RE: Bitwarden - Self-hosted password manager

Happy New Year everybody!

Just learned how to deploy a custom app using Bitwarden as the test, but seeing as it should be delivered soon, figured I'd wait for the more official release. So on that note... is there any ETA yet for this app @girish or @nebulon by any chance? If it's going to be a month or two I may start with the custom app, but figured if it'd be just another week or two (or just less than a month), then I'll just wait it out.

Thanks again for all the work you guys do - including everyone else in this thread, as I was able to learn a lot from reviewing everything you all wrote!

Just curious how others organize their Cloudron "My Apps" dashboard. Do you use the labels feature much or just descriptive app URLs to keep them organized? Do you bother with tags? And if you use tags, what are some examples you do to solve problems?

I currently have about 20 apps deployed across roughly 12 domains, and am not having too much difficulty yet with organization but I can imagine a year or two down the road (if I'm still using Cloudron which I assume I will be for now) I may run into issues keeping everything straight in the Dashboard, so figured I'd see what problems people have run into and what they've done to solve them when it comes to organizing their apps.

Any ETA for when 4.2 will be released? Or is it too early to tell yet?

@will This is definitely a discussion and not a support issue. Is something broken in Cloudron? No? Then it’s not a support issue.

I would love to see this project be usable on something like CentOS, but that’s really more because I’m just more experience with CentOS than I am with Ubuntu, not so much for the privacy concerns you raise.

Cloudron simply requires the OS be Ubuntu, it doesn’t require that Ubuntu telemetry be enabled. You’re welcome to disable it all before installing Cloudron and Cloudron will continue to work as its intended to work. You are the admin, you need to maintain your Ubuntu configuration to match your needs. If you require telemetry be disabled, then simply disable it.

If your concern is more the fact that Ubuntu collects telemetry “by default”, well... everyone using Cloudron is likely familiar and technical enough to be comfortable tweaking systems and ensuring that the defaults are actually what they desire and changing anything that isn’t matching their expectations. The same as how one goes through Settings on iOS periodically to make sure everything is as they want it.

If you are THAT concerned about the telemetry data being collected on Ubuntu by default, then simply don’t use the software that requires Ubuntu until it reaches a point where it can support other operating systems too. The team at Cloudron is small, moving to support an entirely different operating system is no small/trivial task, so even if they decided today to move to CentOS it’s probably going to be at least half a year of effort if not much longer than that to be fully matured on CentOS.

Ultimately it’s worthwhile to always consider “risk vs reward” and what data is actually being collected that constitutes a “risk to user privacy”. Personally I don’t care if the company behind Ubuntu knows the resource usage and uptime of my server. That isn’t a “privacy risk” in my opinion because that aren’t actually collecting any user generated data, they’re collecting statistics in that case. However it would be a completely different story if they were also copying over user filesystem data which would contain my emails and website data, client data, passwords, etc.

In summary:

• the suggestion to move to something like CentOS I fully support, I’d love to see that be done.
• in the meantime, you need to make a decision: use Cloudron on an OS you apparently don’t trust, or delay using Cloudron until it supports an OS that you trust.
• if you choose to go with using it still for now on Ubuntu, simply disable the telemetry data collection in Ubuntu to better meet your expectations/use-case.
• this is a discussion not a support case since Cloudron is not broken nor having any issues. Cloudron does not require Ubuntu telemetry be enabled in order to work. Also, it is always up for discussion on how much of an impact the concern you raised impacts people and everyone is going to have a differing opinion on it as to how it will impact them. Just because you may greatly care about one thing doesn’t mean others will care as much as you do nor even care at all.
• gathering telemetry (whether at the OS level or application level) does not automatically equate to “spying”, it all depends on how that data is being used and what benefits may come from it, IMO. And this is my point, others will agree with this and others will disagree. That’s why it’s a discussion.

@murgero You're right, it'd likely be less of a burden if moving just to Debian. My comment however was made explicitly stating CentOS as the target OS rather than Debian (that would be my preference only as I'm more experienced with it, but Debian works too).

Maybe as an alternative to the "open source" filter idea, it could be filtered on if it needs a paid license to run the program as-is? Of course there are always paid support options and paid add-ons/features, but as long as the base product which ships as-is requires a license or doesn't require a license, it'd be good to know that so people don't deploy Confluence for example assuming they can use it like most of the other apps for free and then realize they need to pay for it.

But assuming we go with the "open source" filter idea, my two cents to address the concern from @luckow is that as long as the base project/app has it's source code available, then it's tagged as open source. Because paid add-ons and paid support plans for the app doesn't diminish the open source nature of the original base project. Right? Maybe I'm missing something but it seems to me it'd be something fairly simple like that where we only look at the base project. Add-ons that aren't open source doesn't necessarily "void" the open source nature of the base project/app.

I was going to write a blog post on this one day but here is a quick summary of what I found in moving roughly 12 WordPress sites to the WordPress app in Cloudron...

1. Use the All-In-One WP Migration plugin (https://wordpress.org/plugins/all-in-one-wp-migration/) to export the site, being sure to check the boxes in advanced section that say "Do not export must-use plugins" (if you don't do this it will overwrite the must-used plugins for LDAP authentication in the Cloudron implementation of WordPress)

2. Setup a new base WordPress site in Cloudron, and add in the same All-In-One WP Migration plugin. Now import the site file that was created in step one above.

3. After it's done importing, restart the WordPress site in Cloudron so that it can re-connect it's must-use plugins (initially I find access is lost to the main LDAP admin user until a restart).

4. Once in using your LDAP admin user, remove any old admin user and replace with the new one if you wish, and clean-up any unnecessary plugins and themes that are there by default.

Not only did I find this to be the quickest method but also the safest in terms of not losing anything at all. When I tried the Cloudron blog method it just seemed like a lot of extra work for me. But maybe that's because most of the sites I've designed aren't simple blogs, so maybe their method is still better for simple blog sites.

Enjoy.

@heliostatic Coincidentally GoatCounter was requested here just last week: https://forum.cloudron.io/topic/2091/goat-counter

Hello,

I noticed recently (likely a bug I'm guessing as it seems to only started in the latest version) that the Graphs page only seems to show a few apps memory usage. It used to show every app broken out in the chart, but it seems to randomly only show anywheres now from 2-6 or so at a time in my experience over the last week. It seems to be different on reboot of the server. For reference, I have 19 apps that are running on this same (and only) server. So I'd expect to see all of them in that graph/chart.

Any assistance would be greatly appreciated.

I think I have stumbled across a bug or possibly more of a missing security workflow that should definitely exist.

I had tried enabling and then later disabling the SSH "support access" function from the Support page in my Cloudron server. When I later went to the Event Log page, I noticed that function enable/disable was never displayed in the table on the Event Log page.

I'm unsure if this is a bug or something that just was overlooked in the design, but I'm sure you'd agree that something as critical as enabling or disabling remote SSH access to a server containing a lot of data should most definitely be properly logged and shown on the Event Log page too.

I recently had to change a mailbox owner to a different user, and realized that I hope that's logged somewhere in the system in case there's any issues after a recent change it'd be easy to audit for both functional and security reasons. But I realized the Event Log does not audit such an event. I strongly believe changing ownership of a mailbox should definitely be included in the Event Log feature due to the impact it can have security-wise.

Thoughts on that? Hopefully that's something easy to implement and not too much work for the Cloudron team. Hate giving you more to do, haha, I just think this one is an important thing to be included in the Event Log.

For what it's worth, I have used Rspamd as part of a server I hosted using the Hardware/Mailserver docker containers, and out of the box it was a huge improvement to spam filtering for me. Unfortunately since moving to Cloudron's mail server, I'm getting way more spam going straight to my inbox with no real way of configuring it further either. Would love to see this improved, and Rspamd may be a big piece of the puzzle if my previous experience is anything to go by.

Possibly related, unsure, but for what it’s worth I actually preferred the old UI for configuring an app. It seems the new way just involves at least one extra tap/click and doesn’t really solve anything, at least not in my own use of the product. Totally get the minimalism approach and I’m generally a fan of that but in this case the UI for configuring an app seems like it went back a step. Just my two cents. Maybe there’s a “meet in the middle” approach that would work better from how it was before to how it is now? It still works for me so that’s the most important part. Haha.

When deleting a mailbox, I get the following message: "After deletion, emails to this mailbox will bounce. Note that the mailbox data is not removed."

How do I completely get rid of all history of that account and it's corresponding data? What I had was email1@example.com while testing and now have settled on email2@example.com, and want to remove email1@example.com from the server while ensuring the catch-all is set to email2@example.com so that emails addressed to the email1@example.com still carry over to email2@example.com. However the way the message is worded, it almost seems like email to email1@example.com will bounce instead of progressing in the form of catch-all to email2@example.com.

Can you please clarify how this works exactly, and if anything further needs to be done to remove the mailbox data itself from email1?

Sorry if this is a newbie question (somewhat new to Cloudron) but how does one install this as a community app? I have the option for unstable apps showing enabled, but I do not see Bitwarden in the list of apps I can install. Am I missing something?

Hello,

A minor feature request (really more an enhancement) but would really help when needing to manually run through something where many mailboxes or mailing lists exist... It'd be great if we had the ability to sort the tables. So for example, we could sort the mailboxes table by Name, Owner, Aliases (although this one would be tricky as it'd only sort on the most alphabetic nature of the aliases listed with the mailbox), etc. Same for mailing lists, where we could sort by Name and List Members (mostly Name is the main one to sort with though).

Or even if an interim enhancement would be to just sort automatically by Name in each list, that'd be helpful. Because right now when I add a new mailing list for example, it just adds it at the bottom and later on it's still there, meaning I cannot see at a glance if a mailing list exists that I may be wanting to double-check, because it's not sorted properly so I then need to use the Find functionality of my browser.

Hopefully the above makes sense.

@d19dotca said in How does the memory management work with regards to "low on resources" message when deploying a new app?:

be improved though to be clarified or with a link to the documentation where a new section would be written about memory management and how it works.

Ah okay, thank you for the clarification. I had just added an edit to my post at the same time as you confirmed it too.

Might I suggest this be improved though to be clarified or with a link to the documentation where a new section would be written about memory management and how it works. I'm in support for my day job so I always go "How can I keep users from needing to contact me", haha, and basically write out as much documentation as needed to prevent calls and stuff. This may make it easier for users going forward too as you have more onboard to Cloudron.

I can vouch for it, I use it myself and several clients as well, without issues. There were some initial growing pains in the migration from a previous email host to Cloudron such as aliases/mail lists limitations and such. But @girish has been extremely helpful and in a matter of probably just two months or so all the email limitations I had after moving to Cloudron were gone. It's a solid server feature.

I agree with you and @girish seems to as well in adding support for Quotas and improved spam controls, would be great to have those. Always room for improvements, but the way it is right now seems to already be a solid choice, and I'd throw my hand up to vouch for it.

I noticed there's a request in the Git for Cloudron to better expose the Spam settings as it's basically a blackbox right now, but in the meantime I was wondering how to change the default of "5" for marking spam in SpamAssassin, if I wanted to make it 4 for example, how would I do that? And would that change stay throughout reboots or be overwritten on reboot? And if it doesn't make sense for making this change yet, is there an ETA for 4.2?

@murgero No, I came from hardware/mailserver docker containers, which is located here for reference: https://github.com/hardware/mailserver

It was one of the best mail server suites I had hosted. I moved to Cloudron for saving money as I no longer wanted to have a dedicated mail server when I had to have one for Cloudron too, and while it's been a good experience overall I can't seem to get the spam filtering to work at all off my marked spam messages from the spam folder. It seems to block some at the SMTP level when it receives a message that's on the blacklist, however it seems like it's completely not capable of learning anything from my spam folder. Most messages are very similar in subject, content, format, etc. There are 193 messages in my Spam folder right now since just July 12th, so just over half a month. Almost every single one of those originally ended up in my inbox, several a day, that I have to manually move over to the Spam folder in hopes of it learning it.

It's always possible something is wrong in my install maybe, and I'm happy to troubleshoot that, but in my personal experience SpamAssassin really isn't as effective as Rspamd from the different mail servers I've hosted over the years. Once I moved to Rspamd, it was as if it caught 98% of my spam and they showed up in the Spam folder as desired. Right now I'd say maybe 5% show up in my spam folder under the Cloudron mail server.