For those that would be interested. I have just created a live stream on Youtube for Sunday 21.06. 14:00 (CET). During that stream I want to show a bit how to make a Cloudron app and will use Matterbridge as the example for it.
I would timebox the whole stream to a max of two hours, lets see how far I'll get in that time, maybe I won't even need that much time.
There will be an unedited recording of the stream later on.
You can follow the stream at https://www.youtube.com/watch?v=RKcH2yJiLUo
Hi everyone,
I saw a post yesterday on Reddit showing how to use the Google Cloud free tier to run Uptime Kuma. One of the alternatives for free hosting mentioned in the post was fly.io and since their tooling intrigued me I have since then started hosting Uptime Kuma on their platform (combined with notifications through Telegram to be as independent from my own infrastructure as possible).
Their free tier includes a vm to run own code or a docker container along with 1cpu and 256mb of ram. this can be coupled with a persistent storage volume of 3gb, so plenty of resources for Uptime Kuma. In addition to this they allow usage of own domain names so you can have your status page at https://status.mydomain.com instead of on one of their subdomains.
All you need is the following toml file to deploy the Uptime Kuma container on fly.io:
# fly.toml file generated for mykuma
app = "mykuma"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[build]
image = "louislam/uptime-kuma:1"
[mounts]
source="kuma"
destination="/app/data"
[env]
PORT = "8080"
[experimental]
allowed_public_ports = []
auto_rollback = true
[[services]]
http_checks = []
internal_port = 8080
processes = ["app"]
protocol = "tcp"
script_checks = []
[services.concurrency]
hard_limit = 25
soft_limit = 20
type = "connections"
[[services.ports]]
force_https = true
handlers = ["http"]
port = 80
[[services.ports]]
handlers = ["tls", "http"]
port = 443
[[services.tcp_checks]]
grace_period = "1s"
interval = "15s"
restart_limit = 0
timeout = "2s"
The configuration refers to a volume called "kuma", which needs to be created before the app can be deployed by running flyctl volumes create kuma.
I have written a bit more in detail about on on my blog: https://blog.9wd.eu/posts/flyio/ (first draft status, may need refinement)
WireGuard
automation from homelab to enterprise
Create Manage Automate
️ WireGuard Networks
(Uses the native Wireguard apps for the clients, so already very mature tried & tested open-source for that part of the overall)
Hi,
I'm thinking about creating a Cloudron app that uses fetchmail to fetch external mailboxes and deliver their mails to local accounts. Depending if I find a good example for a config ui this would then be configurable either from a small web ui or by simply editing the fetchmailrc file from the console.
Anyone else interested?
@girish said in Incorporate a WAF built into cloudron:
it should totally possible to move to apache instead of nginx for the reverse proxy, with some effort
I'm not sure if moving from Nginx to Apache is a very "modern" decision. There has been a buzz on this forum about Crowdsec a few weeks ago, maybe this would another approach that is possible (although the downside seems to be that you lock people into a third party SaaS).
In regards to reverse proxies. I recently spent quite some time working with apisix, which is basically nginx/openresty with an additional manage api in lua. It can get its route configuration either from etcd or a yaml file (other backends could afaik be implemented as plugins). And since its based on Nginx its quite fast.
Hello everyone. See you on half an hour at https://youtu.be/RKcH2yJiLUo!
Hi,
I am not using it myself, but could imagine this being useful to others. Looking at their deployment structures this only needs node and a postgres database.
I recently talked to the CEO of Humhub and also made him aware of Cloudron and this topic. He said that they are currently busy with investigating ways to automate deployments in container scenarios and once that is solved they would be open to collaborate on an app for Cloudron.
Since I am always missing notifications in Cloudron (don't log into the dashboard often enough) I decided to add a monitor for it to Uptime Kuma.
"notifications":[]360 (could be higher however, I don't need instant alerts for new notifications)Since the api only works with auth, we also need to send a header for this. For this paste the following in the "Headers" field:
{
"authorization": "Bearer xxx"
}
The xxx needs to be replaced with a valid api token, which can be created in the user profile.
Everything you can see on the Cloudron dashboard comes from the Cloudron api. So if further checks are needed I always recommend to pop out the network console and check which endpoints get requested for the data you need.
A post of @luckow has made me interested in baserow (which is already available as an app on Cloudron). With it you can define databases and fill these through a form. It already has the ability to trigger a webhook if an entry was created.
At the moment the webhook payload cannot be freely defined, but if it would add this feature one could make a simple sign up page for Cloudron. User would be created, but sadly one needs to make multiple requests to also send out an invitation mail and to add the user to groups. But this way the admin can decide on their own if the signup should be confirmed.
Currently, Hermes supports Google Workspace. Once users login to Hermes, they can create document drafts using Google Docs.
That does not sound like it's very suiteable for self hosting (at least it is tightly integrated with the Google ecosystem)
It kind of sounds like then classic "i am running my cloudron on my server at home" scenario. Cloudron recently gained a functionality to act as a reverse proxy for other services. This could be used to connect your other services.
The question is: how did you expose your other servers before and is there a way to include cloudron in this configuration.
@girish yes, to see the actual price its still a few more clicks from that page. but 39€ is what i found as well.
@girish I managed to find the info at https://standardnotes.com/help/self-hosting/subscriptions
I was just investigating an expired certificate on one of my Cloudron systems and wanted to leave a note here.
The app in question uses manual dns settings for reasons that are beyond my control, but port 80 is publicly available so that using lets encrypt should be no problem.
Looking at the logs below "Renew certificates" was sadly empty. I guess these have been rotated since the last certificate was issued.
Restarting the app had this bit in the apps logs, which means the certificate must have been successfully renewed back in december, and only the webserver has not been restarted since then.
Jan 25 12:02:44 => Start supervisor
Jan 25 12:02:44 box:reverseproxy providerMatchesSync: subject=CN = lx.example.com domain=lx.example.com issuer=C = US, O = Let's Encrypt, CN = R3 wildcard=false/false prod=true/true issuerMismatch=false wildcardMismatch=false match=true
Jan 25 12:02:44 box:reverseproxy expiryDate: notAfter=Mar 25 11:10:49 2023 GMT daysLeft=59.00561143518519
Jan 25 12:02:44 box:reverseproxy needsRenewal: false
Jan 25 12:02:44 box:reverseproxy ensureCertificate: lx.example.com acme cert exists and is up to date
Jan 25 12:02:44 box:reverseproxy writeAppLocationNginxConfig: writing config for "lx.example.com" to /home/yellowtent/platformdata/nginx/applications/fdda3359-5b81-4228-b4cb-1f5dfe8a3436/lx.example.com.conf with options {"sourceDir":"/home/yellowtent/box","vhost":"lx.example.com","hasIPv6":true,"ip":"172.18.17.213","port":8080,"endpoint":"app","redirectTo":null,"certFilePath":"/home/yellowtent/platformdata/nginx/cert/lx.example.com.cert","keyFilePath":"/home/yellowtent/platformdata/nginx/cert/lx.example.com.key","robotsTxtQuoted":null,"cspQuoted":null,"hideHeaders":[],"proxyAuth":{"enabled":false,"id":"fdda3359-5b81-4228-b4cb-1f5dfe8a3436","location":"/"},"upstreamUri":"","ocsp":true}
Jan 25 12:02:44 box:shell reload spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
hmm.. I think it depends on the actual website. A status code in the range of 400-499 would be a return code that signals a kind of error (file not found, or unauthenticated). So if you normally curl your website and get a 403 then it would make sense to use it.
Generally I would say even if you only monitor because you want to get a certificate expiry I would monitor for the expected http return as well. If the / of your website is huge, you could create some kind of dummy file on your webserver that you query instead. For a wordpress site I am monitoring I am querying the license file for example.
@timconsidine no troubles with Vikunja on my end. Have been using it already for quite some time. Especially since its a pwa frontend performance and mobile usage is very good in my opinion.
Maybe worthwhile exploring why the app goes into not responding state/what makes it fail the Cloudron healtcheck.
@mpeterson0418 Oh, I am not using Guac personally, so I cannot really help here.
@mpeterson0418 even if its using different urls Guacamole is configured under the hood to use Cloudron for authentication (no one first needs to head to their Cloudron dashboard, but can directly log into Guac).
And once you have enabled the external ldap integration for your Cloudron all members on your ldap can log into Cloudron and therefore apps that use the Cloudron user management.
@mpeterson0418 said in Guacamole Configuration:
Windows AD LDAP server
In that case it may also be interesting to learn that you can connect your whole Cloudron to your AD. Look at https://docs.cloudron.io/user-management/#external-directory for more information.