AppFlowy

I think I will try to package this application next
Simply waiting for my other app to be accepted, so I can improve my packaging

I've had some time this week to work on this topic. So here is where I am at the moment.
I packaged an app for cloudron, it does seem to be working properly. (I let you guys have a look/test as it is my first try at packaging for cloudron)

The only thing I can't get to work is the streaming part. (eg a child node stream to my cloudron node which is a parent), my best guess is that the reverse proxy used by cloudron doesn't send the tcp stream to the container but only http. But I don't know how to configure/fix that.

The netdata configuration file is in /app/data/etc so to set up streaming you can add a file stream.conf using the file explorer and restart the app

Infos I can give :
Command used to install : cloudron install --image cvachery/netdata-app:v1.44.1
Github : https://github.com/aylham/cloudron-netdata
Docker image : docker pull cvachery/netdata-app:v1.44.1
Netdata doc on how to setup streaming : https://learn.netdata.cloud/docs/streaming/understanding-how-streaming-works#enable-streaming-between-nodes

I would be nice to have this app as a webui for Ansible :
Website : https://www.semui.co/
Doc : https://docs.semui.co/
Github : https://github.com/ansible-semaphore/semaphore

It's already packaged in docker, and should be able to support OIDC so should not be to diffucult to use Cloudron accounts for login

And because I don't want to necrobump the only other topic about semaphore and LDAP on this forum is a know issue on semaphore side

@girish Licence file added

Just to let you know that I updated my package to add the sendmail package (to enable email notification) and bump the upstream version to 1.44.3

Title pretty much says all.
Would it be possible to use the Cloudron logins as the base for auth when enabling host protection?
It is not very user friendly to have to set up accounts manually in the config file.

On the same idea does anyone know if it's possible to protect only certain rooms?

Litlle bump here to see where we are on that subject as it's been a while?

Thanks for the reply @girish
I don't know how I missed this option.
It does work now when the TCP port is defined (it is the same as httpPort, but it does have to be explicitly enabled)

Anyway it is now working as expected, their even is the host metrics on the overview.
Still have some quality of life configuration changes to do but the app is functional

@girish Depending of the tests I can have a look and maybe give it a try if that can help you

And also from the developers :

I would like to clarify that the pricing details currently displayed on our pricing page pertain exclusively to our cloud-based version. We are in the process of developing a distinct pricing structure for our self-hosted solution, which will encompass a variety of offerings and commitment levels tailored to meet diverse needs.

So maybe wait as well for the self-hosted business model to be finished

I did the same but ticked Allow all users from this Cloudron
Thing is @jdaviescoates by default anyone can create/join a room. But I want to restrict room creation to logged in users and anyone can join with the link.
And when activating those parameters is when problems arise.

Hello,

I'm currently looking at this topic at the moment and maybe it would be possible to split this issue in two different subject.

I understood that the main issue to add netdata to cloudron as an app is the capabilities required from the docker image to be able to collect all the metrics of the host. Which I understand is a problem as it challenge the whole security design actually implemented.

But would it be conceivable to deploy netdata as a cloudron app with limited monitoring capabilities as a known limitation. I know that it can seems counter-productive but I have a specific purpose for which it could be useful : Using this netdata instance as a parent node to centralize all the metrics from different children and use the ldap/proxyauth addon of cloudron to add authentication to the WebUI
That would be a really great use case for me.

And concerning the other subject of actually collecting the data of the cloudron host using netdata. IMHO a tutorial on how to deploy it with docker and /or docker-compose, and the firewall configuration needed would be enough for most admin I think.

When you self-host like this you can't use the add node feature or sign in button as those as netdata cloud only as @simon said.
But you can configure your nodes to stream their metrics to your master node and therefore have a centralized node with all your metrics. I'm using the v2 of the Web-UI and don't have any issue with it so far.
And what is not shown in simon screenshot (well it is the blurred part right under the sign-in button) is that you can have a more detailed view for each of your node too.

I don't say that netdata must be use for the monitoring of the Cloudron host (even if it kinda works by default) as I understand that you don't want app accessing the host (but the agent could be installed and stream to a master node/cloud if people want), but it is a great tool to have to monitor all the other servers of your infra and will be very nice to have on Cloudron.

Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specific URL

@MiroTalk said in Use Cloudron Logins for host protected settings:

@avatar1024 said in Use Cloudron Logins for host protected settings:

Otherwise, while guest cannot enter the app base domain without a login, they can still create rooms freely by creating a url: mirotalkappprefix.mydomain.com/join/roomname

@MiroTalk is that behaviour intended?

Not a behaviour intended! I'm considering a refinement where guests are only allowed to join specified rooms that have already been created by authenticated users. This approach might offer better control and security. Will be released in the next version.

Mar 19 09:49:52 box:taskworker Starting task 1060. Logs are at /home/yellowtent/platformdata/logs/tasks/1060.log
Mar 19 09:49:52 box:tasks update 1060: {"percent":1,"message":"Backing up netdata.example.com (1/2)"}
Mar 19 09:49:52 box:tasks update 1060: {"percent":21,"message":"Snapshotting app netdata.example.com"}
Mar 19 09:49:52 box:backuptask snapshotApp: netdata.example.com took 0.026 seconds
Mar 19 09:49:52 box:services backupAddons
Mar 19 09:49:52 box:services backupAddons: backing up ["localstorage","proxyAuth"]
Mar 19 09:49:52 box:tasks update 1060: {"percent":21,"message":"Uploading app snapshot netdata.example.com"}
Mar 19 09:49:52 box:shell backup-snapshot/app_03cfa8c6-9930-4b76-8604-a9de46be6f08 /usr/bin/sudo -S -E --close-from=4 /home/yellowtent/box/src/scripts/backupupload.js snapshot/app_03cfa8c6-9930-4b76-8604-a9de46be6f08 tgz {"localRoot":"/home/yellowtent/appsdata/03cfa8c6-9930-4b76-8604-a9de46be6f08","layout":[]}
Mar 19 09:50:03 box:tasks update 1060: {"percent":21,"message":"Uploading backup 41M@4MBps (netdata.example.com)"}
Mar 19 09:50:13 box:tasks update 1060: {"percent":21,"message":"Uploading backup 55M@1MBps (netdata.example.com)"}
[...]
Mar 19 13:51:39 box:tasks update 1060: {"percent":21,"message":"Uploading backup 55M@0MBps (netdata.example.com)"}

On my side backup are stuck on this line (It's been on for a while now.
Don't know if it's related but the percentage is the same and symptom seems identical (no upload speed).
And my backup is done to local filesystem so it should be a problem of network

Hello @girish,
Any chance you had time to have a look a this?

And hopefully it will do the job.
I use my package as a parent node since I released it without any issue but more usage will be helpful

By default every agent can dispaly a dashboard for itself. You can however stream your metrics to a parent node and deactivate the web interface in the children nodes.
This is the way I'm using it at the moment, my parent node is on Cloudron and all my children stream their metrics to it. The auth is done with an API key ( doc here )
I'm not sure actually how my metrics are reaching netdata behind the ProxyAuth. Maybe they stream as UDP and the proxy is only for TCP?

Wouldn't it be possible to have an option passed to the Cloudron to let the user choose if he wants to use postgres or mysql?

Yes I did but it not "urgent" but I need to move my mattermost instance ASAP so cloudron it is

I did see it but as I don't when it will be available I decided to move on. I guess I will be able to move from MySQL to PostgreSQL anyway in the future

And to answer my own question I missed a flag in the command --import-path /app/data/files/ which tells mattermost to look in this folder.

It could be nice to add it to the documentation and in the same way edit the command to add the new path /app/code/EDITION/bin/mattermost where EDITION can be either team or enterprise