RE: Phabricator - Package Updates

[1.13.0]

• Use stable branch 2020 Week 42

@mario Ha ha, possibly. I only hacked it up quickly and checked if proxyAuth code in 6.0 will work before I make the release.

@mario said in Docker registry:

The only problem here is that this would not work for me

Good point. I forgot to add the optionalSso flag to manifest. With that flag, you can install the app without Cloudron Directory integration (like you do with other apps) and then we can have the default admin/admin setup that you have when LDAP is disabled. Would that work?

@mehdi said in Docker registry:

Combined with the authProxy of Cloudron6, we could disable the htpasswd auth of the app and since it uses basic auth it should work with the LDAP users !

I gave this a try and this worked great! https://git.cloudron.io/cloudron/docker-registry-app/-/commit/547e3b30b0d9038d9fe73416a7df7b3d32f265ec

@mario Oh wow, this is awesome. I had no idea one could run a registry this way. I thought one has to make some use of the docker addon! This way is so much simpler and nicer.

I forked the code to https://git.cloudron.io/cloudron/docker-registry-app/ and gave you permissions. It just worked (tm). Do you think you can put in a LICENSE file and keep developing there? It's a holiday for thanksgiving here, but I will look into this soonish.

@robi yes, probably. But I can't seem to find who calls pcntl_signal_dispatch in EspoCRM.

@jimcavoli Can you grep the code for pcntl_signal_dispatch ? Maybe it's coming from plugin?

Not a PHP dev but it seems https://stackoverflow.com/questions/16262854/pcntl-not-working-on-ubuntu-for-security-reasons can be used to enable it. You can put that in /app/data/php.ini.

Related: https://forum.cloudron.io/topic/3795/firewall-spamassassin-automatic-list-update

@saikarthik yup, can surely be added. probably next release.

@andirahmat if you open a support ticket with them, let us know the outcome. I cannot open a ticket from our account because SGP1 Spaces is disabled for new spaces creation. Looks like they hit some capacity problems there and are thus limiting uploads.

This turned out of be a DO SGP region issue. If you try to multi-part upload with a part size > 15MB, it fails (!). I was able to reproduce this with the s3cmd tool.

root@localhost:~# s3cmd --access_key=key --secret_key=secret --host=sgp1.digitaloceanspaces.com --host-bucket=bucket --multipart-chunk-size-mb=20 put 500MB.bin s3://bucket/500MB.bin
upload: '500MB.bin' -> 's3://bgsmd/500MB.bin'  [part 1 of 25, 20MB] [1 of 1]
 20971520 of 20971520   100% in    0s    42.81 MB/s  done
WARNING: Upload failed: /500MB.bin?partNumber=1&uploadId=2~mT5ZeflCYTchMXHNZc5EZUyc9ABNpT- (500 (UnknownError))
WARNING: Waiting 3 sec...
upload: '500MB.bin' -> 's3://bgsmd/500MB.bin'  [part 1 of 25, 20MB] [1 of 1]
 20971520 of 20971520   100% in    5s     3.82 MB/s  done
WARNING: Upload failed: /500MB.bin?partNumber=1&uploadId=2~mT5ZeflCYTchMXHNZc5EZUyc9ABNpT- (500 (UnknownError))
WARNING: Waiting 6 sec...

Reduce chunk size all the way down to 15MB, makes it work.

@jimcavoli He has reached out to us on support, so I am looking into this later today.

@marcusquinn 95daa437-5a33-47c6-8534-1d6086eae52 is the app id. To figure the actual app, you have to hover over the configure button of each app and look at the browser footer to know the id. I have actually made the "search" also look for app ids in Cloudron 6 that should make this process simpler.

@vladimir I can also recommend sending a test mail to https://mail-tester.com to check if you have setup the DNS records required for the external email server correctly.

@d19dotca said in Outbound email error: "Client network socket disconnected before secure TLS connection was established":

Are you aware of any method for me to determine what the receiving mail server supports for TLS protocols and cipher suites?

You can try something like openssl s_client -starttls smtp -connect server:25. Note that usually you have to do this from a real server and not from your laptop, since most residential networks will block outbound port 25.

There is also a better tool for SMTP connection testing, it's at the tip of my tongue...

Edit: gnutls-cli is the tool. It has some feature which openssl s_client does not support. I can't seem to remember what exactly.

BTW, for mail server, the mail server already uses zen spamhaus. This is enabled by default (and in fact, no way to disable this).

Would love to see this as well. The license of ipdeny is also fairly permissive.

You may NOW re-distribute our zone files and you can freely use our generated IP zone
files in  your commercial or freeware solutions or services, please read our
Copyright policy and please comply with our Usage limits policy. Linkback to our
service is always appreciated and  recommended.

@jdaviescoates I think roundcube is the best of the lot. But also, the desktop and mobile clients are quite great though.

@robi Each project (and thus each database) has it's own "system" tables with the prefix directus_. There is a directus_users table in each project/database. This means that there really are two separate users. If you change password in one, the other does not change.

I have to take that back. I am not sure again anymore. It seems the users between projects are totally separate. I thought it was the same because I created them with the same username/password, so I thought there was some sort of shared user management going on, but there isn't. So, it's back to I think it's best not to support multi-tenancy.

I implemented the change itself - https://git.cloudron.io/cloudron/directus-app/-/commit/309a56c72021f82312fc66bb94101c6692ec0b96#691718f47a3089a202609bee65b689fdc9e57855 . But i won't make a new package.