Apple Home "Unable to add accessory" when pairing HomeKit Bridge

I tried whitelisting port 5353 on my cloudron server following https://docs.cloudron.io/networking/#whitelist-ports , but to no effect. I am guessing that something else needs to be done to the Cloudron host or within the Home Assistant container.

I guess the question still remains - will we be able to use HACS with Home Assistant on Cloudron?

If not, the Cloudron documentation should state the same.

@timconsidine thanks for the info. I am using Unifi Protect as my NVR (albeit with Dahua ONVIF cameras) but I use Frigate's object detection to trigger automations in Home Assistant. For example, if a person is detected in the front yard, turn on a light etc. This is why I was trying to integrate Frigate into Home Assistant as the integration turns your cameras into motion and presence sensors.

There is a way to do something similar using the Unifi Protect integration for Home Assistant which does not require the HACS add on, however I would need to purchase some additonal hardware from Ubiquiti in order to get object detection for 3rd party cameras working in Unifi Protect: https://store.ui.com/us/en/products/up-ai-port

Steps to replicate:

1. Install the HomeKit Bridge integration: > Settings > Devices & Integrations > Add Integration > Apple > HomeKit Bridge

Upon successful installation, a HomeKit Pairing QR code will become available in the Notifications Tab.

2. Pair HomeKit Bridge to your Apple Device: Apple Home app > Add Accessory > Scan pairing QR code

Pairing fails with "Accessory not found" error message.

Suspect this may have something to do with mDNS. Is the mDNS port UDP 5353 open? I am guessing not for security reasons. In that case, how would one go about exposing it only to devices on the LAN?

I am in the same boat. I decided I would migrate my home assistant docker instance to Cloudron for ease of remote access, but I am unable to install the official HACS addon required for the Frigate integration.

Were you able to find a solution?

@joseph see https://forum.cloudron.io/post/109497

Anyways, @james was unable to reproduce the issue on his end. I will continue to troubleshoot the issue when I have time

Edit: I have confirmed via the Guacamole login page that I am running 1.6.0 which would align with the JIRA issue referenced. Not sure why Cloudron is showing 1.5.5. Might be a bug or something.

Hi @james , I am running the stock Cloudron app which was configured during install to utilize the Cloudron's user management. Fresh logs showing the user "USERNAME" trying to delete the group "Accounting".

ul 02 13:29:38 10:29:38.904 [http-nio-8080-exec-5] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") failed to delete user group "Accounting" within "mysql":
Jul 02 13:29:38 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jul 02 13:29:38 ### The error may involve defaultParameterMap
Jul 02 13:29:38 ### The error occurred while setting parameters
Jul 02 13:29:38 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jul 02 13:29:38 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 10:29:38.904 [http-nio-8080-exec-5] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Jul 02 13:29:38 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jul 02 13:29:38 ### The error may involve defaultParameterMap
Jul 02 13:29:38 ### The error occurred while setting parameters
Jul 02 13:29:38 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jul 02 13:29:38 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5

@james are you able to check if you can reproduce this groups issue? The ticket I referenced states that this issue exists on 1.6.0 and that it works fine on 1.5.x , but on Cloudron we are running 1.5.5 .

Now I need to figure out whether or not this Groups issue is related to the 2nd user not being able to access their assigned connections.

Disregard - found the issue upstream: https://issues.apache.org/jira/browse/GUACAMOLE-2088?jql=project %3D GUACAMOLE AND text ~ "group" ORDER BY created DESC

I have been happily using Guacamole to RDP and SSH into some machines on my network. Now I have a need to allow a 2nd user to access some of the machines. In reading through the Guacamole documentation, the best way to do this seems to be using Groups.

So I created a new group , added this new user as a member and assigned them the required connections. However when they log in, they are unable to see the connections that they have been granted access to. While troubleshooting the issue, I decided that maybe I should delete the group and start afresh. But when I tried to do this, I received the following error:

I tried multiple times to delete the group, clearing the user, connections etc but without successs.

I then attempted a clean install of Guacamole to see if I could reproduce the issue and alas, same error message!

Logs:

Jun 30 23:21:13 20:21:13.218 [http-nio-8080-exec-2] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") successfully created user group "test" within "mysql"
Jun 30 23:21:16 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jun 30 23:21:16 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jun 30 23:21:16 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jun 30 23:21:16 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jun 30 23:21:16 ### The error may involve defaultParameterMap
Jun 30 23:21:16 ### The error may involve defaultParameterMap
Jun 30 23:21:16 ### The error occurred while setting parameters
Jun 30 23:21:16 ### The error occurred while setting parameters
Jun 30 23:21:16 20:21:16.938 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Jun 30 23:21:16 20:21:16.938 [http-nio-8080-exec-9] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") failed to delete user group "test" within "mysql":

1. Install Kasm. (I have it running on a dedicated VM and followed the single server installation instructions: https://kasmweb.com/docs/latest/install/single_server_install.html)

2. Once installed, log into the Kasm host using the admin credentials and then configure the reverse proxy by going to Infrastructure > Zones in the left hand side panel and following the instructions here: https://kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones
   (Note: in my case, the default parameters worked fine)

3. Install the Cloudron App proxy and point it to your Kasm host e.g. https://[IP-ADDRESS]:443. Now you should be able to access the Kasm login page via the domain you set in the app proxy. e.g. kasm.yourdomain.tld

4. To use OpenID authentication, first we need to add Kasm as an OIDC client in Cloudron. Go to Cloudron > User Director > OpenID Connect Provider > New Client, and enter the following:
   Name: kasm
   Login callback URL: https://kasm.yourdomain.tld/api/oidc_callback
   Signing Algorithm: RS256

Copy the resulting Client ID and Client Secret for use in step 5.

5. Now in Kasm, go to Access Management > Authentication > OpenID and follow the instructions here: https://kasmweb.com/docs/latest/guide/oidc.html
   Main parameters to be set are:
   Display Name: Can be anything e.g. Login with Cloudron
   Hostname: kasm.yourdomain.tld
   Client ID: paste from step 4
   Client Secret: paste from step 4
   Authorization URL: https://my.yourdomain.tld/openid/auth
   Token URL: https://my.yourdomain.tld/openid/token
   User Info URL: https://my.yourdomain.tld/openid/me
   Scope (One Per Line): openid profile email
   Username Attribute: sub
   Redirect URL: this should be automatically populated and should match what you entered as the callback url in step 4 i.e. https://kasm.yourdomain.tld/api/oidc_callback

I believe that should be it! Give it a shot and let me know if you run into any issues. There could be a possibility that I forgot to document something in the above steps. Once it is confirmed to be working, I will polish it up and submit it as a community guide.

@james , yes both those volumes are connecting to my primary NAS via NFS. To test your theory, I created a new NFS share on my secondary NAS and mounted it as a volume on my Cloudron server, but same result - disk usage only shows a single volume. (the first volume that was mounted)

I have two NFS shares mounted as Volumes on my Cloudron server and the apps using them (Nextcloud, Immich) can read/write to them without any issues, folders are accessible via Cloudron's file manager. However only one of them shows up under Disk Usage in the system info page.

Maybe this is a bug? Either way, it isn't causing any issues on my server.

Inspired by the recent discussion surrounding beszel, I think Scrutiny would be an awesome addition to the app catalog for those that are running there Cloudron on a server with several disks. I already use Scrutiny on my TrueNAS server and it has helped me more readily see the S.M.A.R.T. data and identify drives that are at risk of failure.

@girish thank you for the explanation. With that in mind, are there any plans to include similar functionality natively in a future Cloudron release? i.e. an easy way to see the CPU, RAM, storage, network usage of each of the apps installed on your Cloudron instance, receive notifications/alerts when usage is above a certain user-defined threshold etc.

Currently we can sort of do some of this in Cloudron 8 but one needs to go to each app individually which is abit cumbersome and app resource alerting functionality does not presently exist to my knowledge. Like if my CPU is overheating, Cloudron currently will not reporting anything.

If the concern from the Cloudron team is that the beszel agent theoretically introduces security risk as the upstream codebase has not been reviewed in its entirety, would it be possible to take advantage of the wonderful work already done for the beszel agent and fork it into something that you review once and then natively integrate into cloudron? (I'm asking this as a non-developer)

Out of curiousity, why is it not possible to include the beszel agent in the same app package as the beszel hub?

@joseph ok will do

@visamp the youtube video that I linked in the original post is a good place to start, if you haven't already watched it.

@james the developer has released v5.1.1 which is supposed to have fixed the issue, however I am still experiencing the same behavior when I try to sign into the iOS app using OpenID. Can you please test on your iPhone and advise if it is the same for you as well?