How to Properly Set Up Multiple Directus Environments (Dev, Sandbox, Prod) on Cloudron?

@jdaviescoates correct

@robi i didn't saw any documentation on that

@jdaviescoates yes issue is Data priority on production

@jdaviescoates i tried multiple things for synching and app start creating data integrity errors.

@james, the problem is that, as you said, production will always have priority over data. Let's say I create a clone from production to work on a sprint. After one week of work, if all is good, the sandbox will be ready to be deployed on production. At that time, production will have new data. How to handle that? Because Directus on Cloudron only supports one database, it cannot be linked with another at that crucial time. CI/CD comes into play, which I am trying to figure out. 🤯 #Production #Data #Deployment #CI/CD #Database #Sandbox

The problem is managing the consistency as a pipeline methodology between environments like"development", "sandbox" and "production".

Where if all 3 apps are on same version how could i push code changes from dev to Production. Because of Metadata postgress to postgree sql migration even with a paid tool like Devarts PostgreSQL Studio failed

Hi Cloudron team and community,

I’m planning to deploy Directus on Cloudron and would like to structure it properly from the beginning with three isolated environments:

Development

Sandbox / UAT

Production

Since Directus uses internal system tables (directus_collections, directus_fields, directus_relations, etc.), I want to avoid schema conflicts or corruption when promoting changes between environments.

I’m aware that tools like pg_dump, Devart, or traditional SQL export don’t handle Directus metadata well, so I’m exploring directus schema snapshot / schema apply for schema promotion and version control.

Before I begin, I’d appreciate help with:

1. What’s the best way to set up three separate Directus instances (e.g., directus-dev.domain.com, directus-sandbox.domain.com, etc.) on a single Cloudron server?

2. Will I run into any issues running multiple Directus apps on the same box, each with their own PostgreSQL database?

3. Any best practices or gotchas for syncing schema and config across environments using CLI-based snapshots?

4. If needed later, can Directus apps on Cloudron be CI/CD integrated (e.g., via schema promotion scripts) without breaking Cloudron’s update flow?

I'm aiming for a clean, maintainable setup that supports Git-based schema tracking and safe production deployments. Any community-tested advice or examples would be very helpful.

Thanks in advance!

@thetomester13 are you on a vps or personal cloud?

I have another ubuntu instance with portainer and by internal ip i use cloudron app proxy and even for extra security i put cloudroon sso oauth on top of it i even use wazhu, supabas and many other so instead of having nginx reverse proxy manager seperately i use cloudron

I was also looking for this option but too lenghty to make a custom app on cloudron and due to these limitation i deployed portainer on intranetwork and proxy the portainer gui with cloudron app proxy as its on a seperate ubuntu and i have PG, MSSQL and MongoDB their

so their is a separate feature in Unify gateway to filter content with options None, Work and Family i selected work. the problem was if you select either of Family or Work firewall was migrating traffic to be on open resolver regardless of Network settings. i turned off that feature and it worked out.

@girish finally i figured out the problem it was Unifiy Gateway (it was Using content filtering in order to moderate the traffic and using dns once i turned off that for all turned green and so far since last 3 hours its green.

@girish already

@girish i have 24.04 and ipv6 is disabled

@girish I am the second person having this problem my isp is Verizon fios with static ip and they provided specific dns instructions and i doubled checked my cloud xg gateway from unify it shouldn't use dnsec but still spamhouse is block this is i am getting false positive

i restart netplan after applying dns directly in netplan provided by netplan and it came negative but after few seconds it went back again to positive please see the next picture below

worked fine on selfhost ubuntu 24.04 on 3 separate instances

mine is happening randomly

IP Address Blocklist Check Issue - False Positive on SpamHaus Zen

Issue Summary

I am experiencing an intermittent issue where Cloudron reports that my server's IP (xx.xx.xx.xx) is on a blocklist, specifically SpamHaus Zen. However, when I manually check on the SpamHaus website, my IP is not listed.

Environment Details

• Self-hosted Cloudron instance
• Unbound DNS service is running
• Firewall is not encrypting DNSSEC
• PTR (Reverse DNS) records are correctly configured

Observations

• The error disappears randomly at times, and Cloudron shows no issue.
• However, most of the time, the blocklist warning persists.
• PTR (reverse DNS) records are correctly set up and resolve fine.
• This seems to be an issue related to DNS resolution or Unbound's behavior rather than an actual blocklist listing.

Troubleshooting Steps Taken

1. Manually checked my IP on SpamHaus’s official website – IP is not listed.
2. Restarted Unbound to see if it helps resolve any DNS caching issue.
3. Verified PTR (Reverse DNS) records – confirmed they are properly configured.
4. Confirmed DNSSEC settings – firewall is not encrypting DNSSEC, so that shouldn’t be affecting the lookup.

Questions & Assistance Needed

• Has anyone else encountered similar false positive blocklist checks in Cloudron?
• Could Cloudron’s Unbound service be returning outdated/cached blocklist results?
• Any recommended steps to debug Unbound’s DNS resolution for blocklist lookups?

Any insights or suggestions would be greatly appreciated. Thanks in advance!

Today, I encountered the same error again. Although this thread is closed, I wanted to share the issue I discovered and how I resolved it.

I’ve been running Cloudron on my local cloud, and until yesterday, I was using a Cisco Meraki MX. However, due to outdated equipment, I recently upgraded to a UNIFI cloud setup. Unfortunately, my IP address started appearing on the Spamhaus blacklist. When I checked the Spamhaus website, it didn’t list my IP, so I thought the issue was elsewhere.

After some troubleshooting, I found that Unbound wasn’t providing any useful information. I decided to take a closer look at the logs, where I found the following entries:

2025-02-23T05:53:25.125Z box:mail checkRblStatus: myinboxZZZlabs.com (flippedIp: 123.456.111.111) is in the blocklist of {"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org"}
2025-02-23T05:53:25.125Z box:mail checkRblStatus: myinboxZZZlabs.com (error: null) (txtRecords: [["Error: open resolver; https://check.spamhaus.org/returnc/pub/123.456.111.111/"]])
2025-02-23T05:53:30.178Z box:mail checkRblStatus: myinboxZZZlabs.com (ip: 111.222.333.444) blockedServers: [{"name":"SpamHaus Zen","dns":"zen.spamhaus.org","site":"http://spamhaus.org","txtRecords":["Error: open resolver; https://check.spamhaus.org/returnc/pub/123.456.111.111/"]}])
2025-02-23T05:53:33.085Z box:apphealthmonitor app health: 17 running / 14 stopped / 7 unresponsive

At this point, I shifted my attention to the new security gateway. While configuring the firewall policies, I realized that I had enabled the "Encrypt DNS via Google/Cloudron" option. After disabling this setting, the email system immediately came back online.

Solution Summary:
The root cause was the "Encrypt DNS via Google/Cloudron" option causing issues with DNS resolution and email functionality.
Solution: Disable "Encrypt DNS via Google/Cloudron" in the security gateway settings, which immediately restored the email system.
I wanted to share this here so others experiencing the same issue can benefit from the solution. I hope it helps!