Cloudron migration to new server: amazing!!!

Hi all,

just wanted to share a wow experience.

I had a Cloudron Premium server at DO for almost a year and wanted to migrate it to NetCup (better specs and cheaper).

The docs are very clear and promising (https://cloudron.io/documentation/backups/#move-cloudron-to-another-server) but yeah, you never know ...

Well, I know now .... within 5 minutes after entering the backup location details EVERYTHING (4 websites + Matomo + Searx) and all email (all together about 6GB) was in production on the new server including all DNS of all 17 domains.

Downtime: 0 seconds

This is really amazing!

Thanks @girish and @nebulon for this great product, I already was a Cloudron fan but now even more.

Kind regards,

Marcel.

It's almost 2021 and time for Cloudron to step-up to IPv6

see:

https://forum.cloudron.io/topic/3783/firewall-ip-blocking-ipv6-not-possible
https://forum.cloudron.io/topic/2161/is-cloudron-ready-for-ipv6-or-not

---

• Title: Dawarich on Cloudron - Your Journey, Your Control

---

• Main Page: https://dawarich.app
• Git: https://github.com/Freika/dawarich
• Licence: AGPL-3.0 license
• Docker: Yes

---

• Summary:

Your Journey, Your Control: Visualize your location history, track your movements, and analyze your travel patterns with complete privacy and control.

Your Life's Journey, Visualized: Dawarich transforms your location data into beautiful, interactive visualizations that help you understand your movement patterns over time.

Precise Route Tracking: Automatically detect starts and stops, with precise route visualization between points.

Customizable Map Styles: Choose from various map styles to match your preferences.

Landmark Detection: Automatically identify and label important locations based on your visit patterns.

Journey Statistics: Dawarich transforms your travel data into meaningful insights that help you understand your movement patterns.

Track Your Adventures: Get detailed travel insights that show you exactly how far you've traveled, when, and where.

Discover Patterns: Gain insights into your travel habits across countries, cities, and different time periods.

---

• Notes:

We currently have Traccar in the Appstore but that is a very basic and more business suitable solution for tracking. Dawarich is more about your personal adventures and travels. If you're an Immich or a Photoprism user, you can configure an integration for those services with Dawarich. Dawarich is available on iOS. You can download it from the App Store.

---

• Screenshots: (impossible because upload limit is only 4MB total?)
  https://dawarich.app/assets/images/map-9e8a35206c62dbd1804945815a4aebf0.png
  
  https://dawarich.app/assets/images/stats-894e6a4d37798c0e39ca59a83e4cd869.jpeg
  
  https://dawarich.app/assets/images/trips-list-9c5b085dfa60ce446c825f450ffc0b6a.png

https://gitlab.com/Deamos/open-streaming-platform-docker
https://gitlab.com/Deamos/flask-nginx-rtmp-manager

OSP as an alternative for OSP was designed a self-hosted alternative to services like Twitch.tv, Ustream.tv, and Youtube Live

https://www.resourcespace.com/download

Why ResourceSpace?

Digital Asset Management (DAM) software such as ResourceSpace can be used by photographers, marketers, designers and anyone who wants to organize, modify and securely share their images, documents, presentations, videos, audio files, indesign files and every other digital file.

If you're working with large amounts of digital assets, whether they are pictures, stock photos, indesign files, documents, presentations, videos, audio files or any other rich media content a good solution is crucial for saving time and money, whilst increasing your efficiency. A good DAM platform will eliminate any wasted time spent on searching and trying to find a certain file, and will ensure that you can share your content instantly with anybody.

Many people ask why they would need a Digital Asset Management in place if they have Dropbox or Google Drive. A DAM system is a tool with extensive features that go far beyond any simple photo storage or cloud based file storage system.

Your DAM system will have thumbnails and full previews of your images, video and design files so you can see your files before selecting them.

A Digital Asset Management system allows you to create a 'single source of truth' for all of your digital assets. It eliminates the need to search for your digital assets on servers located across the world, your colleagues computers, email inboxes and even USB sticks.

Spending ages searching for that one illusive logo, the current version of the power point template or even the newest version of your poster ad campaign for your project can be infuriating; now you, your team and clients can browse your digital content visually as well as having the ability to find the right material with an intuitive search. By adding tags and other relevant metadata you'll make sure that everyone can always find the right digital assets within seconds of searching.

@girish said in What's coming in 7.6:

IRestic backend.

Can’t wait for this (kind of a) solution as + 200GB every day is taking too long and too inefficient

Create Your Own Broadcast Network with AVideo Platform. AVideo is a powerful base platform for uploading, curating, organizing, indexing, and distributing audio and video content.

AVideo Platform has been download and installed on over 4000 sites in over 190 countries throughout the world. Each AVideo Platform Clone is indexed in our META Search Engine and supported by our worldwide community of developers and contributors.
190+ COUNTRIES
852,567+ AUDIO AND VIDEO UPLOADS
4,237+ AVIDEO SITES
967+ CONTRIBUTORS

https://platform.avideo.com/AVideo_OpenSource
https://github.com/WWBN/AVideo/blob/master/README.md

@igaudette said in

Had to share my disappointment... and I am sure I'm not alone.

I totally agree! I’m also a paying customer (3 Cloudrons) for years and still quite happy with Cloudron.

But it’s becoming a gimmick to see 2 recipes apps, Home Assistant that doesn’t work without USB interfaces, a niche app for electric car charging etc etc.

But looking at the “wishlist” there are tens of high voted (business) apps already for years waiting….

Also the pace of platform updates is very low, more than a year ago Cloudron 9 was announced but today the current version has still basic unsolved bugs (like filemanager) or apps still on php 8.1

I’m really missing the spirit and speed of the Cloudron team of 5 years ago.

Feature Request: Simple per-App WAF with Templates (KISS=Keep It Stupid Simple)

Cloudron is often used to host multiple web applications with very different exposure levels (e.g. public websites, WordPress instances, admin-only tools).
At the moment, most protection is instance-wide, which makes it hard to apply different security policies per app without external tooling.

Community Precedent – Cloudron Forum discussions

Users have repeatedly discussed the need for more granular access control / WAF-like features in Cloudron:

• In “Is there a way to rate limit connections to a site for certain user agent strings?”, users talk about using Bunkerweb as a workaround for the lack of built-in request filtering and mention that “Cloudron doesn’t have anything like WAF” and the desire to move away from Cloudflare WAF because Cloudron currently lacks native solutions.
  https://forum.cloudron.io/topic/14343/is-there-a-way-to-rate-limit-connections-to-a-site-for-certain-user-agent-strings

• Users have explicitly asked about limiting web-based access to individual Cloudron apps (e.g., basic auth, IP-based restrictions), indicating demand for app-level access controls.
  https://forum.cloudron.io/topic/8804/limiting-web-based-access-to-cloudron-apps

• In “What’s coming in Cloudron 6.3”, I suggested features inspired by Wordfence including blocking by IP/location and geo-blocking, and specifically calls out the idea of geo-blocking of countries as a desirable security improvement.
  https://forum.cloudron.io/topic/4723/what-s-coming-in-cloudron-6-3/4

• Related support threads show users trying to restrict access to the Cloudron login page by IP while keeping other apps public, again highlighting demand for more granular access controls.
  (See posts by user hiyukoim in support category)

I would like to propose a simple, KISS-oriented Web Application Firewall (WAF) on app level, tightly integrated into Cloudron.

---

Problem

• Not all apps should be equally reachable from the internet
• Admins often want basic access control (countries, IPs, paths) without deploying a full external WAF
• Instance-wide rules are often too coarse

---

Goals

• Per-app access control
• Very simple and predictable behavior
• No security expertise required
• Reusable defaults for admins managing many apps

---

Proposed Solution

1. Per-app WAF

Each web app can optionally enable its own WAF.

2. App-level rules

Within an app WAF, an admin can configure:

• IP whitelist / blacklist
• Geo allow / block (noise reduction, not “hard security”)
• Path-based rules (extra layer), for example:
  • /wp-login.php
  • /wp-admin/*
  • /api/*

Rules should be path-based only (no complex regex).

3. Instance-level WAF templates

At Cloudron instance level, admins can define WAF templates (profiles), such as:

• Public website
• WordPress hardened
• Admin-only app
• Internal / trusted IPs only

For each app:

• Select a template
• Optionally extend or override it locally

This avoids repetitive configuration and keeps policies consistent.

4. Clear precedence (important for predictability)

Suggested order:

1. IP whitelist
2. Geo allow
3. IP blacklist
4. Geo block
5. Path rules

Whitelist rules always take precedence.

---

Optional (still KISS)

• Per-app blocked requests log (read-only)
  • Timestamp
  • Source IP / country
  • Rule type (IP / Geo / Path)
• Report-only / dry-run mode for new rules
• Temporary disable WAF for this app (emergency switch)

---

Non-goals (explicitly out of scope)

• Full ModSecurity / OWASP CRS
• Regex-heavy rules
• Deep request inspection (headers, body, users, roles)
• Replacing a dedicated enterprise WAF

This feature is intended to cover the 80% use case in a Cloudron-native, admin-friendly way, while keeping configuration minimal and understandable.

Is there any update on this?

The COVID-19 pandemic is (almost everywhere) increasing and measures for working from home are again and/or still there. The public Jitsi service is overloaded so it's very very welcome after all these months to have a Cloudron version of Jitsi-server.

Website: https://friendlycaptcha.com/
GitHub: (for the “server application”) https://github.com/friendlycaptcha/friendly-pow
Wordpress plug-in: https://wordpress.org/plugins/friendly-captcha/

Friendly Captcha, the privacy and user-friendly CAPTCHA alternative

Friendly Captcha is a tool for preventing spam on your website
Other CAPTCHAs are a burden on your users, Friendly Captcha respects your users.

The most popular CAPTCHA system, Google ReCAPTCHA depends on tracking users and collecting user data across the internet. This is a price that you are forcing your users to pay in order to use your website. They can not opt out.

Could this be an alternative?

https://github.com/rustfs/rustfs

This is my experience until now: I use it for our museum only recently, the first two lectures are now for booking and it seems to work very well. At least the visitors (generally 50+) know how to use it. October 5th is the first lecture and the volunteers will use the app to scan at entry. I tested it thoroughly and it works very intuitive.

@girish it would also be very useful to have on 'app level / settings' an option to keep "global backup schedule" or use a "app backup schedule". This way you can make for some apps (like data sensitive apps like CRM) an hourly backup schedule where for a +200GB Nextcloud you can keep the daily "global schedule".

As we know Dovecot it storing all emails of all users in plain text and so they are all readable by the person(s) who have access to the server.

I was wondering if it’s feasible to encrypt this for better privacy and security and found this: https://workaround.org/ispmail/buster/optional-server-based-mailbox-encryption/

Is this something to add to Cloudron, maybe as an option for those who don’t want it?

@girish just for inspiration I found an easy way to configure and manage WireGuard in Docker:

https://github.com/WeeJeWel/wg-easy

This can make the long awaited WireGuard app on Cloudron also easy?

Yesterday I migrated my Cloudron to a new NetCup RS but before that I installed Netdata on the RS and then Cloudron. After installing both and migrating the data everything works fine!

About Netdata:
Before I used Zabbix for years but its much too hard to install, configure, update/upgrade and maintain. Netdata is install and use within seconds!

I use the app.netdata.cloud dashboard and the Netdata agent on the Netcup RS is "streaming" data (have a look at netdata.cloud for all the details).

The agent is streaming 494 (!!) different data sources and it is perfectly shown in summary dashboards, detailed graphs etc. right out of the box!
They implemented AI (buzz) that is looking for correlations in captured data and with default triggers it sends you emails with warnings in different levels.

Some first useful and surprising findings:

• I got a warning that my mounted (!) Hetzner Storagebox for backups was 97.03% full (that is handy to know and act on!)
• I got a warning that in the nginx logs in a certain time the ratio successful HTTP request was low. That was during my attempts to repair a stuck app!
• All the Cloudron apps (docker containers) are monitored (alas with the not so nice cryptic names )
• I got a warning that app.swap was almost fully used. Why?? The machine has 32GB RAM only 1 third used so I switched the slow app.swap off and deleted it (again a useful insight!).

All together: it is very simple and useful!

I offered @girish SSH access to check if everything works fine from a Cloudron developers perspective so we can get a "green light" to use it "officially". Due to 7.5 release his research will take some time.

Just got a phonecall of a user, an email folder of 2020 with thousands of emails was accidentally deleted and was not in the 'deleted items'.

Couldn't find a quick solution on search engines, so tried it the 'keep it stupid simple way':

1. In my SCP app left pane I went to the server, up into the users' mailbox (no 2020 folder!)
2. In my SCP app right pane I went to the minio backup server (backup just 1 hour old), up into the users' mailbox (there is a 2020 folder)
3. "Simply" copied all the 2020 (sub)folders from right to left
4. After a few seconds the user saw the folders again in Roundcube but ... the file/folder permissions were not good
5. Restarted the mail service in Cloudron and guess what?!
6. It's all back and working!

Good to know for all of you if someone calls

The subject of mail archiving is interesting and this piece of software (Mail Archiver) too. It would be great to have this as an app in the AppStore.

Today IFTTT announced that they will charge you $10 a month (!!!!) for their service. Maybe now it’s really time to put Cloudron in a unique position with this app?!