Ethereum node app

Create an Ethereum node app. This is very similar to any Golang based app (e.g. https://git.cloudron.io/cloudron/prometheus-server-app) where you just launch the binary inside a container.

@marcusquinn thank you very much

Is there any way to mark this thread as solved or a moderator/admin has to do it?

@marcusquinn thank you for your extra tips and comments on the cloud provider side, really appreciated I am already using CloudFlare (without the proxy -- just DNS) and I'm really happy with the service. It's not that I am not experienced to configure all those things by hand, but my current daily work is being an SRE for Kubernetes, so the last thing I need right now is to spend my off-work hours to work-related topics

Anyway, I would most likely go with Hetzner to give them a try, so you made them a customer.
My current internet speed at home is a 250 VSDL. See:

Is that good enough? I guess it's OK, but only production usage will tell.
Wireguard is my second step in the process. First I need to make sure this setup works with OpenVPN so to avoid any compatibility/legacy hiccups -- and then as soon as I have a proof that cloudron can redirect the traffic, I suppose I can easily switch to to Wireguard for better speed.

So from what I understand, after setting up the DNS Server (on remote VPS) and the Cloudron server (at home), I have to tell Cloudron to use tun0 (https://docs.cloudron.io/networking/#dynamic-dns). Right? In that case the SSL certificates will use the IP Address taken from the tun0 interface -- that would be the private/local network of the VPS.

It normally comes from your VPS provider, not your ISP. And you can normally change it.

@jdaviescoates I have cloudron installed at home.

@girish in my case it's even easier because I my router (fritzbox) has a setting that bypasses NAT completely and my machine (only one) is exposed in the internet.

tldr; I don't have any problem with the way it is; everything is working fine for me. This is just a feature request for the future. Not a necessity, but a nice to have.

@girish I restarted the app, it's working now. I have created an admin and the federation works (just searched for your instance as described in the docs)

Restarting the app is good work-around for IT, so I would not push further for this. Maybe some env variable is not present at first but gets available later. In the meantime, just make sure this information (restarting the app) is mentioned in the docs -- unless it's easier/faster to solve this.

@nebulon there was no error reported by cloudron. The issue was that if I tried to curl, there was nothing returned back (I don't remember the exact reply -- sorry for that). Basically it was like nginx was not routing properly, as if nothing was running at the subdomain.

I am using jitsi as well, if I could host this via cloudron that would be amazing.

I tried with another device to make sure this is not a cache problem. In any case, I found out that if I change the domain later then it works fine. Sadly I don't have a good reproducer or logs to provide for this.

If this happens to anyone else, this is a workaround:

1. Uninstall the app from domain A
2. Reinstall the app to domain B
3. Move the app domain from B to A

It should work.

curl panos.domain.com
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>

but
curl -L panos.domain.com
works

something seems fishy with the redirection.

Install an app to panos.domain.com
then uninstall this app.
then install again this app to panos.domain.com

This doesn't work.
You have to use another domain. Picking another domain solves the problem.
Why?

Create an Ethereum node app. This is very similar to any Golang based app (e.g. https://git.cloudron.io/cloudron/prometheus-server-app) where you just launch the binary inside a container.

@ericdrgn to find the correct ports, login to your cloudron server and run:

# docker inspect $(docker ps | grep synapse | awk '{ print $1}')  | grep CLOUDRON_TURN_TLS_PORT

# Output:
"CLOUDRON_TURN_TLS_PORT=5349",

And run again:

# iptables -L | grep 5349

# Output:
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 3478,5349
ACCEPT     udp  --  anywhere             anywhere             multiport dports 3478,5349

So in my case this is the port and the firewall on my machine is configured properly. I do NOT have another external firewall to block this. Please check if you are using any other firewall blocking this port. To verify if something is blocking those ports, try from another PC:

sudo nmap -p 5349 -sUT <yourdomain>

The expected output should be:

PORT     STATE SERVICE
5349/tcp open  stuns
5349/udp open  stuns

Note: yourdomain means example.com.

To find out if the TURN server is running:

# ps ef `pgrep turnserver`

The expected output should be:

    PID TTY      STAT   TIME COMMAND
   2170 ?        Ssl    1:22 /usr/bin/turnserver -c /run/turnserver/turnserver.conf --pidfile /run/turnserver/turnserver.pid CLOUDRON_REALM=<YOURCLOUDRONINSTANCE> HOSTNAME=turn PWD=/ HOME=/root GOR

or check the container:

docker ps | grep turn

fd3541325e01        cloudron/turn:1.1.0                                                     "/app/code/start.sh"     4 days ago          Up 29 hours

May look at the logs of the turn server when you try to do the call.

@ericdrgn it should be enabled by default -- at least I hope it is. If it's not this is a major issue for the service.

Are you using this is behind a firewall/NAT? If so, you have to open the respective TURN server ports.

@ericdrgn my experience so far:

AV (audio/video) calls between two persons (Direct) works without an issue. If you have an issue there, it's most likely because of the TURN server. Quote from Matrix.org:

Do I need a TURN server?

VoIP calls should work if both parties are on public networks. However, in practice one (or both) devices are often behind NAT, and so having a TURN server is important to help set up the call.

My issue is that group calls doesn't work, e.g. being inside a Room, when I try to start a videocall, it crashes

@girish in my case it's even easier because I my router (fritzbox) has a setting that bypasses NAT completely and my machine (only one) is exposed in the internet.

tldr; I don't have any problem with the way it is; everything is working fine for me. This is just a feature request for the future. Not a necessity, but a nice to have.