RE: Backups failing due to lack of disk space, "Everything else" category consumes 50%

@nebulon Good question, and thanks for the context. It seems they were all created in feb/march this year. Maybe it would have been a good idea to purge the binlogs as part of that release.

After logging in with mysql -uroot -ppassword as described in troubleshooting, PURGE BINARY LOGS didn't do anything and SHOW BINARY LOGS just displayed an error that binlogs were not enabled, so I assume that mysql doesn't recognize them anymore, especially considering their age. So I ran rm binlog.*; I hope that didn't fuck it ¯_ (ツ)_/¯. The space is back now at least.

My backups have been failing recently because of disk space. This wouldn't be surprising (if I use the space I use the space...) except over 50% of the disk space is in the "everything else" category:

I ran some du commands locally and found that mysql is using 22GB by itself, mostly in 100M binlog.NNNNNN files:

root@localhost:/var/lib/mysql# du -sh *
4.0K    auto.cnf
4.0K    binlog.000001
4.0K    binlog.000002
120K    binlog.000003
101M    binlog.000004
101M    binlog.000005
101M    binlog.000006
101M    binlog.000007
101M    binlog.000008
59M     binlog.000009
101M    binlog.000010
101M    binlog.000011
101M    binlog.000012
101M    binlog.000013
101M    binlog.000014
71M     binlog.000015
101M    binlog.000016
101M    binlog.000017
101M    binlog.000018
101M    binlog.000019
101M    binlog.000020
101M    binlog.000021
19M     binlog.000022
101M    binlog.000023
101M    binlog.000024
101M    binlog.000025
101M    binlog.000026
101M    binlog.000027
101M    binlog.000028
19M     binlog.000029
101M    binlog.000030
101M    binlog.000031
101M    binlog.000032
101M    binlog.000033
101M    binlog.000034
101M    binlog.000035
85M     binlog.000036
101M    binlog.000037
101M    binlog.000038
101M    binlog.000039
101M    binlog.000040
101M    binlog.000041
101M    binlog.000042
93M     binlog.000043
101M    binlog.000044
101M    binlog.000045
101M    binlog.000046
101M    binlog.000047
101M    binlog.000048
101M    binlog.000049
88M     binlog.000050
101M    binlog.000051
101M    binlog.000052
101M    binlog.000053
101M    binlog.000054
101M    binlog.000055
101M    binlog.000056
90M     binlog.000057
101M    binlog.000058
101M    binlog.000059
101M    binlog.000060
101M    binlog.000061
101M    binlog.000062
101M    binlog.000063
91M     binlog.000064
101M    binlog.000065
101M    binlog.000066
101M    binlog.000067
101M    binlog.000068
101M    binlog.000069
101M    binlog.000070
68M     binlog.000071
101M    binlog.000072
101M    binlog.000073
101M    binlog.000074
101M    binlog.000075
101M    binlog.000076
101M    binlog.000077
69M     binlog.000078
101M    binlog.000079
101M    binlog.000080
101M    binlog.000081
101M    binlog.000082
101M    binlog.000083
101M    binlog.000084
71M     binlog.000085
101M    binlog.000086
101M    binlog.000087
101M    binlog.000088
101M    binlog.000089
101M    binlog.000090
101M    binlog.000091
70M     binlog.000092
101M    binlog.000093
101M    binlog.000094
45M     binlog.000095
101M    binlog.000096
101M    binlog.000097
101M    binlog.000098
101M    binlog.000099
32M     binlog.000100
101M    binlog.000101
101M    binlog.000102
101M    binlog.000103
101M    binlog.000104
101M    binlog.000105
101M    binlog.000106
101M    binlog.000107
101M    binlog.000108
51M     binlog.000109
101M    binlog.000110
101M    binlog.000111
101M    binlog.000112
101M    binlog.000113
101M    binlog.000114
101M    binlog.000115
101M    binlog.000116
101M    binlog.000117
101M    binlog.000118
101M    binlog.000119
101M    binlog.000120
101M    binlog.000121
101M    binlog.000122
101M    binlog.000123
101M    binlog.000124
101M    binlog.000125
101M    binlog.000126
36M     binlog.000127
101M    binlog.000128
101M    binlog.000129
101M    binlog.000130
101M    binlog.000131
101M    binlog.000132
101M    binlog.000133
101M    binlog.000134
101M    binlog.000135
101M    binlog.000136
48M     binlog.000137
101M    binlog.000138
101M    binlog.000139
101M    binlog.000140
101M    binlog.000141
101M    binlog.000142
101M    binlog.000143
101M    binlog.000144
101M    binlog.000145
101M    binlog.000146
101M    binlog.000147
101M    binlog.000148
101M    binlog.000149
15M     binlog.000150
101M    binlog.000151
101M    binlog.000152
101M    binlog.000153
101M    binlog.000154
101M    binlog.000155
101M    binlog.000156
101M    binlog.000157
101M    binlog.000158
101M    binlog.000159
101M    binlog.000160
101M    binlog.000161
101M    binlog.000162
100M    binlog.000163
101M    binlog.000164
101M    binlog.000165
101M    binlog.000166
101M    binlog.000167
101M    binlog.000168
101M    binlog.000169
101M    binlog.000170
101M    binlog.000171
101M    binlog.000172
101M    binlog.000173
9.7M    binlog.000174
101M    binlog.000175
101M    binlog.000176
101M    binlog.000177
101M    binlog.000178
101M    binlog.000179
101M    binlog.000180
101M    binlog.000181
101M    binlog.000182
101M    binlog.000183
101M    binlog.000184
96M     binlog.000185
101M    binlog.000186
101M    binlog.000187
101M    binlog.000188
101M    binlog.000189
101M    binlog.000190
101M    binlog.000191
101M    binlog.000192
101M    binlog.000193
101M    binlog.000194
101M    binlog.000195
95M     binlog.000196
101M    binlog.000197
101M    binlog.000198
101M    binlog.000199
101M    binlog.000200
101M    binlog.000201
101M    binlog.000202
101M    binlog.000203
101M    binlog.000204
101M    binlog.000205
101M    binlog.000206
101M    binlog.000207
33M     binlog.000208
101M    binlog.000209
101M    binlog.000210
101M    binlog.000211
101M    binlog.000212
101M    binlog.000213
101M    binlog.000214
101M    binlog.000215
101M    binlog.000216
101M    binlog.000217
101M    binlog.000218
28M     binlog.000219
101M    binlog.000220
101M    binlog.000221
101M    binlog.000222
101M    binlog.000223
101M    binlog.000224
101M    binlog.000225
101M    binlog.000226
101M    binlog.000227
80M     binlog.000228
38M     binlog.000229
101M    binlog.000230
101M    binlog.000231
101M    binlog.000232
101M    binlog.000233
101M    binlog.000234
101M    binlog.000235
41M     binlog.000236
101M    binlog.000237
101M    binlog.000238
101M    binlog.000239
101M    binlog.000240
101M    binlog.000241
13M     binlog.000242
4.0K    binlog.index
45M     box
4.0K    ca-key.pem
4.0K    ca.pem
4.0K    client-cert.pem
4.0K    client-key.pem
0       debian-5.7.flag
192K    #ib_16384_0.dblwr
8.2M    #ib_16384_1.dblwr
8.0K    ib_buffer_pool
12M     ibdata1
48M     ib_logfile0
48M     ib_logfile1
12M     ibtmp1
804K    #innodb_temp

It looks like regular maintenance by running PURGE BINARY LOGS BEFORE '<some date>'; is expected. Does cloudron do this today?

This isn't an emergency so no rush (Happy Thanksgiving!). Thanks!

https://github.com/TheAxelander/OpenBudgeteer

OpenBudgeteer is a budgeting app based on the Bucket Budgeting Principle and inspired by YNAB and Buckets. The Core is based on .NET and the MVVM Pattern, the Front End uses Blazor Server.

Already dockerized, should be pretty easy to package for cloudron.

@girish Actually, with a couple improvements, CRON+API could be a wonderfully generalizable app management automation tool.

Three feature requests:

• Cloudron doc page on roles should mention the new App Operator role and describe its permissions
• Add a new environment variable inside each app container, CLOUDRON_APP_ID, which contains the id of the currently running app. This should apply to CRON as well
  • Note: CLOUDRON_API_ORIGIN is already supported
• Add a new CRON-only environment variable CLOUDRON_APP_OPERATOR_TOKEN which is a temporary "App Operator"-role token that is only valid for the current app and for the duration of the cron run.
  • Depending on how the CRON feature is implemented (is this the cron from inside the container or on the host?) this may not work exactly how I'm thinking.

With these features, this idea could be implemented much more generally:

# From this: (user must customize api domain, app id, and token)
curl -X POST https://my.example.com/api/v1/apps/appid/uninstall?access_token=apitoken
# To this: (this is ready to copy/paste for any app in any cloudron, but it stops instead of uninstalls)
curl -X POST $CLOUDRON_API_ORIGIN/api/v1/apps/$CLOUDRON_APP_ID/stop?access_token=$CLOUDRON_APP_OPERATOR_TOKEN

Thoughts?

I was able to help the project get their dockerfile off the ground so that it builds and runs with just docker, but it still has a ways to go. Here are some things I think would need to be improved before it would be suitable for cloudron:

• Reduce image size by copying binary results out of the build stages. This is a bit complex because the project is built with rust/wasm-pack and runs a wasm on the frontend, and uses haskell stack for the backend. I'm not familiar with doing docker optimizations with either of these technologies.
• Change the backend to save all data into a /data volume. This will require some changes in the haskell code.
• Get deps-only build steps working. This would be a nice-to-have for the devs to reduce build times after the first build (which can reach to 40min!), but this one isn't a deal breaker for cloudron. I tried, but it causes some compilation output issues so it was commented out for now.

The author was very nice and quite receptive to changes. If anyone else works on this you may want to just aim at getting them merged upstream.

I'd really like to see this too, but it appears that some work still needs to be done to factor out external dependencies / incidental implementation details from the current code.

This is the self-host umbrella issue, which has had some recent activity: https://github.com/excalidraw/excalidraw/issues/1772

Maybe you could disable the app from the inside with a cron job and then clean it up later at your leisure? I'm not exactly sure how you would stop or otherwise disable the app from within without triggering a restart, but maybe there's something in there.

https://docs.cloudron.io/apps/#cron

@robi @girish yeah that makes sense, use the VPS server for all email, apps on the home Cloudron that need to send outbound can use the same server with the setup described above.

Maybe I'm just being unreasonable, but I'd prefer to have email stored on the home server instead. Partially to shift more compute resources locally (the VPS can be cheaper), and partially for digital sovereignty reasons (e.g. a search warrant would be a knock on my front door, not a silent VM snapshot made by the provider under a gag order).

I guess the right term is "inbound email relay", and the more common reasons to use them are to improve uptime and do pre-filtering for spam. I remember setting this up doing local small business IT before everyone just switched to Office 365...

@girish cool thanks for writing up the details.

How do you manage inbound email? A catch-all would receive it all, but then it still has to be routed to individual users on the home server.

@robi Yes, it looks like outbound would be pretty straightforward to configure -- it's just SMTP. I'm most curious about how inbound forwarding could be achieved, I'm not sure I've ever seen that before, though I don't know why it wouldn't be possible.

I've been running Cloudron on a VPS (Linode) for a while, but recently purchased some hardware and I want to migrate to host apps at my home instead, with one exception: Email. Email is a bit different than web apps in that outbound deliverability relies a lot on IP reputation, which is not possible to maintain on a consumer ISP plan where your IP can change every time the modem reboots, and where whole residential ASNs are often blocked en masse.

I think I'd like to keep email flowing through the VPS and basically use it as a proxy to send and receive email. This way I can keep my current IP for email for $5/mo (cheaper than any business plan my ISP could offer), and use dynamic DNS to host plain web apps from my home internet.

1. Opinions on this idea in general? Good idea or no?
2. What should I run on the VPS system to act as a proxy for email?
3. Can Cloudron be configured to send/receive email through a remote proxy? If no, what changes would be needed to support this configuration?
4. Will using dynamic dns for Cloudron apps be a problem?

This might have come up on the forum before, but I was unable to find anything. Links to prior conversations on this topic would be appreciated.

https://github.com/austinvhuang/openmemex

OpenMemex is an open source, local-first knowledge integration platform (aka "second brain" or "knowledge garden") optimized for automation (including caching and indexing of content) as well as enabling neural network machine learning integrations.

This looks like a pretty neat entry in the ever-growing "second brain apps" arena. Some highlights:

• ... OpenMemex is fully functional as a self-hosted application.
• ... SQLite is the central data storage medium
• ... data is organized automatically by timestamp. Topical/conceptual connections can be automatically linked ...
• ... the focus is on automated persistence, retrieval, and (future work) optimizing compression/consumption of information over UI-heavy notetaking tools.

The author is honest about the status "The implementation is currently at functioning pre-alpha MVP maturity", but it may be something worth watching.

I might take a crack at packaging it for Cloudron.

@robi Good question, it seems thunderbird complains about the same thing, but allows you to override it:

After poking around for a bit it looks like the imap server is using an expired certificate. From thunderbird:

But the web server at my.example.com is using a cert with a valid time range:

Maybe the imap server didn't get restarted when the cert renewed?

I'm trying to connect the mail client built into the Vivaldi browser to my cloudron inbox but when I try to add the account I get this message:

(Note: In these examples, I'm changing my real domain for example.com; not that you couldn't guess it.) I'm using the configuration listed in my cloudron at: https://my.example.com/#/email/example.com :

Connection details for other email clients

Incoming Mail (IMAP)
Server: my.example.com
Port: 993 (TLS)

Outgoing Mail (SMTP)
Server: my.example.com
Port: 587 (STARTTLS)

Use mailboxname@example.com and the mailbox owner password to access mailboxes of this domain

The mail status page shows everything is green.

Any ideas?

Just to put my money where my mouth is, here is a formatted view of docker system df -v from one of my cloudrons which shows for each image what its "size", "shared size", and "unique size" is (I hope fits nicely):

REPOSITORY                                    SIZE      SHARED SIZE   UNIQUE SIZE
cloudron/org.navidrome.cloudronapp            2.212GB   2.176GB              36MB
cloudron/im.riot.cloudronapp                  2.223GB   2.176GB              47MB
cloudron/com.github.bitwardenrs               3.286GB   2.176GB            1110MB
cloudron/org.matrix.synapse                   2.555GB   2.176GB             379MB
cloudron/org.jupyter.cloudronapp              3.358GB   2.176GB            1183MB
cloudron/io.gitea.cloudronapp                 2.326GB   2.176GB             150MB
cloudron/github.pages.cloudronapp             2.286GB   2.176GB             109MB
cloudron/net.minecraft.cloudronapp            2.723GB   2.176GB             547MB
cloudron/org.fireflyiii.cloudronapp           3.269GB   2.176GB            1093MB
cloudron/com.docker.registry                  2.284GB   2.176GB             108MB
cloudron/mail                                 2.844GB   2.176GB             668MB
cloudron/sftp                                 2.194GB   2.176GB              18MB
cloudron/io.minio.cloudronapp                 2.236GB   2.176GB              59MB
cloudron/org.freshrss.cloudronapp             2.184GB   2.176GB               8MB
cloudron/postgresql                           2.343GB   2.176GB             167MB
cloudron/net.roundcube.cloudronapp            2.239GB   2.176GB              63MB
infogulch/promnesia-app                       2.224GB   2.176GB              48MB
cloudron/graphite                             2.246GB   2.176GB              70MB
cloudron/turn                                 2.182GB   2.176GB               5MB
cloudron/com.electerious.lychee.cloudronapp   2.248GB   2.176GB              72MB
cloudron/mysql                                2.495GB   2.176GB             318MB
cloudron/redis                                2.182GB   2.176GB               6MB
cloudron/mongodb                              2.299GB   2.176GB             122MB
infogulch/terminusdb-app                      3.331GB   2.176GB            1155MB
cloudron/org.radicale.cloudronapp2            2.187GB   2.176GB              11MB
cloudron/base                                 2.176GB   2.176GB                0B

You might notice that the "size" of every image is at least 2.1GB, but that 2.1 GB is shared between all the apps (namely, cloudron/base) because they all use the same base image. And I don't see any world where I wouldn't pay 2.1 GB to have every one of my images be useably-debuggable in case I needed it.

All this said, there may still be opportunities to reduce image sizes by using multi-stage builds to only copy release files (and not source code) to the final image -- but there's no reason for that final image to not be based on cloudron/base.

Notably, because most cloudron apps are built from the same base ubuntu image, the storage cost for the base image is only paid once for the whole server. Basically, after you install your first app, all the other apps get the easy development and debuggability that comes from building off of a full ubuntu for free. Hat tip to the design of docker layers.

In fact, this "giga image with all common deps"-design might consume less space than if you used fancy multi-stage builds to "compactify" the size of each individual app because the compaction comes at the cost of lost sharing which may be a net negative for the system as a whole. (Whether that's true in any particular case will depend on the apps you install; ymmv etc etc. The key is that all the apps really need to be running off of the same base image to get this benefit. By the way, if you're a dev just build off the official cloudron base image, its easier and actually consumes less storage.)

@girish said:

the images are optimized for developer time and admin time as opposed to the size

Choosing to optimize for dev/admin time is hands-down my favorite part of Cloudron. Between this and the sharing argument I made above it would take a lot of real image storage waste (i.e. don't be fooled by what docker images says, that doesn't account for shared layers) to get my vote for compacting app images.

@moocloud_matt As soon as someone comes in reporting a real case that their NIC is saturated and it's slowing down their server I'd be interested in pursuing a solution. I've never seen such a real case on these forums (though I may just be misinformed) so I'd have to tilt towards YAGNI until one appears.

Object storage is not magic, it's just data like everything else. If it's just used to serve file attachments for an app with 25 users I wouldn't expect it to be a bottleneck.

@moocloud_matt The number of servers that use a 1GB NIC and could saturate it because using a gateway doubles the bandwidth used to serve minio requests would probably fit on one hand if there are any at all. This concern is like a third or fourth level extrapolation, I don't think it's worth anyone's time to consider this eventuality right now.

@moocloud_matt I'm confused how "multiple Network Interface Card (NIC)" support is relevant here. Are you familiar with the minio gateways? They are orthogonal to networking configuration.

https://docs.min.io/docs/minio-gateway-for-s3.html

@girish Ok I asked and @tulir on #matrix:matrix.org said that we can just omit the "m.identity_server" server field entirely. Apparently it's used to map third party ids (email/phone) to matrix ids. But since we're using cloudron logins we can just omit it.

Also note that that field is not marked as required on the API docs page.

Hm, I'm not sure that the identity server is supposed to be pinned to vector.im... I'll see if someone on the matrix channel can chime in.

@nebulon said in Opt-in for Beta Updates:

manually checking for updates on your Cloudron will skip that rollout order and your Cloudron will see any pending update

Perhaps it would be a good idea to indicate on the update page that the user is currently on the latest stable release and that a particular manually checked update is a beta release and will opt them into the beta channel.

I would say what works brilliantly in Cloudron is the tight, seamless integration between the different components which enables admins to not have to think about huge problems like taking backups.

Good question, I'm not sure. I guess */server is for federation (server<->server), and */client is for clients (client->server).

Nice thanks for the Nextcloud example. I added it to the list in the OP.

Gateway mode would be wonderful but it also adds some complications, in particular if done incorrectly it could throw a spanner into the currently very clean backup/restore system which is actually my favorite Cloudron feature. With that in mind I would be happy to get a version-1 implementation that only supports the local filesystem configuration.

@nebulon Yes, the matrix server location is already filled in. I've been using Synapse+Riot client on my server for several months and it's been working great. Specifically, the */server endpoint is currently working correctly and serves data as expected from https://my-cloudron-domain/.well-known/matrix/server :

{"m.server":"matrix.my-cloudron-domain.com:443"}

Note the difference between the existing endpoint and the new one:

https://my-cloudron-domain/.well-known/matrix/server < existing, works great
https://my-cloudron-domain/.well-known/matrix/client < what this thread is about

I tried to log in via a new matrix client, Cinny, but login failed. Opening up the browser inspector I found that a GET request to https://my-cloudron-domain/.well-known/matrix/client was returning 404. /.well-known/matrix/client is a well known (pun intended) standard API endpoint used for server discovery. The matrix.org server serves at this endpoint:

{
    "m.homeserver": {
        "base_url": "https://matrix-client.matrix.org"
    },
    "m.identity_server": {
        "base_url": "https://vector.im"
    }
}

Cloudron already supports the /.well-known/matrix/server endpoint; I propose that support for the client endpoint is added as well.

I agree, the weakest part of this request is that there's only one somewhat-legitimate app use case for it in Outline (silly Notea..), and it doesn't seem very efficient to build an addon for just one app. Perhaps the community can scrounge up some additional examples of useful apps whose packaging for Cloudron was complicated or thwarted by the lack of s3.

---

I'm curious what you think about using Minio in gateway mode (#2 above). One apprehension that's preventing me from going all-in on using some media management apps (photos, videos, music) hosted on Cloudron is that I'm worried my server will run out of disk space; with externally-hosted object storage that problem is solved (with easy to grok pay-for-what-you-use billing). My guess is this is the reason why some apps are starting to lean towards object stores like s3.

Perhaps the best way to cut it is: v1 only supports local (disk) storage; if some proportion of users have a specific need for externally-hosted object stores then we cross that gateway bridge when we get there.

Some apps, especially recently, store and access data via an s3-compatible api. I think Cloudron should add s3 storage as a new addon that can be requested in CloudronManifest.json to better support packaging such apps.

Some potential apps that would use this addon:

• Outline
• Notea
• Nextcloud

Here are some numbered opinions so you can refer to (refute) them:

1. I think it should be implemented as a Minio server which is set up like the postgresql or mysql addons in that the one instance is configured automatically and can serve a number of different apps. Say, each app that has the s3 addon gets a new random bucket and creds for that bucket.
2. Ideally it can be configured in either local or gateway mode. Users can use local if there is enough storage on their server, or configure a gateway to point to any S3-compatible, Azure, or NAS service. Note that many service providers offer an S3-compatible storage API, so the list of supported providers is already much bigger than just those three, and includes hosts like Backblaze, Linode, DigitalOcean among many others.
3. Figuring out how backups should work will probably be the biggest issue. Here are a few potential solutions:
   a. Just clone / replicate the whole bucket on every backup. Might cost a lot of storage, but that's how backups work today so... See: Bucket Replication Guide
   b. Something-something object versions? Though it might be difficult to, say, take a snapshot of a whole bucket. Bucket Versioning Guide
   c. Minio contributors don't seem very receptive to the general idea of bucket-level shapshots. Taking Backups of MinIO #4398, Snapshots #9376
   d. Just don't support backups at all? (not a fan of this option, but it's technically an option)

Thoughts?

It seems there's a PR to get it to work with Gitea auth: https://github.com/outline/outline/pull/2134

Well it looks like it's possible to host Outline in docker, there is a docker compose file on github:

https://github.com/outline/outline/blob/main/docker-compose.yml

Notably, it uses postgres, redis, and an s3 api.

Automate your personal finances – for free, with no ads, and no data collection.

https://github.com/kevinschaich/mintable#quickstart

Mintable is a tool that uses Plaid (by default) to automatically collect your historical banking transactions and export it for consumption in google sheets or otherwise via CSV. An integration with firefly would be neat.

Agree this would be great. More insights into applications would be nice

I just noticed that git is available from the terminal, which solves my immediate problem, though I am still interested in how to use extensions.

The JupyterHub app allows you to install extensions, such as jupyterlab-git.

When I select to install the extension and trigger a rebuild (required apparently), the rebuild fails, and suggests to run it manually with jupyter lab build.

jovyan@5a04ce7f0bf2:~$ jupyter lab build
[LabBuildApp] JupyterLab 3.0.15
[LabBuildApp] Building in /opt/conda/share/jupyter/lab
[LabBuildApp] Building jupyterlab assets (production, minimized)
Build failed.
Troubleshooting: If the build failed due to an out-of-memory error, you
may be able to fix it by disabling the `dev_build` and/or `minimize` options.

If you are building via the `jupyter lab build` command, you can disable
these options like so:

jupyter lab build --dev-build=False --minimize=False

You can also disable these options for all JupyterLab builds by adding these
lines to a Jupyter config file named `jupyter_config.py`:

c.LabBuildApp.minimize = False
c.LabBuildApp.dev_build = False

If you don't already have a `jupyter_config.py` file, you can create one by
adding a blank file of that name to any of the Jupyter config directories.
The config directories can be listed by running:

jupyter --paths

Explanation:

- `dev-build`: This option controls whether a `dev` or a more streamlined
`production` build is used. This option will default to `False` (i.e., the
`production` build) for most users. However, if you have any labextensions
installed from local files, this option will instead default to `True`.
Explicitly setting `dev-build` to `False` will ensure that the `production`
build is used in all circumstances.

- `minimize`: This option controls whether your JS bundle is minified
during the Webpack build, which helps to improve JupyterLab's overall
performance. However, the minifier plugin used by Webpack is very memory
intensive, so turning it off may help the build finish successfully in
low-memory environments.

An error occured.
RuntimeError: JupyterLab failed to build
See the log file for details:  /tmp/jupyterlab-debug-dk5alq3x.log

Printing the logs shows:

jovyan@5a04ce7f0bf2:~$ cat /tmp/jupyterlab-debug-dk5alq3x.log
[LabBuildApp] Building in /opt/conda/share/jupyter/lab
[LabBuildApp] Node v15.14.0

[LabBuildApp] Yarn configuration loaded.
[LabBuildApp] Building jupyterlab assets (production, minimized)
[LabBuildApp] > node /opt/conda/lib/python3.9/site-packages/jupyterlab/staging/yarn.js install --non-interactive
[LabBuildApp] yarn install v1.21.1
[1/5] Validating package.json...
[2/5] Resolving packages...
success Already up-to-date.
Done in 1.18s.

[LabBuildApp] > node /opt/conda/lib/python3.9/site-packages/jupyterlab/staging/yarn.js yarn-deduplicate -s fewer --fail
[LabBuildApp] yarn run v1.21.1
$ /opt/conda/share/jupyter/lab/staging/node_modules/.bin/yarn-deduplicate -s fewer --fail
Done in 0.81s.

[LabBuildApp] > node /opt/conda/lib/python3.9/site-packages/jupyterlab/staging/yarn.js run build:prod:minimize
[LabBuildApp] yarn run v1.21.1
$ webpack --config webpack.prod.minimize.config.js

<--- Last few GCs --->

[281:0x56120a659a50]    43888 ms: Scavenge 248.8 (257.5) -> 248.4 (257.5) MB, 1.9 / 0.0 ms  (average mu = 0.501, current mu = 0.333) allocation failure 
[281:0x56120a659a50]    43897 ms: Scavenge 248.8 (257.5) -> 248.6 (258.0) MB, 2.8 / 0.0 ms  (average mu = 0.501, current mu = 0.333) allocation failure 
[281:0x56120a659a50]    44272 ms: Mark-sweep 249.5 (258.0) -> 248.8 (259.0) MB, 361.5 / 0.0 ms  (average mu = 0.363, current mu = 0.115) allocation failure scavenge might not succeed


<--- JS stacktrace --->

FATAL ERROR: MarkCompactCollector: young object promotion failed Allocation failed - JavaScript heap out of memory
 1: 0x7f6679728ed9 node::Abort() [/opt/conda/bin/../lib/libnode.so.88]
 2: 0x7f6679619e37 std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > node::SPrintFImpl<int&, char const*>(char const*, int&, char const*&&) [/opt/conda/bin/../lib/libnode.so.88]
 3: 0x7f6679ae9442 v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [/opt/conda/bin/../lib/libnode.so.88]
 4: 0x7f6679ae971b v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [/opt/conda/bin/../lib/libnode.so.88]
 5: 0x7f6679caef36  [/opt/conda/bin/../lib/libnode.so.88]
 6: 0x7f6679ce37a4  [/opt/conda/bin/../lib/libnode.so.88]
 7: 0x7f6679ced83d void v8::internal::LiveObjectVisitor::VisitBlackObjectsNoFail<v8::internal::EvacuateNewSpaceVisitor, v8::internal::MajorNonAtomicMarkingState>(v8::internal::MemoryChunk*, v8::internal::MajorNonAtomicMarkingState*, v8::internal::EvacuateNewSpaceVisitor*, v8::internal::LiveObjectVisitor::IterationMode) [/opt/conda/bin/../lib/libnode.so.88]
 8: 0x7f6679cf4b6d v8::internal::FullEvacuator::RawEvacuatePage(v8::internal::MemoryChunk*, long*) [/opt/conda/bin/../lib/libnode.so.88]
 9: 0x7f6679cdc334 v8::internal::Evacuator::EvacuatePage(v8::internal::MemoryChunk*) [/opt/conda/bin/../lib/libnode.so.88]
10: 0x7f6679cdc60a  [/opt/conda/bin/../lib/libnode.so.88]
11: 0x7f6679cccf35 v8::internal::ItemParallelJob::Task::RunInternal() [/opt/conda/bin/../lib/libnode.so.88]
12: 0x7f6679ccd321 v8::internal::ItemParallelJob::Run() [/opt/conda/bin/../lib/libnode.so.88]
13: 0x7f6679ceea8f void v8::internal::MarkCompactCollectorBase::CreateAndExecuteEvacuationTasks<v8::internal::FullEvacuator, v8::internal::MarkCompactCollector>(v8::internal::MarkCompactCollector*, v8::internal::ItemParallelJob*, v8::internal::MigrationObserver*, long) [/opt/conda/bin/../lib/libnode.so.88]
14: 0x7f6679cf35b5 v8::internal::MarkCompactCollector::EvacuatePagesInParallel() [/opt/conda/bin/../lib/libnode.so.88]
15: 0x7f6679cf38dd v8::internal::MarkCompactCollector::Evacuate() [/opt/conda/bin/../lib/libnode.so.88]
16: 0x7f6679d106ce v8::internal::MarkCompactCollector::CollectGarbage() [/opt/conda/bin/../lib/libnode.so.88]
17: 0x7f6679cc1ae5 v8::internal::Heap::MarkCompact() [/opt/conda/bin/../lib/libnode.so.88]
18: 0x7f6679cc22e9 v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) [/opt/conda/bin/../lib/libnode.so.88]
19: 0x7f6679cc2a5a v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [/opt/conda/bin/../lib/libnode.so.88]
20: 0x7f6679cc5d2d v8::internal::Heap::AllocateRawWithLightRetrySlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [/opt/conda/bin/../lib/libnode.so.88]
21: 0x7f6679cc5d95 v8::internal::Heap::AllocateRawWithRetryOrFailSlowPath(int, v8::internal::AllocationType, v8::internal::AllocationOrigin, v8::internal::AllocationAlignment) [/opt/conda/bin/../lib/libnode.so.88]
22: 0x7f6679c8af6b v8::internal::Factory::NewFillerObject(int, bool, v8::internal::AllocationType, v8::internal::AllocationOrigin) [/opt/conda/bin/../lib/libnode.so.88]
23: 0x7f6679fed92c v8::internal::Runtime_AllocateInYoungGeneration(int, unsigned long*, v8::internal::Isolate*) [/opt/conda/bin/../lib/libnode.so.88]
24: 0x7f667995f3f9  [/opt/conda/bin/../lib/libnode.so.88]
Aborted (core dumped)
error Command failed with exit code 134.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

[LabBuildApp] JupyterLab failed to build
[LabBuildApp] Traceback (most recent call last):

[LabBuildApp]   File "/opt/conda/lib/python3.9/site-packages/jupyterlab/debuglog.py", line 47, in debug_logging
    yield

[LabBuildApp]   File "/opt/conda/lib/python3.9/site-packages/jupyterlab/labapp.py", line 166, in start
    raise e

[LabBuildApp]   File "/opt/conda/lib/python3.9/site-packages/jupyterlab/labapp.py", line 162, in start
    build(name=self.name, version=self.version,

[LabBuildApp]   File "/opt/conda/lib/python3.9/site-packages/jupyterlab/commands.py", line 469, in build
    return handler.build(name=name, version=version, static_url=static_url,

[LabBuildApp]   File "/opt/conda/lib/python3.9/site-packages/jupyterlab/commands.py", line 678, in build
    raise RuntimeError(msg)

[LabBuildApp] RuntimeError: JupyterLab failed to build

[LabBuildApp] Exiting application: JupyterLab

This seems to indicate that it runs out of memory during the rebuild. I increased the app memory usage in cloudron to 1G and also set c.Spawner.mem_limit = '1G', then restarted both the app and the notebook 'server' from the control panel, but neither of those actions changed the outcome.

Thoughts?

I began packaging up this app with a custom Dockerfile (though the project does have its own dockerfile).

You can find the source at: https://source.infogulch.com/infogulch/promnesia-app though it is just barely running.

I have published the app package to my docker hub repo at infogulch/promnesia-app:v1.0.20210415-4

You may be well served by reviewing the app's own install docs from the README.md, or the users guide.

As for the cloudron integration, these are the steps that worked for me (I just got it working for the first time moments ago so...):

1. Install the server component with:

   cloudron install -l subdomain --image infogulch/promnesia-app:v1.0.20210415-4
   

2. Then login to authenticate with proxyauth at the subdomain you choose to install it. The https://promnesia.my.example.com/status endpoint displays a short JSON status (the app is not designed to be interacted with from the web)

3. Install the extension.

4. Go to extension options and set the "Backend source" url to your domain, (e.g. https://promnesia.my.example.com)

It seems that logging into the app in the browser enables the extension to authenticate correctly. (This makes me want to critically review which extensions I have installed .)

https://beepb00p.xyz/promnesia.html

Promnesia is a browser extension (Chrome/Firefox/Firefox mobile) that serves as a web surfing copilot by enhancing your browsing history, improving your web exploration experience, and integrating with your knowledge base.

Promnesia is a pretty neat idea that I've been eyeing for a while. The idea is to track your own browser history in more detail, including annotations, bookmarks, context, etc, and presenting it on each page as you browse.

The architecture is a browser extension as the primary UI, plus a server backend that typically runs locally.

Source: https://github.com/karlicoss/promnesia

@girish I think that would be a good change.

I also think I should have gone through the Troubleshooting document sooner :

https://docs.cloudron.io/troubleshooting/

Thanks!

And after starting the mail container, I was able to disable solr.

Everything seems to be back online again. Thanks for your help.

My guess is that some general slowness (perhaps due to memory overcommit and swap?) was preventing the mail app from responding to queries about its status, which I percieved as "the button didn't show up".

@girish df -h shows 23G Avail, so I suppose it's not a full disk.

systemctl status mysql showed

● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Sun 2021-05-09 20:01:10 UTC; 22h ago

systemctl start mysql brought the admin page back up.

mail container is stopped, after systemctl restart box the logs transitioned from

2021-05-10T18:04:40.001Z box:apphealthmonitor run: could not check app health. connect ECONNREFUSED 127.0.0.1:3306
Box GET /api/v1/cloudron/status 500 Internal Server Error connect ECONNREFUSED 127.0.0.1:3306 1.351 ms - 217
Box GET /api/v1/cloudron/status 500 Internal Server Error connect ECONNREFUSED 127.0.0.1:3306 1.692 ms - 217
Box GET /api/v1/cloudron/status 500 Internal Server Error connect ECONNREFUSED 127.0.0.1:3306 2.145 ms - 217
Box GET /api/v1/cloudron/status 500 Internal Server Error connect ECONNREFUSED 127.0.0.1:3306 2.381 ms - 217
2021-05-10T18:04:50.002Z box:apphealthmonitor run: could not check app health. connect ECONNREFUSED 127.0.0.1:3306
Box GET /api/v1/cloudron/status 500 Internal Server Error connect ECONNREFUSED 127.0.0.1:3306 1.853 ms - 217

... into this:

2021-05-10T18:04:51.732Z box:box Received SIGTERM. Shutting down.
2021-05-10T18:04:51.733Z box:tasks stopTask: stopping all tasks
2021-05-10T18:04:51.734Z box:shell stopTask spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/stoptask.sh all
2021-05-10T18:04:56.425Z box:server ==========================================
2021-05-10T18:04:57.946Z box:server ==========================================
2021-05-10T18:04:59.324Z box:server ==========================================
2021-05-10T18:05:00.540Z box:server ==========================================
2021-05-10T18:05:02.024Z box:server ==========================================

Which if I tail the log it is still printing every second or so.

However the my. admin page is still returning a 503.

@girish I'm saying the button was missing entirely. There was no button.

the button to open the config dialog was just missing.

Edit: to be clear, the screenshot above came directly from the cloudron.io docs pages, sorry if that was confusing.

And I can't get to the admin page right now because it's been down since this occurred.

@nebulon There was no checkbox. The email config page said that solr was enabled, but the button to open the config dialog was just missing.

This button was just absent:

@BrutalBirdie I'm referring to the Full Text Search feature in Email settings which is powered by Solr.

I enabled Solr to try it out, but using 3GB is a bit much on my 4GB server and a bunch of my apps started crashing with OOM errors, so I need to disable it. I didn't see the option to disable it in mail settings, so I lowered the mail memory down to 512MB, which (perhaps predictably) caused even more problems and now the box app is not responding at all.

I'm able to ssh into the server, but neither the cloudron web app nor cli works and instead gives "Login failed: Status code: 500 message: connect ECONNREFUSED 127.0.0.1:3306".

Any ideas to un-f*** myself?

@girish I'm not sure. It is intended to support image and other media uploads, so perhaps they're looking at long term consumption with such media. There is an open issue about it, and user diamkil seems to be pursuing the bundled-minio image strategy. The reddit thread mentions local storage throughout.

The current storage provider implementation seems to serve files by providing the client an s3-style signed url. Perhaps a new provider could be written that provides a file url that just points to the server itself, I guess requests would be authenticated by the usual domain cookies.

That's a neat thing about catching a project in the early stages: easy feature requests are likely to be accepted. I updated to the latest version and adjusted how the image is built. The updated docker image is now at infogulch/notea-app:0.0.1-9.

This works with proxyauth, but I'm not sure if my minio config is working correctly. I wonder if it would be a good idea to just package up minio with this app in the same image...

@girish Wow that console UI looks great. Based on the publish date of that article and the current release tag on the console (0.7.0) it seems that it's a pretty new project. As far as being separate I can imagine wanting to have a very lightweight UI for the storage device itself and running the full-featured UI separately, especially if they're targeting k8s-like deployments.

I started a cloudron app package for Notea, you can find the source here: https://source.infogulch.com/infogulch/notea-app If anyone wants to try it, the docker image for this source is infogulch/notea-app:0.0.1-6.

I did run into some trouble after getting it to start successfully:

• I'm using a minio instance on the same cloudron as the data store for Notea since it doesn't support local file storage directly. This means that it's a bit awkward to configure; after installing the app, open the terminal and edit /app/data/env.sh to add the s3/minio backend storage config, then restart the app.
• I used proxyAuth because I think it's the bees knees but that mostly just caused me extra problems because the notea app implements authentication itself and redirects to /login which obviously doesn't work very well with proxyauth. I did open an issue to request an option to disable the login page.
  • In the meantime, it would probably be more expedient to relent and disable proxyAuth, and use notea's built-in authentication which is just a password configured by setting the PASSWORD env var in env.sh

Minio auth configuration seems to be rather awkward. It appears to have pretty decent support for LDAP authentication: https://github.com/minio/minio/blob/master/docs/sts/ldap.md

Do you think it would be a good idea to enable this?

I'm gonna try to package it up for Cloudron this evening and report back here with my results.

Notea / https://github.com/QingWei-Li/notea

Self hosted note taking app stored on S3. Notea is a privacy-first, open-source note-taking application. It supports Markdown syntax, sharing, responsive and more.

Brought to my attention by @yusf on Notion-like FOSS app thread.

@yusf Nice find! That looks ready to package up today.

@girish No, I don't have a lot of experience with postgresql. The strategy you describe aligns with my understanding of mysql's philosophy, but postgresql seems to require admins be more explicit. E.g. granting permissions to an arbitrary quoted LIKE pattern is documented in mysql, but postgresql's GRANT docs don't mention anything of the like and look like they require the specific object to exist (by nature of being a valid identifier) before granting permissions. Though I could be mistaken.

@girish Perhaps a specific implementation of this would allow the postgresql addon manifest to indicate the number of databases required (default: 1) to provide to the app. And then CLOUDRON_POSTGRESQL_DATABASE could be a comma-separated list of db names?

That seems to be the most flexible nearby strategy. That wouldn't solve an app that needs a variable number of databases (like a db per user or something), but that use-case seems pretty exotic imo. Anyways, just ideas.

@girish Yes that's what I meant, thanks!

@girish Do you think it would be a good idea to document or link to this customization in particular in the Gitea docs?

@d19dotca Perhaps even a per-app option, as in "Check for spam sent from this app."

https://github.com/valeriansaliou/sonic

🦔 Fast, lightweight & schema-less search backend. An alternative to Elasticsearch that runs on a few MBs of RAM.

Lightweight as in their single-thread benchmark which indexed 1M records and sustained 1k rps search traffic never went above 28MB ram (!). There are some limitations: it's schemaless and only supports integer keys, so it may need to be paired with some other data store to replace solr (depending on which features are used^), but if possible it would allow virtually all users to enable email FTS regardless of their server memory capacity. The sonic-channel nodejs library describes the api.

As a data point, sonic is used by ArchiveBox to provide FTS features to archived pages. ArchiveBox is on the App Wishlist.

^ I was gonna look into this myself, but I wasn't able to find the mail app on cloudron git, am I blind or is it not published?

The dockerfile looks a bit involved, but it exposes some very handy ENV vars to customize the directories and user. An initial implementation might just override those and build using the project's own dockerfile.

@murgero said in Code Server (Vs code online):

code-server natively supports this already ... https://fqdn-of-app/proxy/portNumber

Oh neat, I'm glad they landed on that, that's a good solution. Perhaps a proxyAuth implementation should exclude the proxy path with something like "proxyAuth": { "path": "!/proxy" }.

Perhaps this is a bit to early to worry about, but at some point we might consider restricting the app proxy's access to cloudron cookies with domain or path parameters.