guyds
Posts
-
Statping -
Connection error with Cloudflare proxyingOk, so I was correct when I said I seemed to remember there are some limitations with CF proxy and subdomains in the free plan.
When trying to open a ticket with CF regarding this issue I was pointed to the following link on their community:
https://community.cloudflare.com/t/subdomain-too-deep/81872The certificates available with the free account (universal certificates) cover only one level of subdomains so my.domain.tld is covered, but my.sub.domain.tld isn't.
-
NetCup - don't use it for professional stuffNetCup can't be held responsible for the reputation of the ip address, it's simply a result of what their users have done with that ip address.
And that's something you have to keep in mind when buying servers from any provider, not only NetCup.
But that doesn't mean you can't do anything about it. In fact there is a good chance you can revert it back to a clean state just by taking the correct actions.As marcusquinn says, Hetzner is very good indeed, but their ip's aren't always clean either. They might be on some blacklists or even blocked alltogether by some parties.
I had a similar situation myself where the ip of our mailserver was blocked by Microsoft and as a result none of our emails could be delivered to microsoft addresses (hotmail, outlook, office365, ...)BUT: I contacted MS and explained the situation. After providing the necessary info / proof of ownership of the ip, they delisted the ip address and everything is fine since then.
-
Statping@girish I see, but I wouldn't expect any solutions from the old, abandoned ticket Maybe you can open a new ticket at statping-ng?
-
Support for DoT (DNS-over-tls)According to this thread DoT support was added in v1.2.0 of the AdGuard package (with Cloudron 6.2).
The Cloudron package documentation however still mentions that DoT is "not yet supported"
Therefore I decided to just try it out and after some fiddling with OpenWRT and stubby in particular I was able to get DoT working.
So I guess Cloudron's AdGuard documentation can use some extra love regarding DNS configuration
-
Hide admin user(name)s for mail managers@girish hmmm, I see, but imagine the following scenario:
Our clients come to us for developing a new Wordpress website and obviously they also want an integrated email system so they can send and receive mails for that website and probably they also want to see some analytics.
So we set up a separate cloudron for such client and install Wordpress for the website, SOGo (or one of the other webmail apps) for the email and Ackee for the analytics.This means the cloudron is dedicated to the client and therefore the trusting factor is there since the client is the only party that makes use of the cloudron and its apps.
However, our clients aren't interested in administering the cloudron themselves so we will manage it for them. But they do want to be able to add extra email addresses when needed.
So the client will get the mail manager role while we are the admin of the system. In this scenario it doesn't make sense - and isn't even desirable - that the client can see our admin user.So while I definitely understand your explanation, I hope you can see my point as well
-
Encryption errors after upgrade to v23.0.3After Nextcloud was automatically upgraded from v23.0.2 to v23.0.3 we started getting issues with up- and downloading of files and even opening of files in the browser.
We're using server-side encryption and a Hetzner storage box over sshfs for the data dir.
Further investigation learned that there was an issue with the encryption/decryption on the server.The exact error we got was:
Encryption not ready: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error
Apparently some of the keys were changed in our data dir (the mounted external storage). Luckily we found older, correct keys in the original data dir of the cloudron app (i.e. inside yellowtent).
After replacing the keys on the mounted storage with the older keys from the original data dir everything started working again.Since there are a lot of encryption related tickets in the Nextcloud repository I mentioned my issue and resolution as a response on one of the still open, relevant issues: https://github.com/nextcloud/server/issues/8349.
But I'm also reporting it here in case it's related to the cloudron packaging and/or someone else here is experiencing similar issues.
-
Hetzner Nextcloud for Backup storage?Oh, and of course you first have to install davfs2.
This can be done with the following commandsudo apt install davfs2
-
Single domain, multiple cloudrons?Is it possible to use a single domain, let's say example.com, with 2 (or more) cloudrons?
The use case would be to host multiple applications for the same company each on their own server, e.g. websites on one server and forum and mail on another server.
Note: I'm new to Cloudron and I really like it so far, but I'm having some specific use cases and it's not clear to me whether Cloudron is a good fit for them.
-
Hide admin user(name)s for mail managers@girish That definitely sounds like an interesting solution, except that in my use case it's not (entirely) related to automation / programmatic access. So I guess it will also need some UI changes.
-
Hetzner Nextcloud for Backup storage?If you create the directory /mnt/mynextcloud and then put the following line in your /etc/fstab
https://<fqdn-of-your-nextcloud>/remote.php/dav/files/<your-username>/ /mnt/mynextcloud davfs defaults,uid=1000,gid=100,_netdev,auto 0 0
You should be able to store your backups in your nextcloud.
Automatically after reboot or manually with this command:sudo mount /mnt/mynextcloud
Note 1: you have to replace the values between <> with the correct values for your nextcloud instance and also make sure you use the correct uid and gid.
Note 2: I won't recommend this for reliable backups as it can be really slow and, well, just unreliable.
-
Cannot import app backup from other cloudron@girish that sounds as being the same issue indeed.
So if I understand correctly you already know what the issue is and how to fix it and now it's just a matter of finding some time to actually implement it -
Hide admin user(name)s for mail managers@girish actually both.
Visually, because it doesn't make sense to show admin users to mail managers when they can't do anything with them.
But also security wise because in my opinion users with a lower access role (in this case mail managers) shouldn't know any (sensitive) details about users with a higher role (in this case admins), e.g. username, email address, ...
We all know passwords shouldn't be reused for different accounts/logins but I'm sure usernames are and therefore I think it's better to not show such data to others when that data isn't relevant for them. -
Custom SMTP Mailer settings@girish actually we have similar use cases.
First of all sender/ip reputation. Some apps send emails in bulk and/or to unverified email addresses while others only send transactional emails to known/verified addresses. Therefore we want to use different email servers/systems for them.
In addition, some apps use email templates built within the mail service and therefore need to send out emails via that particular service, while other apps don't need to / shouldn't send via that service.
The same for newsletters: they have to be sent via a specific service.Great to hear you implemented this functionality already!
-
How to import/migrate from existing, standalone Matomo installation?@girish Thanks, now I managed to migrate the existing installation with the latest Matomo app package.
It was really straightforward! -
Encryption errors after upgrade to v23.0.3@msbt Hey, yes I was lucky that I kept the original data.
But if you have backups - which I hope you do - you can probably recover the correct keys from those backups
Thing is that you should only restore the keys and nothing else from the backups, otherwise you might get more trouble than you currently have -
Website running on managed WP unreachable after latest automatic upgrade@girish I noticed it's running v2.22.0-2 now and indeed everything seems to be ok again.
Thanks for getting this fixed! -
How to import/migrate from existing, standalone Matomo installation?@girish Thanks for the link to the documentation. Somehow I didn't find that section.
Regarding the user management, I can't select the option "leave user management to the app" (see screenshot).
I know that feature was recently introduced, but AFAIK each app has to be adapted individually in order to support it and apparently Matomo isn't adapted (yet)? -
Encryption error since upgrade to 25.0.2@girish Thanks, it's working again!
-
SQL Error during loginSuddenly I can't login anymore on my Matomo instance.
Whenever I try to login, I get the following SQL error:SQLSTATE[42S22]: Column not found: 1054 Unknown column 'login' in 'where clause'
In the Cloudron logs:
Nov 08 10:10:18[Wed Nov 08 09:10:18.623617 2023] [php:notice] [pid 225] [client 172.18.0.1:49142] [<domain-name-redacted>] Error in Matomo: SQLSTATE[42S22]: Column not found: 1054 Unknown column 'login' in 'where clause', referer: https://<domain-name-redacted>/index.php Nov 08 10:10:1894.227.68.6 - - [08/Nov/2023:09:10:18 +0000] "POST /index.php?module=Login HTTP/1.1" 500 1733 "https://<domain-name-redacted>/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" Nov 08 10:10:18172.18.0.1 - - [08/Nov/2023:09:10:18 +0000] "POST /index.php?module=Login HTTP/1.1" 500 2051 "https://<domain-name-redacted>/index.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" Nov 08 10:10:20172.18.0.1 - - [08/Nov/2023:09:10:20 +0000] "GET / HTTP/1.1" 200 30862 "-" "Mozilla (CloudronHealth)"
I'm not 100% sure, but I think this happens since the latest update to 1.42.0 which includes a migration to OIDC login.