Nextcloud Fulltext Search

@marcusquinn I like this project and just wanted to get it a bump

Hi,
for debugging purposes, we need GUI access to the nextcloud prostgres db on Cloudron. However, this is causing some trouble. We set up a lamp server and uploaded phpPGadmin. In the pgadmin config, we set postgres as the server host.

Now, when we try to log in, we get the message "sign-in failed". Postgres logs don't show a login attempt.

Is there any proven way to get this working?

126 GB RAM (~24 GB used) + 16 GB SWAP (0,2 GB used)

Hi,

we have some serious issues with our Cloudron Server since 8.2.x. To get a glimpse this is our Event log. And by looking into syslog and boxlog I am unable to get a clue why this happens and what fails. This Issue was already there with 8.2.3 or maybe earlier. We have those since somewhere in january.

Symtoms:
Box is unrseponsive, single sign on often fails. Backups often fail with "Task was stopped because the server was restarted or crashed".

Troubleshoot Output:

root@my ~ # cloudron-support --troubleshoot
Vendor: Hetzner Product:
Linux: 6.8.0-52-generic
Ubuntu: noble 24.04
Processor: AMD Ryzen 9 5950X 16-Core Processor
BIOS AMD Ryzen 9 5950X 16-Core Processor             Unknown CPU @ 3.4GHz x 32
RAM: 131817448KB
Disk: /dev/md2        2.9T
[OK]	node version is correct
[OK]	IPv6 is enabled and public IPv6 address is working
[OK]	docker is running
[OK]	docker version is correct
[OK]	MySQL is running
[OK]	nginx is running
[OK]	dashboard cert is valid
[OK]	dashboard is reachable via loopback
[OK]	box v8.2.4 is running
[OK]	netplan is good
[OK]	DNS is resolving via systemd-resolved
[OK]	Dashboard is reachable via domain name
[OK]	Domain XXX.XX is valid and has not expired
[OK]	unbound is running

mySQL

root@my ~ # systemctl status mysql
● mysql.service - MySQL Community Server
     Loaded: loaded (/usr/lib/systemd/system/mysql.service; enabled; preset: enabled)
     Active: active (running) since Sun 2025-02-23 15:39:29 CET; 5min ago
    Process: 1175 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
   Main PID: 1243 (mysqld)
     Status: "Server is operational"
      Tasks: 43 (limit: 154388)
     Memory: 289.7M (peak: 290.3M)
        CPU: 6.854s
     CGroup: /system.slice/mysql.service
             └─1243 /usr/sbin/mysqld

Feb 23 15:39:29 my systemd[1]: Starting mysql.service - MySQL Community Server...
Feb 23 15:39:29 my systemd[1]: Started mysql.service - MySQL Community Server.

No Errors or Warnings in /var/log/mysql/error.log except for Self signed CA and "''mysql_native_password' is deprecated and will be removed in a future release"

NGINX
nignx -t rund without any errors.

systemd-resolved: ok

• is running
• host www.cloudron.io 127.0.0.53 works
• 127.0.0.53 is set as nameserver under /etc/resolv.conf

NAT

• No NAT used.

/home/yellowtent/platformdata/logs/box.log (at relevant time)

2025-02-23T14:41:00.078Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:41:10.070Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:41:20.082Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:41:30.077Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:41:40.073Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:41:50.623Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:42:00.091Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:42:10.078Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:42:20.089Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:42:30.092Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:42:40.090Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:42:50.067Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:43:00.091Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:43:10.087Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:43:20.058Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:43:32.152Z box:server ==========================================
2025-02-23T14:43:32.152Z box:server            Cloudron 8.2.4
2025-02-23T14:43:32.152Z box:server ==========================================
2025-02-23T14:43:32.153Z box:platform initialize: start platform
2025-02-23T14:43:32.174Z box:tasks stopAllTasks: stopping all tasks
2025-02-23T14:43:32.174Z box:shell tasks /usr/bin/sudo -S /home/yellowtent/box/src/scripts/stoptask.sh all
2025-02-23T14:43:32.195Z box:shell All tasks stopped
2025-02-23T14:43:32.203Z box:locks releaseAll: all locks released
2025-02-23T14:43:32.205Z box:reverseproxy writeDashboardConfig: writing dashboard config for DOMAIN.TLD
2025-02-23T14:43:32.208Z box:shell reverseproxy: openssl x509 -in /home/yellowtent/platformdata/nginx/cert/my.DOMAIN.TLD.cert -noout -ocsp_uri
2025-02-23T14:43:32.228Z box:shell reverseproxy /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
2025-02-23T14:43:32.289Z box:shell 2025/02/23 15:43:32 [notice] 11425#11425: signal process started
2025-02-23T14:43:32.453Z box:platform onActivated: starting post activation services
2025-02-23T14:43:32.453Z box:platform startInfra: checking infrastructure
2025-02-23T14:43:32.453Z box:platform startInfra: infra is uptodate at version 49.8.0
2025-02-23T14:43:32.453Z box:platform onInfraReady: platform is ready. infra changed: false
2025-02-23T14:43:32.453Z box:apps schedulePendingTasks: scheduling app tasks
2025-02-23T14:43:32.471Z box:apptaskmanager started
2025-02-23T14:43:32.471Z box:cron startJobs: starting cron jobs with hour 21 and minute 12
2025-02-23T14:43:32.483Z box:cron backupPolicyChanged: schedule 00 00 23 * * * (Europe/Berlin)
2025-02-23T14:43:32.485Z box:cron autoupdatePatternChanged: pattern - 00 00 7,8 * * 4 (Europe/Berlin)
2025-02-23T14:43:32.486Z box:cron Dynamic DNS setting changed to false
2025-02-23T14:43:32.487Z box:dockerproxy start: listening on 172.18.0.1:3003
2025-02-23T14:43:35.908Z box:user notifyLoginLocation: uid-a672450b-0cbe-4b28-aaf3-f33469456742 2.202.126.28 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
2025-02-23T14:43:37.649Z box:server ==========================================
2025-02-23T14:43:37.650Z box:server            Cloudron 8.2.4
2025-02-23T14:43:37.650Z box:server ==========================================
2025-02-23T14:43:37.650Z box:platform initialize: start platform
2025-02-23T14:43:37.672Z box:tasks stopAllTasks: stopping all tasks
2025-02-23T14:43:37.672Z box:shell tasks /usr/bin/sudo -S /home/yellowtent/box/src/scripts/stoptask.sh all
2025-02-23T14:43:37.693Z box:shell All tasks stopped
2025-02-23T14:43:37.702Z box:locks releaseAll: all locks released
2025-02-23T14:43:37.706Z box:reverseproxy writeDashboardConfig: writing dashboard config for DOMAIN.TLD
2025-02-23T14:43:37.708Z box:shell reverseproxy: openssl x509 -in /home/yellowtent/platformdata/nginx/cert/my.DOMAIN.TLD.cert -noout -ocsp_uri
2025-02-23T14:43:37.728Z box:shell reverseproxy /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
2025-02-23T14:43:37.790Z box:shell 2025/02/23 15:43:37 [notice] 11487#11487: signal process started
2025-02-23T14:43:37.955Z box:platform onActivated: starting post activation services
2025-02-23T14:43:37.955Z box:platform startInfra: checking infrastructure
2025-02-23T14:43:37.955Z box:platform startInfra: infra is uptodate at version 49.8.0
2025-02-23T14:43:37.956Z box:platform onInfraReady: platform is ready. infra changed: false
2025-02-23T14:43:37.956Z box:apps schedulePendingTasks: scheduling app tasks
2025-02-23T14:43:37.975Z box:apptaskmanager started
2025-02-23T14:43:37.975Z box:cron startJobs: starting cron jobs with hour 21 and minute 12
2025-02-23T14:43:37.990Z box:cron backupPolicyChanged: schedule 00 00 23 * * * (Europe/Berlin)
2025-02-23T14:43:37.992Z box:cron autoupdatePatternChanged: pattern - 00 00 7,8 * * 4 (Europe/Berlin)
2025-02-23T14:43:37.993Z box:cron Dynamic DNS setting changed to false
2025-02-23T14:43:37.994Z box:dockerproxy start: listening on 172.18.0.1:3003
2025-02-23T14:43:40.087Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive
2025-02-23T14:43:40.990Z box:user notifyLoginLocation: uid-a672450b-0cbe-4b28-aaf3-f33469456742 2.202.126.28 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0
2025-02-23T14:43:42.652Z box:server ==========================================
2025-02-23T14:43:42.653Z box:server            Cloudron 8.2.4
2025-02-23T14:43:42.653Z box:server ==========================================
2025-02-23T14:43:42.653Z box:platform initialize: start platform
2025-02-23T14:43:42.675Z box:tasks stopAllTasks: stopping all tasks
2025-02-23T14:43:42.675Z box:shell tasks /usr/bin/sudo -S /home/yellowtent/box/src/scripts/stoptask.sh all
2025-02-23T14:43:42.696Z box:shell All tasks stopped
2025-02-23T14:43:42.706Z box:locks releaseAll: all locks released
2025-02-23T14:43:42.707Z box:reverseproxy writeDashboardConfig: writing dashboard config for DOMAIN.TLD
2025-02-23T14:43:42.709Z box:shell reverseproxy: openssl x509 -in /home/yellowtent/platformdata/nginx/cert/my.DOMAIN.TLD.cert -noout -ocsp_uri
2025-02-23T14:43:42.729Z box:shell reverseproxy /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
2025-02-23T14:43:42.789Z box:shell 2025/02/23 15:43:42 [notice] 11544#11544: signal process started
2025-02-23T14:43:42.954Z box:platform onActivated: starting post activation services
2025-02-23T14:43:42.954Z box:platform startInfra: checking infrastructure
2025-02-23T14:43:42.954Z box:platform startInfra: infra is uptodate at version 49.8.0
2025-02-23T14:43:42.954Z box:platform onInfraReady: platform is ready. infra changed: false
2025-02-23T14:43:42.954Z box:apps schedulePendingTasks: scheduling app tasks
2025-02-23T14:43:42.973Z box:apptaskmanager started
2025-02-23T14:43:42.973Z box:cron startJobs: starting cron jobs with hour 21 and minute 12
2025-02-23T14:43:42.988Z box:cron backupPolicyChanged: schedule 00 00 23 * * * (Europe/Berlin)
2025-02-23T14:43:42.990Z box:cron autoupdatePatternChanged: pattern - 00 00 7,8 * * 4 (Europe/Berlin)
2025-02-23T14:43:42.991Z box:cron Dynamic DNS setting changed to false
2025-02-23T14:43:42.992Z box:dockerproxy start: listening on 172.18.0.1:3003
2025-02-23T14:43:50.107Z box:apphealthmonitor app health: 11 running / 2 stopped / 2 unresponsive

Okay, I got it fixed now; rebooting did the trick with redis.
For those who come along with this thread:

I guess when used on machines with many CPU-Cores, especially with hyperhreading, OnlyOffice starts some kind of worker per Core, which then eats up some memory. In my case, with 16 cores (32 HT-Cores), this eats about 3.25 Gbytes. If the memory limit is too low, this results in a restart loop. Since I resized the memory to 6 GB, all is fine.

Hi,

the auto provisioning of the LDAP-Sync of Freescout works like a charm. Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

This would require the field DNs and Filters within Freescout to be set to a value like the following instead of the default:

ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)
ou=users,dc=cloudron(memberof=cn=GROUPNAME,ou=groups,dc=cloudron)

At this point it comes in handy that freescout accepts multiple lines of filters, so there can be one line for each group selected within the Cloudron backend.

This change is needed for the following reasons:

• Cloudron overwrites this setting from time to time – so it cant' be changes manually.
• Reduction of attack surface – if only a small part of an organization needs the ticket system not everybody should have an account. Mind authenticated exploits.
• Order: Many unneeded Users within Freescout make it confusing.

I would be happy if one feels like implementing this

Hi!

I migrated a Wordpress site from a old server to Cloudron. I did this by copying the wp-content folder, importing the db (which I cleared before) and writing the secrets to wp-config.conf.

Everything works like a charm except e-mail. Wordpress just is not able to send out e-mails. There's nothing in the logs – neither the app-logs nor the mailserver log. So the mail does not even reach the cloudron mailserver.

There is no funky custom smtp plugin installed. I just think that there are some special cloudron e-mail-configs for wordpress which do not restore after restart and are not documented (at least I am unable to find such) to apply manually.

Mail on other apps works fine.

@girish I can confirm, we are using the EE Version. So this might be a bug in the OnlyOffice EE-Version not Cloudron?

Hi Folks!

I wonder if anyone of you got Mattermost Team Edition to work with the Cloudron OIDC-Provider. I currently run a setup where I use Keycloak with Mattermost, but I want to replace it with cloudron – Mattermost-Support is currently the only dealstopper.

If I recall right, the issue with using the GitLab auth feature with any other OIDC IdP was that Mattermost Team Edition expects a claim "id", which needs to be an integer and unique to the user – and also be added to the userinfo.

As far as I can see currently, Cloudron does not support such a token and therefore can't be used with Mattermost Team Edition.

I know that Mattermost EE has a more broad support of sign-in methods. However, in these special circumstances, it is not an option because I have a high number of occasional users, which would render using Mattermost EE a financial disaster.

Mabe one of you have some wise thoughts on this. Thank you in advance!

@girish said in LDAP Integration: Limit sync to groups selected in cloudron:

@im-fabian said in LDAP Integration: Limit sync to groups selected in cloudron:

Nevertheless I would suggest that ldap sync is limited to the elegible groups which are selected within Cloudron.

This should already be the case.

Thanks, I can confirm this behaviour!

I see that this is not a cloudron issue but a freescout one: Users which have been deleted within LDAP are not locked or deleted within freescout but just remain in the status of their latest sync.

@girish I opened an ticket with OnlyOffice on that cause. Will keep you posted.

@girish I am on the Team Edition. Indeed OpenID in a restricted manner is available, but it is designed to work with the default gitlab configuration only: https://docs.mattermost.com/onboard/sso-gitlab.html
There is nothing in the license which forbids to use this auth-endpoint for other purposes. Additionally you can change the text and color of the login button via the config.json.

A tutorial for keycloak can be found here: https://medium.com/@mrtcve/mattermost-teams-edition-replacing-gitlab-sso-with-keycloak-dabf13ebb99e

@girish the support replied. I did not have the time to look into it, but wanted to share the feedback with you asap:

You are correct, but you can decrease the amount of converter processes by changing maxprocesscount parameter in default.json file:
/etc/onlyoffice/documentserver/default.json
 
"FileConverter": {
  "converter": {
   
   "maxprocesscount": 1,
The default value is "1" but you can change it (to 0.5 or 0.25 for instance) to decrease the number of processes, since maxprocesscount is a multiplier, the number of converter processes will be equal to maxprocesscount * number of CPUs.
 
Please, do not forget to restart Document Server's services after applying the changes:
supervisorctl restart all