RE: Moodle - Package Updates

[1.1.4]

• Update Moodle to 3.10.4
• Release notes

Pushed a change that makes the filenames of backups more readable. It's just app_<domain>_vVersion.

root@my:/var/backups/2021-05-09-000811-352# ls
app_test.cloudron.work_v1.1.3.tar.gz

[1.4.2]

• Update WBO to 1.10.2
• Full changelog

@girish said in What's coming in Cloudron 6.3:

As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.

This is now done! Now the boxdata only contains the mysqldump and email.

root@my:/home/yellowtent/boxdata# ls -l
total 900
-rw-r--r-- 1 yellowtent yellowtent 913492 May  7 06:00 box.mysqldump
drwxr-xr-x 9 yellowtent yellowtent   4096 May  4 07:34 mail

I am looking into moving mail as a separate backup just like an app. That way in future releases we can restore mail data (mailboxes) independently of box code just like apps.

@imc67 does restic backup faster to CIFS with your existing data size?

@d19dotca No problem for tagging me I will take a look at this along with other mail related stuff before the next release (i.e so that any required fix is in the coming release).

@cleveradmin Per this comment, we can set the TZ environment variable. There is a /app/data/env file inside the rocket.chat app that is sourced on start up - https://docs.cloudron.io/apps/rocket.chat/#environment-variables . Can you try adding export TZ=America/Brasilia in the env file and restart the app to see if it helps?

@xevotech What are the contents of /app/data/php.ini ? It seems there is some syntax error. Note that you have to restart the app for the php.ini changes to take effect.

POP3 support is quite easy to add. It's just some lines in dovecot config and some adjustments to the firewall.

Anyone know why gmail only supports only POP3 but not IMAP? After all one can fetch mails using IMAP and then delete the mail to get POP3 style functionality no?

@xevotech You cannot put in a systemd service file because the app is running in a container and the container itself has no systemd inside it.

Not an expert on laravel but there are two ways:

• In the startup script, start the queue worker in the background - https://docs.cloudron.io/apps/lamp/#custom-startup-script . So, sudo -u www-data /usr/bin/php /var/www/app/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 &

• Alternately, you can put this in the crontab - https://docs.cloudron.io/apps/lamp/#cron-support . So, 0 * * * * sudo -u www-data /usr/bin/php /var/www/app/artisan queue:work --queue=high,standard,low --sleep=3 --tries=3 --stop-when-empty (the stop-when-empty is needed so that the queue worker quits when the queue is empty).

Would either of the above work?

@enesaydogan that gives me a good hint. Are you trying to install this in the bare domain? Do you get the same error if you install it in a subdomain?

To increase memory for mail, you have to go to Services -> Mail -> increase the limit. Changing memory for rainloop/roundcube/sogo won't help since they are just frontends to the mail server.

@vladimir-d please try now

@vladimir-d What's your id on gitlab?

For future reference, the CPU is AMD Phenom(tm) II X4 965 Processor and flags

Flags:                           fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm 3dnowext 3d
                                 now constant_tsc rep_good nopl nonstop_tsc cpuid extd_apicid pni monitor cx16 popcnt lahf_lm cmp_legacy svm extapic cr8_legacy abm sse4a misalignsse 3dnowpre
                                 fetch osvw ibs skinit wdt nodeid_msr hw_pstate vmmcall npt lbrv svm_lock nrip_save

That was quick. They recently got acquired - https://www.musictech.net/news/industry/audacity-acquired-muse-group-ultimate-guitar-musescore

OK, so the older ghost release indeed works. Just to take a guess, the package tryghost/image-transform updated from 1.0.3 to 1.0.11. This library uses sharp which in turn uses libvips. Looks like one of these libraries is having trouble running on your CPU.

Not sure what can be done, maybe we can wait for a newer Ghost release to see if it fixes the problem.

I have installed Ghost on your server using /#/appstore/org.ghost.cloudronapp2?version=3.171.3 which installs Ghost 4.3.3 and disables automatic updates. Maybe you can keep checking in a release or two to see if things improve.

@awnzky indeed, I see that whenever an image is uploaded, core is dumped on your server. This happens to any image upload not just icon and logo. Just uploading some image in a test blog post also dumps core.

[2021-05-07 03:20:28] INFO Ghost database ready in 1.239s
[2021-05-07 03:20:31] INFO Ghost booted in 4.062s
[2021-05-07 03:20:40] INFO "GET /" 301 7ms
Illegal instruction (core dumped)

BTW, I did a quick check to see if there was some regression and it does seem to work fine on my mail server.

@humptydumpty That should work. If you see the raw email headers, you will also see:

X-Spam-Report: 
	*  100 USER_IN_BLACKLIST From: address is in the user's black-list

One thing I can think of is that maybe the email address that you are looking at is wrong. If you see the raw email headers, do you see that the email addresses match Return-Path and X-Envelope-From ?

@mastadamus right, the spamlists won't work if those lookups get blocked. Currently, if the lookups fail, the mail server will simply go ahead and try to detect spam via spamassassin. It's just one of the metrics for spam detection. I guess it's fine if it's working OK for you without it .

@mastadamus Right, so Cloudron has it's own recursive resolver called unbound and all the DNS requests from the apps go through unbound. The main reason for this is that email servers require to do what is called DNSBL lookups (the zen.spamhaus.org requests that you see) and these lookups will not work if the request comes from Google DNS and other DNS servers. They only work if it comes from your own DNS server. This is because they just blacklisted all the popular DNS servers whole sale, I guess due to spam/load.

unbound can be configured to forward all requests to another internal DNS server - https://docs.cloudron.io/networking/#internal-dns-server . This is quite technical, so if it doesn't really matter, I would leave things as-is but hopefully this explains why DNS requests from Cloudron do not go via your router's DNS or your internal DNS server.

@infogulch Great progress! Do you know if they have any plans for just storing things in the filesystem? Why does a note taking app have to store on minio/s3? Notes cannot possibly require so much space no?

Agreed, I think we should open up a separate app request for this minio console.

@onlybro Can you maybe paste the error message in the oom mails? They should give an indication of what is running out of memory.

[1.13.1]

• Update HedgeDoc to 1.8.1
• Full changelog
• Improve behavior of the 'Quote', 'List', 'Unordered List' and 'Check List' buttons in the editor to automatically apply to the complete first and last line of the selection
• Fix click handler for numbered task

[1.3.2]

• Update AdGuard Home to 0.106.2
• Full changelog
• Uniqueness validation for dynamic DHCP leases (#3056).

[1.1.2]

• Update Koel to 5.1.3
• Full changelog

@scooke Maybe the redis went corrupt. Looks like it is just a cache for the app, maybe you can try clearing it:

• First make a note of the app id.
• If you do docker stop redis-<appid>
• rm /home/yellowtent/platformdata/redis/<appid>/dump.rdb. This clears the previous redis database.
• docker start redis-<appid>
• Restart the app as well to re-establish redis connection

[1.4.1]

• Update WBO to 1.10.1
• Full changelog

[1.5.1]

• Update Navidrome to 0.42.1
• Full changelog
• [Spotify-ish] Fix incorrect aspect ratio of logo on login screen (#1072)
• [Spotify-ish] Fix active page indicator (#1068)
• [Scanner] Fix ffmpeg extractor not detecting album covers when used with ffmpeg 4.4
• [Scanner] Allow SIGUSR1 to trigger scan even when ScanInterval = 0

[1.2.2]

• Update Ampache to 4.4.2
• Full changelog
• If you have an MBID in your artist, use that for last.fm queries
• Larger artist images when you don't have a text summary available
• Expanded artist, album and podcast thumbnails to reduce blank space
• Update album tags first when you update artist tags

@marcusquinn said in Chirpstack for LoRaWAN:

@girish what's your preferred way to review for submission - repo on git.cloudron.io?

yes, please.

@xevotech Is this the LAMP app?

@awnzky Can you try on the demo instance ? https://my.demo.cloudron.io/ (username: cloudron password: cloudron) .

@mdreira Thanks for the detailed response!

I guess step 1 is to make the mail queue visible from the Cloudron Mail side and also have throttle/rate limits and then we have to take it from there. We use Haraka as our mail server and the closest it has for rate limits is http://haraka.github.io/plugins/rate_limit/ . There is no real queue management but there is a status plugin to somewhat monitor it and send commands - http://haraka.github.io/plugins/status/ . Have to look into these further.

@awnzky I tried this quickly on a fresh Ghost site and it seems to work for me. What is the crash you see in Ghost?

@jdaviescoates said in Firefox Send - Simple, private file sharing from the makers of Firefox:

I guess someone could conceivably pick up and run with the source code, but I'm not going to hold my breath

Someone did - https://github.com/timvisee/send

Digging deeper I found this issue - https://github.com/minio/minio/issues/9837 . From there, I found that there is another admin UI for minio (?) - https://github.com/minio/console which looks way better than the current one. It's unclear to me why these are separate projects and how they are tied together.

There's some LDAP setup docs at https://github.com/minio/console/blob/master/DEVELOPMENT.md . Also this blog post - https://blog.min.io/new-minio-console/

My understanding is that LDAP is only for the STS integration and not for login and minio dashboard. (STS is a token service where services can request a temporary access token from access key and secret).

@jdaviescoates ah, thanks for the reminder. Redeployed - https://www.cloudron.io/store/com.github.bitwardenrs.html

@nj You can try systemctl restart box which I think will bring them back to running. Can you try that?

@eddowding There doesn't seem to be a DNS entry at all. Can you check if www entry is there in cloudflare?

$ host www.roundbear.org
Host www.roundbear.org not found: 3(NXDOMAIN)

[1.51.1]

• Update GitLab to 13.11.3
• Release announcement

This doesn't directly answer your question but might help debugging. You see the "You have found a Cloudron out in the wild" page when you point an arbitrary subdomain to the Cloudron server IP. It is essentially a "I have no clue what this domain page is" page.

With the above understanding, the first step is to make sure that Cloudron knows about this subdomain. For example, if you just put a DNS CNAME record to Cloudron server, this is not enough. Cloudron needs to know about this new subdomain you added - this is required so that it can setup certs and also setup nginx to serve the right app (if you have 10 apps on your server, what should Cloudron serve up for this subdomain?).

The way to let Cloudron know is to use redirects - https://docs.cloudron.io/apps/#redirections and I suspect this is what you are missing. Just add the "www" in the redirect section of the app in Cloudron dashboard. Some specific apps also allow aliases - https://docs.cloudron.io/apps/#aliases

@mdreira Just reading the docs a bit more, I am not unable to understand how it works.

It seems Mautic uses RabbitMQ to queue the mail instead of sending out the mail instantly. What's not clear is what happens next.

a) Does the mail server directly read from RabbitMQ?

b) Or does mautic read them from RabbitMQ and send to mail sever via SMTP? It seems it is the latter and one has to run mautic:messages:send job to send emails.

(If it's b, as a further question, I don't quite get what value the queue adds since all mail servers have a queue of their own anyway. What is the issue with mautic sending mails directly? Generally, a mail queue is useful when the email sending is to be made asynchronous. But isn't mail sending already async in mautic with cron jobs? AFAIK, mails are never sent immediately.)

[1.7.0]

• Project renamed from BitwardenRS to Vaultwarden
• Renaming announcement
• Update Vaultwarden to 2.21.0
• Add support for enabling auto-deletion of trash items after X days, disabled by default
• Updates to the icon fetching, making it more reliable in detecting icon types

I have published the new release as well which contains the UI changes for the project rename.

I have renamed the forum section, docs etc now.

[1.28.0]

• Update Monica to 3.0.1
• Full changelog
• big changes in asset pipeline
• fix deploy on fortrabbit with version number (#5139) (c5394af)
• fix import job without subscription bypass (#5147) (fbac248)

[1.13.0]

• Update HedgeDoc to 1.8.0
• Full changelog
• CVE-2021-29474: Relative path traversal Attack on note creation
• Removed dependency on external imgur library
• HTML language tags are now set up in a way that stops Google Translate from translating note contents while editing
• Removed yahoo.com from the default content security policy
• New translations for Bulgarian, Persian, Galician, Hebrew, Hungarian, Occitan and Brazilian Portuguese
• Updated translations for Arabic, English, Esperanto, Spanish, Hindi, Japanese, Korean, Polish, Portuguese, Turkish and Traditional Chinese
• CVE-2021-21306: Underscore ReDoS in the marked library

@onlybro Yes, I will try to debug this a bit later this week.

@moonmeister Might also be interesting if you contact the photoprism team itself for packaging this. If they are interested, we can help them out (but you can pay them alone). AFAIK, they are also a small team and any help them get would be appreciated by them.

Good catch. It indeed says "Use this if you are getting too much traffic at once from people opening pages or opening emails.". So , the queue is not for email processing, it's really for the callbacks (like 1 pixel images) in the email or if someone clicked on a link in the email.

@mastadamus I don't quite understand the problem (I also don't know what this screenshot is of and how Adguard DNS is tied into all this). Is it that you are using the Adguard DNS (the SaaService) and are wondering how to make Cloudron use it?

@drsum1 said in Cloudron Pricing and Licensing Help:

And I can't ever see my free instances on the cloudron.io site.

If you can send us a mail to support@cloudron.io with your Cloudron domain name and also your cloudron.io account, we can look into why it's not appearing. Thanks!

@nikosgpet Right, so the databases are strictly "internal" to the server and locked down for security purposes. There is no way to expose them to the outside world without creating a ssh tunnel. So, I think something like that you did is pretty much the only way.

Does DataGrip have a way to connect via SSH tunnel (for example, like mysql workbench) ? If so, you can do something like this instead of running sql_redirect container - https://forum.cloudron.io/topic/3237/remote-sql-support-on-a-per-app-basis/2

OK, I have made a fix to source in /app/data/.bashrc in web terminal. This requires a new Cloudron release, so it will be in next release.

If you use the CLI tool, just update to 4.11.0 and the cloudron exec will automatically source in that file with the current Cloudron release (6.2.8)

It seems bash has a argument --rcfile. So, we can just fix it when we invoke the docker exec.

@girish said in What's coming in Cloudron 6.3:

As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.

A big chunk of this landed today. Certificates also need to be migrated to the database, that should be done tomorrow. Essentially, from the next release, /home/yellowtent/boxdata will only contain mail server data and nothing else since everything has moved to the database. I will probably take this opportunity to separate box backups and mail backups. The box backup is going to be just the mysql dump and nothing else.