For those that would be interested. I have just created a live stream on Youtube for Sunday 21.06. 14:00 (CET). During that stream I want to show a bit how to make a Cloudron app and will use Matterbridge as the example for it.
I would timebox the whole stream to a max of two hours, lets see how far I'll get in that time, maybe I won't even need that much time.
There will be an unedited recording of the stream later on.
You can follow the stream at https://www.youtube.com/watch?v=RKcH2yJiLUo
Hi,
I'm thinking about creating a Cloudron app that uses fetchmail to fetch external mailboxes and deliver their mails to local accounts. Depending if I find a good example for a config ui this would then be configurable either from a small web ui or by simply editing the fetchmailrc file from the console.
Anyone else interested?
Hello everyone. See you on half an hour at https://youtu.be/RKcH2yJiLUo!
@msbt said in Proposal: Free-Tier Alterations 
:
Not sure if paying for updates defeats the purpose of having a secure system with rolling auto-updates
Exactly. I think it's bad practice to hide things like updates and 2FA behind an extra paywall.
Plus it was like this in the past already and was changed for the very same reason: you don't want to have people with vulnerable old versions out in the wild.
I recently talked to the CEO of Humhub and also made him aware of Cloudron and this topic. He said that they are currently busy with investigating ways to automate deployments in container scenarios and once that is solved they would be open to collaborate on an app for Cloudron.
@girish said in What's coming in 6.4:
I added a last item "Make it easy to install non-app store apps".
That is great news. In case you do not yet have a better idea how this could be designed, I want to pitch the way this is organised in Portainer again. I explained it already a while back in https://forum.cloudron.io/topic/4485/proposal-the-cur-cloudron-user-repository/14?_=1626194230000. Basically a local admin can override/extend the entries from their official "appstore". Additional entries are defined in a json structure. When opening the Cloudron appstore it makes a request to https://my.cloudron.host/api/v1/appstore/apps which gets a json response with all the appstore data. What if opening the store would in addition to this also make a request to https://user:password@store.my.domain/apps.json and also show a category "community" that lists apps from this json listing. Plus points if the listing can be password protected (like the private docker registry). This could also be a nice revenue model for external app developers.
Replying here since this is the largest collection of ldap specific topics on this forum.
My cloudron installation is around longer than the cloudron external ldap support. When configuring an external ldap users with a conflicting username (same username already exists on cloudron) get skipped on synchronisation. Which is generally a good thing. But I still wanted to transfer password management for some of these users to my ldap.
This can be done by running the following command from the shell of the cloudron host (only change the-user-i-want-to-change to the actual user):
mysql -uroot -ppassword -e 'update users set source="ldap" where username="the-user-i-want-to-change";'
While native support for OAuth has recently been removed from Cloudron users can still utilise OAuth 2 and OpenID Connect (oidc) to authorize users thanks to the built in OpenID Provider of the Kopano Meet app.
Under the hood Kopano Meet uses OpenID Connect to sign users into the application and this functionality is provided through Kopano Konnect, which is bundled inside of the app and pre-configured to allow Cloudron users to login. This article will show how to extend the configuration of Kopano Konnect to allow other apps to make use of OpenID Connect.
Requirements:
Nextcloud only serves as an example most users will probably already be familiar with, any other app allowing login through oidc can be configured in a similar way.
In the below configuration snippets I am going to use the domain meet.9wd.eu for my Kopano Meet installation and cloud.9wd.eu for my Nextcloud installation. Make sure to use your actual domain names during the configuration.
To modify the configuration of Konnect you need to login at your Cloudron dashboard (which is usually available at https://my.your-comain.com) and open the terminal view of the Meet app (Look for "Console Access" in the settings of Meet). Here you need to open /app/data/konnectd-identifier-registration.yaml in an editor and add the following text to the end of the file:
- id: cloud.9wd.eu
application_type: web
name: Nextcloud Cloudron
trusted: true
redirect_uris:
- https://cloud.9wd.eu/index.php/apps/sociallogin/custom_oidc/CloudronMeet
Important: the redirect url must match the "internal name" specified during the social login configuration later on
After the file has been modified restart Konnect by running supervisorctl restart kopano-konnectd (alternatively the whole meet app could be restarted, but this is faster).
The rest of the configuration is done inside of Nextcloud.
To configure Nextcloud for oidc you first need to login with an admin level user and install the "social login" app inside of Nextcloud. After the app has been installed you have go into its settings (which are located at https://cloud.9wd.eu/settings/admin/sociallogin) to configure it.
I recommend to have the following general configuration settings set in the app:
This will mean that new users will first need to login through the "traditional" Nextcloud login and then from within their user settings link their oidc login to Nextcloud. This will be further explained once oidc is generally setup in Nextcloud.
Further down in the settings add your own "custom OpenID Connect" provider. You need to fill in the following values:
redirect_uris in konnectd-identifier-registration.yamlhttps://meet.9wd.eu/.well-known/openid-configurationOnce this is setup log out with your admin user account and you will see another login button on the Nextcloud login page titled "Kopano Konnect (Cloudron)".
Before the user can use oidc to log into Nextcloud, he need to link his existing Cloudron user to it. For this log into Nextcloud like you have done in the past and afterwards go into the settings of the user. Here you will now find an option called "social login" (the url will be similar to https://cloud.9wd.eu/settings/user/sociallogin).
Users need to manually connect their existing Nextcloud account with the oidc identity.
At this menu item you will find a section called "Available providers" with a button underneath that will read "Kopano Konnect (Cloudron)". Click this button once to link your Nextcloud account to your new OpenID identity. In case you have previously not been logged into Meet you will be asked for your credentials for this (which are your normal Cloudron credentials).
Once your Nextcloud account has been linked you can easily switch between Nextcloud and Kopano Meet without having to login again.
This article has also been published on my blog.
@d19dotca said in Cachet - status page system:
I think the more common ones to Cachet is StatPing, ..
I played around with statping today. What intrigues me about it (apart from it being written in golang) is the ability to use custom webhooks and even own scripts for notifications.
App is located at https://git.cloudron.io/fbartels/statping-app/, but surely can use some more polish. But it is generally in an "it works" state.
@girish that's a very nice feature. I recently had to give a WordPress developer the admin role on our production Cloudron since he needed access to the logs/terminal/file browser. This will make this a lot easier for the future.
thanks for proving my point that one cannot have a discussion with you 
Issue about this in the Nextcloud app integration: https://github.com/ONLYOFFICE/onlyoffice-nextcloud/issues/421
This looks like it should be possible with OnlyOffice 7.1.0 onwards. Cloudron seems to be using 6.3.1. correction: the 7.1.0 seems to refer to the version of the Nextcloud app integration, not the version of the onyoffice software itself.
@wexlerj said in Major bunch of issues related to technical transition out of DigitalOcean:
Of course I could burn the latest version of Ubuntu and reinstall it - but I have sensitive data on my current machine and want to avoid this if possible.
Another reason why this would have been a bad idea is that Cloudron is designed to be installed on a freshly installed system and take over full control of the machine. When you say its a laptop, then this could imply that you already (apart from that "sensitive data") also a desktop environment and other applications already installed on the system. All these are very likely to collide with future operation of said system as a Cloudron host.
Another critical question if I may. Is this now your fifth or sixth account on this forum or did I miss some in between? Why are you constantly deleting your user account whenever you shift your focus to something else and why is it always some variation of your name when coming back?
@potemkin_ai said in update domain names with the cli (yet another topic):
Is there something I'm missing with passing token as a header?
It needs to be -H "authorization: Bearer $TOKEN".
@nebulon "after every successful login" may be an unlucky way to say it. But something like a "broadcast message", a "message box just above the app list", simply a way to inform the users about, for example planned downtime, without relying on email. That would be great.
@timconsidine on the topic of oidc. There is a fully featured oidc provider within the Kopano Meet app. For internal use I have even separated the oidc provider into a separate app.
I did write down how to configure external apps on cloudron against it in https://blog.9wd.eu/posts/cloudron-oidc-nextcloud/
@potemkin_ai said in update domain names with the cli (yet another topic):
I need to make it in command line (cli).
Like I said, if its part of the web ui, then you can easily trigger it from the cli with curl. Just checked it myself and this is the request that gets sent (from the network console and then selected "copy as curl"):
curl 'https://my.cloud.ron/api/v1/cloudron/renew_certs' \
-H 'authority: my.cloud.ron' \
-H 'sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"' \
-H 'dnt: 1' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'authorization: Bearer my-token' \
-H 'content-type: application/json;charset=UTF-8' \
-H 'accept: application/json, text/plain, */*' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'origin: https://my.cloud.ron' \
-H 'sec-fetch-site: same-origin' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: my.cloud.ron' \
-H 'accept-language: en,de-DE;q=0.9,de;q=0.8,en-US;q=0.7,nl-NL;q=0.6,nl;q=0.5,zh-TW;q=0.4,zh;q=0.3' \
--data-raw '{}' \
--compressed
(in the above example there are parts that can easily be removed)
Hi @potemkin_ai,
generally I think it would be a better solution to use a dns provider that supports dns validation.
@potemkin_ai said in update domain names with the cli (yet another topic):
I understand I can do it GUI
Is that a typo? If its possible to do this in the gui then you just need to check which requests/commands it sends to the server when doing so. This is how I sniffed the requests I needed to make to trigger a full box backup and poll for its completion.
The api is also described at https://docs.cloudron.io/api.html