@joseph see https://forum.cloudron.io/post/109497
Anyways, @james was unable to reproduce the issue on his end. I will continue to troubleshoot the issue when I have time
Edit: I have confirmed via the Guacamole login page that I am running 1.6.0 which would align with the JIRA issue referenced. Not sure why Cloudron is showing 1.5.5. Might be a bug or something.
Hi @james , I am running the stock Cloudron app which was configured during install to utilize the Cloudron's user management. Fresh logs showing the user "USERNAME" trying to delete the group "Accounting".
ul 02 13:29:38 10:29:38.904 [http-nio-8080-exec-5] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") failed to delete user group "Accounting" within "mysql":
Jul 02 13:29:38 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jul 02 13:29:38 ### The error may involve defaultParameterMap
Jul 02 13:29:38 ### The error occurred while setting parameters
Jul 02 13:29:38 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jul 02 13:29:38 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 10:29:38.904 [http-nio-8080-exec-5] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Jul 02 13:29:38 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jul 02 13:29:38 ### The error may involve defaultParameterMap
Jul 02 13:29:38 ### The error occurred while setting parameters
Jul 02 13:29:38 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jul 02 13:29:38 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
@james are you able to check if you can reproduce this groups issue? The ticket I referenced states that this issue exists on 1.6.0 and that it works fine on 1.5.x , but on Cloudron we are running 1.5.5 .
Now I need to figure out whether or not this Groups issue is related to the 2nd user not being able to access their assigned connections.
Disregard - found the issue upstream: https://issues.apache.org/jira/browse/GUACAMOLE-2088?jql=project %3D GUACAMOLE AND text ~ "group" ORDER BY created DESC
I have been happily using Guacamole to RDP and SSH into some machines on my network. Now I have a need to allow a 2nd user to access some of the machines. In reading through the Guacamole documentation, the best way to do this seems to be using Groups.
So I created a new group , added this new user as a member and assigned them the required connections. However when they log in, they are unable to see the connections that they have been granted access to. While troubleshooting the issue, I decided that maybe I should delete the group and start afresh. But when I tried to do this, I received the following error:
I tried multiple times to delete the group, clearing the user, connections etc but without successs.
I then attempted a clean install of Guacamole to see if I could reproduce the issue and alas, same error message!
Logs:
Jun 30 23:21:13 20:21:13.218 [http-nio-8080-exec-2] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") successfully created user group "test" within "mysql"
Jun 30 23:21:16 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jun 30 23:21:16 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jun 30 23:21:16 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jun 30 23:21:16 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jun 30 23:21:16 ### The error may involve defaultParameterMap
Jun 30 23:21:16 ### The error may involve defaultParameterMap
Jun 30 23:21:16 ### The error occurred while setting parameters
Jun 30 23:21:16 ### The error occurred while setting parameters
Jun 30 23:21:16 20:21:16.938 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Jun 30 23:21:16 20:21:16.938 [http-nio-8080-exec-9] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") failed to delete user group "test" within "mysql":
Install Kasm. (I have it running on a dedicated VM and followed the single server installation instructions: https://kasmweb.com/docs/latest/install/single_server_install.html)
Once installed, log into the Kasm host using the admin credentials and then configure the reverse proxy by going to Infrastructure > Zones in the left hand side panel and following the instructions here: https://kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones
(Note: in my case, the default parameters worked fine)
Install the Cloudron App proxy and point it to your Kasm host e.g. https://[IP-ADDRESS]:443. Now you should be able to access the Kasm login page via the domain you set in the app proxy. e.g. kasm.yourdomain.tld
To use OpenID authentication, first we need to add Kasm as an OIDC client in Cloudron. Go to Cloudron > User Director > OpenID Connect Provider > New Client, and enter the following:
Name: kasm
Login callback URL: https://kasm.yourdomain.tld/api/oidc_callback
Signing Algorithm: RS256
Copy the resulting Client ID and Client Secret for use in step 5.
I believe that should be it! Give it a shot and let me know if you run into any issues. There could be a possibility that I forgot to document something in the above steps. Once it is confirmed to be working, I will polish it up and submit it as a community guide.
@james , yes both those volumes are connecting to my primary NAS via NFS. To test your theory, I created a new NFS share on my secondary NAS and mounted it as a volume on my Cloudron server, but same result - disk usage only shows a single volume. (the first volume that was mounted)
I have two NFS shares mounted as Volumes on my Cloudron server and the apps using them (Nextcloud, Immich) can read/write to them without any issues, folders are accessible via Cloudron's file manager. However only one of them shows up under Disk Usage in the system info page.
Maybe this is a bug? Either way, it isn't causing any issues on my server.
Inspired by the recent discussion surrounding beszel, I think Scrutiny would be an awesome addition to the app catalog for those that are running there Cloudron on a server with several disks. I already use Scrutiny on my TrueNAS server and it has helped me more readily see the S.M.A.R.T. data and identify drives that are at risk of failure.
@girish thank you for the explanation. With that in mind, are there any plans to include similar functionality natively in a future Cloudron release? i.e. an easy way to see the CPU, RAM, storage, network usage of each of the apps installed on your Cloudron instance, receive notifications/alerts when usage is above a certain user-defined threshold etc.
Currently we can sort of do some of this in Cloudron 8 but one needs to go to each app individually which is abit cumbersome and app resource alerting functionality does not presently exist to my knowledge. Like if my CPU is overheating, Cloudron currently will not reporting anything.
If the concern from the Cloudron team is that the beszel agent theoretically introduces security risk as the upstream codebase has not been reviewed in its entirety, would it be possible to take advantage of the wonderful work already done for the beszel agent and fork it into something that you review once and then natively integrate into cloudron? (I'm asking this as a non-developer)
Out of curiousity, why is it not possible to include the beszel agent in the same app package as the beszel hub?
@joseph ok will do
@visamp the youtube video that I linked in the original post is a good place to start, if you haven't already watched it.
@james the developer has released v5.1.1 which is supposed to have fixed the issue, however I am still experiencing the same behavior when I try to sign into the iOS app using OpenID. Can you please test on your iPhone and advise if it is the same for you as well?
@james , the Traccar developer has asked "Has the native app URL been registered?"
I assume the answer is yes, but how would I go about to check the change that was made in Cloudron package update that was published yesterday?
I have Kasm running behind a Cloudron reverse proxy and connected to Cloudron's OIDC directory for user authentication. It was pretty straightforward to set up, but if anyone wants/needs a written guide, I am happy to do so.
@james , thanks for your feedback. I have gone ahead and created a new issue for it: https://github.com/traccar/traccar-manager/issues/8
Okay just tested with the new version of the Cloudron app as well as the Traccar manager app but it unforunately still isn't working.
When you click on the "Login with OpenID" in the mobile app, Safari pops up with "Open this page in Traccar Manager -- Cancel/Open?"
If you select "Cancel" and go back to the mobile app, you get the "Frame load interrupted" error message.
If you select "Open", the Traccar webpage opens up in Safari while the mobile app still shows "Frame load interrupted".
So at this point there no longer is a "OpenID Connect Error - redirect_uri did not match any of the client's registered redirect_uris", however you still are unable to log into the Traccar Manager mobile app (atleast on iOS) using OpenID.
Maybe one of you folks can test it on Android?
Great teamwork all ! Good to also see the Traccar developer being so prompt to act on this. Traccar Manager v5.1 has not yet been released to the Apple App Store. Will test the OIDC login again once it is available and revert.