Unable to connect to IMAP with Cloudron in DMZ VLAN

I am running into the same issue. I have the cloudron running in a DMZ VLAN at home with public IP. Firewall is configured to port forward port 993 from my WAN IP to my Cloudron LAN IP. I can access emails on my phone, laptop etc but when I try to configure n8n to connect to the Cloudron mail server, I get the same error message as @OneWheelGeek .

@girish said in Issue connecting N8N to IMAP account:

@OneWheelGeek If you open a n8n web terminal, are you able to telnet my.domain.com 993 ? Does it connect ?

I tried this but no joy. "telnet: Unable to connect to remote host: Connection timed out"

Any pointers?

@jdaviescoates how come ?

Trying to install an app that utilizes Cloudron’s user directory but unable to restrict access to specific users or groups.

Upvote! Would be great to have this in the App store!

I upgraded to 9.0.7 yesterday and everything seems to be working fine, but I woke up this morning to find the following notification:

"Domain yourdomain.tld is not configured properly

General error: defaultProxyStatus must be a boolean"

Another upvote for Nextcloud AIO. OP created this topic almost 2 years ago and since then, Nextcloud AIO has not only become very stable but also has a mature feature set.

I tried whitelisting port 5353 on my cloudron server following https://docs.cloudron.io/networking/#whitelist-ports , but to no effect. I am guessing that something else needs to be done to the Cloudron host or within the Home Assistant container.

I guess the question still remains - will we be able to use HACS with Home Assistant on Cloudron?

If not, the Cloudron documentation should state the same.

@timconsidine thanks for the info. I am using Unifi Protect as my NVR (albeit with Dahua ONVIF cameras) but I use Frigate's object detection to trigger automations in Home Assistant. For example, if a person is detected in the front yard, turn on a light etc. This is why I was trying to integrate Frigate into Home Assistant as the integration turns your cameras into motion and presence sensors.

There is a way to do something similar using the Unifi Protect integration for Home Assistant which does not require the HACS add on, however I would need to purchase some additonal hardware from Ubiquiti in order to get object detection for 3rd party cameras working in Unifi Protect: https://store.ui.com/us/en/products/up-ai-port

Steps to replicate:

1. Install the HomeKit Bridge integration: > Settings > Devices & Integrations > Add Integration > Apple > HomeKit Bridge

Upon successful installation, a HomeKit Pairing QR code will become available in the Notifications Tab.

2. Pair HomeKit Bridge to your Apple Device: Apple Home app > Add Accessory > Scan pairing QR code

Pairing fails with "Accessory not found" error message.

Suspect this may have something to do with mDNS. Is the mDNS port UDP 5353 open? I am guessing not for security reasons. In that case, how would one go about exposing it only to devices on the LAN?

I am in the same boat. I decided I would migrate my home assistant docker instance to Cloudron for ease of remote access, but I am unable to install the official HACS addon required for the Frigate integration.

Were you able to find a solution?

@joseph see https://forum.cloudron.io/post/109497

Anyways, @james was unable to reproduce the issue on his end. I will continue to troubleshoot the issue when I have time

Edit: I have confirmed via the Guacamole login page that I am running 1.6.0 which would align with the JIRA issue referenced. Not sure why Cloudron is showing 1.5.5. Might be a bug or something.

Hi @james , I am running the stock Cloudron app which was configured during install to utilize the Cloudron's user management. Fresh logs showing the user "USERNAME" trying to delete the group "Accounting".

ul 02 13:29:38 10:29:38.904 [http-nio-8080-exec-5] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") failed to delete user group "Accounting" within "mysql":
Jul 02 13:29:38 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jul 02 13:29:38 ### The error may involve defaultParameterMap
Jul 02 13:29:38 ### The error occurred while setting parameters
Jul 02 13:29:38 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jul 02 13:29:38 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 10:29:38.904 [http-nio-8080-exec-5] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Jul 02 13:29:38 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5
Jul 02 13:29:38 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jul 02 13:29:38 ### The error may involve defaultParameterMap
Jul 02 13:29:38 ### The error occurred while setting parameters
Jul 02 13:29:38 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jul 02 13:29:38 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'Accounting'' at line 5

@james are you able to check if you can reproduce this groups issue? The ticket I referenced states that this issue exists on 1.6.0 and that it works fine on 1.5.x , but on Cloudron we are running 1.5.5 .

Now I need to figure out whether or not this Groups issue is related to the 2nd user not being able to access their assigned connections.

Disregard - found the issue upstream: https://issues.apache.org/jira/browse/GUACAMOLE-2088?jql=project %3D GUACAMOLE AND text ~ "group" ORDER BY created DESC

I have been happily using Guacamole to RDP and SSH into some machines on my network. Now I have a need to allow a 2nd user to access some of the machines. In reading through the Guacamole documentation, the best way to do this seems to be using Groups.

So I created a new group , added this new user as a member and assigned them the required connections. However when they log in, they are unable to see the connections that they have been granted access to. While troubleshooting the issue, I decided that maybe I should delete the group and start afresh. But when I tried to do this, I received the following error:

I tried multiple times to delete the group, clearing the user, connections etc but without successs.

I then attempted a clean install of Guacamole to see if I could reproduce the issue and alas, same error message!

Logs:

Jun 30 23:21:13 20:21:13.218 [http-nio-8080-exec-2] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") successfully created user group "test" within "mysql"
Jun 30 23:21:16 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### Error updating database. Cause: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name = 'test'' at line 5
Jun 30 23:21:16 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jun 30 23:21:16 ### SQL: DELETE FROM guacamole_entity WHERE type = 'USER_GROUP' name = ?
Jun 30 23:21:16 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jun 30 23:21:16 ### The error may exist in org/apache/guacamole/auth/jdbc/usergroup/UserGroupMapper.xml
Jun 30 23:21:16 ### The error may involve defaultParameterMap
Jun 30 23:21:16 ### The error may involve defaultParameterMap
Jun 30 23:21:16 ### The error occurred while setting parameters
Jun 30 23:21:16 ### The error occurred while setting parameters
Jun 30 23:21:16 20:21:16.938 [http-nio-8080-exec-9] ERROR o.a.g.rest.RESTExceptionMapper - Unexpected internal error:
Jun 30 23:21:16 20:21:16.938 [http-nio-8080-exec-9] INFO o.a.g.event.EventLoggingListener - User "USERNAME" (authenticated by "openid") failed to delete user group "test" within "mysql":

1. Install Kasm. (I have it running on a dedicated VM and followed the single server installation instructions: https://kasmweb.com/docs/latest/install/single_server_install.html)

2. Once installed, log into the Kasm host using the admin credentials and then configure the reverse proxy by going to Infrastructure > Zones in the left hand side panel and following the instructions here: https://kasmweb.com/docs/latest/how_to/reverse_proxy.html#update-zones
   (Note: in my case, the default parameters worked fine)

3. Install the Cloudron App proxy and point it to your Kasm host e.g. https://[IP-ADDRESS]:443. Now you should be able to access the Kasm login page via the domain you set in the app proxy. e.g. kasm.yourdomain.tld

4. To use OpenID authentication, first we need to add Kasm as an OIDC client in Cloudron. Go to Cloudron > User Director > OpenID Connect Provider > New Client, and enter the following:
   Name: kasm
   Login callback URL: https://kasm.yourdomain.tld/api/oidc_callback
   Signing Algorithm: RS256

Copy the resulting Client ID and Client Secret for use in step 5.

5. Now in Kasm, go to Access Management > Authentication > OpenID and follow the instructions here: https://kasmweb.com/docs/latest/guide/oidc.html
   Main parameters to be set are:
   Display Name: Can be anything e.g. Login with Cloudron
   Hostname: kasm.yourdomain.tld
   Client ID: paste from step 4
   Client Secret: paste from step 4
   Authorization URL: https://my.yourdomain.tld/openid/auth
   Token URL: https://my.yourdomain.tld/openid/token
   User Info URL: https://my.yourdomain.tld/openid/me
   Scope (One Per Line): openid profile email
   Username Attribute: sub
   Redirect URL: this should be automatically populated and should match what you entered as the callback url in step 4 i.e. https://kasm.yourdomain.tld/api/oidc_callback

I believe that should be it! Give it a shot and let me know if you run into any issues. There could be a possibility that I forgot to document something in the above steps. Once it is confirmed to be working, I will polish it up and submit it as a community guide.

@james , yes both those volumes are connecting to my primary NAS via NFS. To test your theory, I created a new NFS share on my secondary NAS and mounted it as a volume on my Cloudron server, but same result - disk usage only shows a single volume. (the first volume that was mounted)

I have two NFS shares mounted as Volumes on my Cloudron server and the apps using them (Nextcloud, Immich) can read/write to them without any issues, folders are accessible via Cloudron's file manager. However only one of them shows up under Disk Usage in the system info page.

Maybe this is a bug? Either way, it isn't causing any issues on my server.