
Feb 04 22:23:35 #11 /app/code/lib/private/AppFramework/Utility/SimpleContainer.php(45): OC\ServerContainer->query()
Feb 04 22:23:35 #12 /app/code/lib/private/Files/View.php(76): OC\AppFramework\Utility\SimpleContainer->get()
Feb 04 22:23:35 #13 /app/code/lib/private/Server.php(423): OC\Files\View->__construct()
Feb 04 22:23:35 #14 /app/code/lib/private/AppFramework/Utility/SimpleContainer.php(169): OC\Server->OC\{closure}()
Feb 04 22:23:35 #15 /app/code/3rdparty/pimple/pimple/src/Pimple/Container.php(122): OC\AppFramework\Utility\SimpleContainer->OC\AppFramework\Utility\{closure}()
Feb 04 22:23:35 #16 /app/code/lib/private/AppFramework/Utility/SimpleContainer.php(136): Pimple\Container->offsetGet()
Feb 04 22:23:35 #17 /app/code/lib/private/ServerContainer.php(154): OC\AppFramework\Utility\SimpleContainer->query()
Feb 04 22:23:35 #18 /app/code/lib/private/AppFramework/Utility/SimpleContainer.php(45): OC\ServerContainer->query()
Feb 04 22:23:35 #19 /app/code/lib/private/Server.php(1272): OC\AppFramework\Utility\SimpleContainer->get()
Feb 04 22:23:35 #20 /app/code/lib/base.php(635): OC\Server->boot()
Feb 04 22:23:35 #21 /app/code/lib/base.php(1192): OC::init()
Feb 04 22:23:35 #22 /app/code/console.php(31): require_once('...')
Feb 04 22:23:35 #23 /app/code/occ(33): require_once('...')
Feb 04 22:23:36 #24 {main}
Feb 04 22:23:36 box:tasks updating task 11284 with: {"percent":100,"message":"Done"}
Feb 04 22:23:36 box:tasks updating task 11284 with: {"completed":true,"result":null,"error":null,"percent":100}
Feb 04 22:23:36 box:tasks setCompleted - 11284: {"result":null,"error":null,"percent":100}
Feb 04 22:23:36 box:taskworker Task took 1.954 seconds

Why not use the excellent MiroTalk for this functionality?

Awesome! Would love to help with SSO. Any pointers where to start for hacking on that?

This appears to just be an SES wrapper?

why not use element/matrix? already packaged for cloudron.

Any update on this ? Where is the roadmap being set ? How can i help hack on this and send a PR?

Would it be possible to allow the policy to be set period ? That way sites with higher security requirements can meet federal / enterprise standards ?

@james Oh is this something that actually needs to be changed in the app json to make OIDC integration work at all?

I am attempting to get a brand new installation of VaultWarden working with Cloudron OIDC SSO.

I have already very carefully read over:

https://docs.cloudron.io/user-directory/#openid-connect
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect

to produce the below (redacted) config.json..

https://my.knownelement.com/openid/.well-known/openid-configuration/


https://my.cloudron.example/.well-known/openid-configuration 
https://my.cloudron.example/openid/.well-known/openid-configuration


 SSO_AUTHORITY : the OpenID Connect Discovery endpoint of your SSO

    Should not include the /.well-known/openid-configuration part and no trailing /
    $SSO_AUTHORITY/.well-known/openid-configuration should return the a json document: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse



{
  "domain": "https://passwords.knownelement.com",
  "sends_allowed": true,
  "incomplete_2fa_time_limit": 3,
  "disable_icon_download": false,
  "signups_allowed": false,
  "signups_verify": false,
  "signups_verify_resend_time": 3600,
  "signups_verify_resend_limit": 6,
  "invitations_allowed": false,
  "emergency_access_allowed": true,
  "email_change_allowed": false,
  "password_iterations": 600000,
  "password_hints_allowed": false,
  "show_password_hint": false,
  "admin_token": "heavily-redacted :) ",
  "invitation_org_name": "KNEL Password Vault",
  "ip_header": "X-Forwarded-For",
  "icon_redirect_code": 302,
  "icon_cache_ttl": 2592000,
  "icon_cache_negttl": 259200,
  "icon_download_timeout": 10,
  "http_request_block_non_global_ips": true,
  "disable_2fa_remember": false,
  "authenticator_disable_time_drift": false,
  "require_device_email": false,
  "reload_templates": false,
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "admin_session_lifetime": 20,
  "increase_note_size_limit": false,
  "dns_prefer_ipv6": false,
  "sso_enabled": true,
  "sso_only": true,
  "sso_signups_match_email": true,
  "sso_allow_unknown_email_verification": false,
  "sso_client_id": "redacted",
  "sso_client_secret": "redacted",
  "sso_authority": "https://my.knownelement.com",
  "sso_scopes": "openid email profile",
  "sso_pkce": true,
  "sso_callback_path": "https://passwords.knownelement.com/identity/connect/oidc-signin",
  "sso_auth_only_not_session": true,
  "sso_client_cache_expiration": 0,
  "sso_debug_tokens": false,
  "_enable_yubico": true,
  "_enable_duo": true,
  "_enable_smtp": true,
  "use_sendmail": false,
  "smtp_host": "mail",
  "smtp_security": "off",
  "smtp_port": 2525,
  "smtp_from": "passwords.app@knownelement.com",
  "smtp_from_name": "Vaultwarden",
  "smtp_username": "passwords.app@knownelement.com",
  "smtp_password": "redacted",
  "smtp_auth_mechanism": "Plain",
  "smtp_timeout": 15,
  "smtp_embed_images": true,
  "smtp_accept_invalid_certs": true,
  "smtp_accept_invalid_hostnames": true,
  "_enable_email_2fa": false,
  "email_token_size": 6,
  "email_expiration_time": 600,
  "email_attempts_limit": 3,
  "email_2fa_enforce_on_verified_invite": false,
  "email_2fa_auto_fallback": false
}

I suppose I can increase logging to see if that helps.

Vaultwarden keeps asking for a master password, even though I've disabled that and set sso only.

As I have said, I'm deploying a FLO stack (with Cloudron at the core) into a startup that I'm building (as CIO/CTO). We have to be CMMC compliant. Making sure Cloudron works on a 100% compliant base system is the first milestone. While you may not consider them issues, they do need to be addressed to be compliant. That's "my problem". If a fully compliant base system causes an issue in Cloudron , that's "our problem".

While you, and many Cloudron users may not care about CMMC/HIPPA/SOC/PCI compliance, I (and my board) do. I'm also building a small side business which will sell Cloudron as a service (pre setup/configured, all applications have admin password changed, admin passwords stored in Bitwarden) (the new Bitwarden SSO makes that possible without bootstrapping issues) and it will have CMMC/SOC/PCI/HIPPA compliance (at the higher tier).