What's the largest Cloudron you have seen?

@3246 We are using a company called SSDNodes. Our largest Cloudron is a 12CPU, 48GB, ~1TB SSD. We are hosting large mailboxes in addition to apps and wanted lots of extra space for growth. SSDNodes is U.S. based but have datacenters everywhere (https://www.ssdnodes.com/data-center). We are 5 months into a multi-year contract and zero issues:) I would only place "long-term" loads with SSDNodes as they require at least a 1-year commitment. The longer you contract, the more you save.

Here is a referral link if someone is interested: https://www.ssdnodes.com/manage/aff.php?aff=2481&register=true (FYI, I will use any referral fees received to benefit the Cloudron community rather than me personally.)

@humptydumpty So I asked my favorite tool for some help on your list of "bad Gmail actors" and here is a detailed analysis for your consideration: https://www.perplexity.ai/search/please-review-the-attached-gma-BjXGrt4qR_er6c45dse5Vw .

I found myself curious as to whether those email addresses even exist. Unfortunately Gmail does not have a "finger" API and there are limited options within Spam Assassin for handling this directly. There were some ideas on combining Spam Assassin's rule-based tagging with a Sieve filter. Here are the details for your consideration: https://www.perplexity.ai/search/does-gmail-have-the-ability-to-jePfq628TDeod5jDVoYU2Q

I thought I would ask my favorite AI tool a more practical question (assuming Team Cloudron wanted to move to Podman): "How can Cloudron migrate from a Docker architecture to a Podman architecture"? The answer (https://www.perplexity.ai/search/cloudron-is-based-on-a-docker-EEoZGv7DRaKfZhG21OrgsA) is ugly, and in short order... not going to make sense. Unless Docker became unsustainable from a licensing or cost perspective in the future, the costs and risk are huge and the benefits unclear. And a gradual migration does not seem technically possible/advisable either.

@humptydumpty Happy to try to find a possible pattern and rule using AI. Post the gmail addresses if you want me to try.

@d19dotca Many thanks for sharing this. I'd like to suggest another addition based on one nasty abuse I've seen: unsubscribe links that use http instead of https, hoping that browser security blocks/warnings will cause users not to follow through and unsubscribe. Anyone not using https for anything these days is not worthy of my time:) This puts them where they belong:

# Rule to detect unsubscribe links that do not use HTTPS
body UNSUB_LINK_HTTP /unsubscribe.*http:\/\//i
describe UNSUB_LINK_HTTP Unsubscribe link does not use HTTPS
score UNSUB_LINK_HTTP 10.0

@wmlutz It's not a matter of scope. Even sending 10 emails could trip the spam filters. And your comment about a newsletter indicates "broadcast" (a/k/a marketing) not transactional. If you are sending the same email to 350 people in the same batch, then this is considered "broadcast"/marketing. It's not my definition, it's how inbox providers see your domain/traffic. You need to use the correct type of traffic or you will eventually be blocked/banned. It doesn't matter about Cloudron config, Mailgun vs. Postmark. Move your traffic to a platform that sends via outbound marketing streams.

@wmlutz Checkout Postmarkapp.com. They do a great job as long as you separate transactional from broadcast (marketing) messages. I can't speak about Ghost email config, but all you need is their endpoint, port and username/password which looks like Ghost supports. Suggestion: establish a sender signature by adding DKIM, Return-Path DNS records and you can send from any email address on your domain.

@Kubernetes Thanks for sharing your experiences. I can see definite advantages of picking a cloud vendor and sticking with them for ease of migrating snapshots and VPS backups. We tend to do that, but then cloud vendors are always introducing surprises (price increases, bandwidth limits, etc) that make you question whether your current provider is worth keeping. So far I haven't found a way to take a snapshot from Vendor A and restore it to Vendor B, but perhaps it is available from a 3rd party.

@scooke Appreciate the history you shared. I got concerned after reading about some throttling and reduced performance (especially on NVMe which seems to be a shared resource). But I trust your experience more than some random person(s) on Reddit. Did they ever explain why the IP address change? I would hate to have to update DNS for 50 domains. @Kubernetes Do you perform test restores using either your Cloudron or VPS backup? I just used a backup for migration to a new server, but now I have a lot more content to protect. Been thinking that a restore test should be performed at regular intervals.

@scooke That is really great to hear. Have you seen any significant changes in their approach to cloud hosting over the past 7 years?

Agreed with everyone on SSDNodes. They have a great value proposition for committed servers. The best value is when you are willing to pay 3 years in advance. For a Cloudron server this make perfect sense. @scooke how long have you used SSDNodes? I've been using them for the past 4 months with zero issues. In the future I am thinking about migrating some large production loads but was a little hesitant as they were less known (at least to us). @luckow We are running 45 mailboxes across 23 domains, but we have a fairly large server (SSDNodes). We are doing this with SoGo and ActiveSync which is a resource hog. But one thing I did was set up another Cloudron and adding subdomains for several of our larger customer domains and hosting email archives for them. The benefit is several-fold: smaller current email boxes = faster search. Smaller current email server = less storage required for backups. Archived emails require less frequent backups and less retention since the data does not change.

@BrutalBirdie Yes. Are Cloudron Users and Groups "synced" into SFTPGo? BTW, I checked and backup is working perfectly. And it's funny how life works sometimes. I wasn't sure that I would use SFTPGo. Until I found out that one of my vendors was not properly backing up a server. Their preferred solution: providing an external SFTP server. And voilà... you packaged SFTPGo. And it just works. And it integrates with Cloudron backup. Many thanks!

@timconsidine You are so right. The best day for Team Cloudron is one in which there are no updates. I give @girish @nebulon @joseph an enormous amount of credit for the job they do. As someone who rolls out ~ monthly updates to users, every time that happens I pray that me and my team didn't miss something important. But it happens to all of us, despite good processes and best of intentions. But 8.3 will be replaced shortly with 8.3.1 and then 8.4 and then 9.0. And this difficult day will be replaced in everyone's memory by the great things that are yet to come!

@luckow Just wondering if the starting length was 4mm and what you are really saying is that you shaved off your beard and the itching stopped:) FWIW, I have had a beard for longer than I can remember. Occasionally, it itches. Not sure why this happens, but hang in there.

@joseph Really helpful, thanks. That was the missing link for me. I now have a working user who can log into the SFTP server. Uploading a file worked. All is right with the world (or a least this small corner). Appreciate your efforts, @girish and especially @BrutalBirdie for making this available.

I think your suggestion of setting up a default mount point for user_files is excellent. Making sure it integrates with Cloudron backup (see question below) would be great. Lastly, a mistake I made (but quickly rectified) was the default SFTP port. Standard is 22, but SFTPGo chooses 2022 (good idea) but it is easy to miss. Perhaps adding a note to the app documentation that SFTPGo does not use standard service ports?

A couple of follow-up questions (still learning a lot about Cloudron):

• Is Cloudron the correct owner for /app/data/user_files or is yellowtent or www-data more appropriate?
• What is the difference between these 3 owners {Cloudron, yellowtent, www-data}?
• To have /app/data/user_files (and all user folders underneath) backed up as part of the normal Cloudron backup process, what (if anything) in the way of extra configuration is necessary?
• This app seemed to allow Cloudron users and groups to be assigned access but logging in using a user with access permission did not work. Is there a configuration change required? Or is the linkage only via LDAP or OIDC?

@BrutalBirdie Changing the port to start at 40100 solved that problem. I ran into another (after changing the admin password). When I tried to create a user, it would not allow me to save the user because of a missing Home directory. I tried to update the sftpgo.json file and add a key in the common section like this: "users_base_dir":"/app/data" to establish a default. I'm not sure if that is the correct absolute path, but after restarting SFTPGo with the new config, I ran into the same "Home page missing" error. And there does not seem to be a place in the interface to create one when adding a user. What am I missing?

@jdaviescoates We use a service called DNSMadeEasy. They've been acquired by DigiCert. They have a lot of nice features and reasonable prices that allow you grow in small increments. In our "package" a certain number of DNS queries are included. If we exceed the limit, we can buy more queries. Our practice was to use the lowest TTL possible, often using a value of 180. But as customer web traffic grew, we got closer to our limit. To prevent an overage, we increased TTL strategically which reduced queries. Hope this answers your questions.

@BrutalBirdie It looks like a docker container is using those ports:

dockerd 1130 root 324u IPv4 8340333 0t0 TCP *:40028 (LISTEN)
dockerd 1130 root 325u IPv6 8340334 0t0 TCP *:40028 (LISTEN)

And here are the details of PID 1130:

─1130 /usr/bin/dockerd -H fd:// --log-driver=journald --exec-opt native.cgroupdriver=cgroupfs --storage-driver=overlay2 --experimental --ip6tables --userland-pro>

Any ideas?

@girish Ran into an installation error after allowing the default port selections:

An error occurred during the install operation: Docker Error: (HTTP code 500) server error - driver failed programming external connectivity on endpoint 081ea546-42d2-43b3-8f87-0e27dec7d643 (06966450f28f844cdfb93632f6f00c811cbe180d1504ab7c67288971b6d3fa25): failed to bind port 0.0.0.0:40028/tcp: listen tcp4 0.0.0.0:40028: bind: address already in use

Attempting a re-install did not work.

@jdaviescoates If you pay for DNS queries, increasing TTL reduces your cost (or keeps you below the threshold where additional payment required). But setting a TTL of 3600 (1hour) when you are not planning on making changes vs. 300 (5 min) when you are going to make changes is sensible. But I've seen some ridiculous 86400 (1 day) values too.