Vaultwarden fails to start after update – DB migration error (SSO)

@james said in Vaultwarden fails to start after update – DB migration error (SSO):

Hello @archos
I think, I have the same issue.
This is the log:

[2025-12-29 19:23:43.075][panic][ERROR] thread 'main' panicked at 'Error running migrations: QueryError(DieselMigrationName { name: "2024-03-06-170000_add_sso_users", version: MigrationVersion("20240306170000") }, DatabaseError(Unknown, "Referencing column 'user_uuid' and referenced column 'uuid' in foreign key constraint 'sso_users_ibfk_1' are incompatible."))': src/db/mod.rs:505

And seems to be already reported upstream: https://github.com/dani-garcia/vaultwarden/issues/6611

---

EDIT:
I followed the guided instructions and was able to fix it => https://github.com/dani-garcia/vaultwarden/wiki/Using-the-MariaDB-(MySQL)-Backend#foreign-key-errors-collation-and-charset

be sure to replace "vaultwarden" in the SQL querries with your cloudron database name.

I experienced the exact same issue when upgrading to the latest version. I managed to resolve it following @james's suggestion.

Here is a recap of the step-by-step process I executed, which might help others:

• 1. Enter Recovery Mode
     Go to the Cloudron dashboard and enable Recovery Mode for your Vaultwarden application.
• 2. Access the MySQL Database
     Open the application Terminal and click the MySQL button to access the database console..
• 3. Identify the Vaultwarden Database Name
     Run the following command to see the list of databases:

SHOW DATABASES;

Note the database name that appears (it is usually a random string like 9121d...). You will need this for the next steps.

• 4. Change the Database Charset

Replace YourDatabaseVaultwarden in the command below with the actual database name retrieved in Step 3, then run:

ALTER DATABASE `YourDatabaseVaultwarden` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 

• 5. Generate Table Modification Commands
     Run this query to generate the specific ALTER TABLE commands for your existing tables:

SELECT CONCAT('ALTER TABLE `', TABLE_NAME,'` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;') 
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_SCHEMA="YourDatabaseVaultwarden"
AND TABLE_TYPE="BASE TABLE";

Copy the output generated by this command. You can paste this list into ChatGPT or Gemini and ask it to format it for the next step (wrapping it between the foreign key check commands).

• 6. Execute the Final Fix
     The final command block should follow this structure:

SET foreign_key_checks=0;
-- Copy/Paste the output from above here
SET foreign_key_checks=1;

If you are unsure about the formatting, I simply copied the raw table list from the terminal in Step 5 and asked an AI to format it into valid MySQL syntax using the structure above.

Here is an example of what the final command looks like (Note: Do not copy-paste the specific table list below; use the one generated from your own database in Step 5, as your tables might differ):

SET foreign_key_checks=0;
ALTER TABLE `__diesel_schema_migrations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `attachments` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `ciphers_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `devices` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `emergency_access` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `favorites` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `folders_ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `folders` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `invitations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `org_policies` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `sends` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `twofactor_incomplete` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `twofactor` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users_organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
SET foreign_key_checks=1;

Once you have adapted the command to your specific tables, execute it in the MySQL terminal.

Finally, disable Recovery Mode and restart your Vaultwarden app. Hopefully, this serves as a solution for you as well.

Apologies if there are any technical inaccuracies; I utilized AI to guide me through this solution, and thankfully, it worked perfectly.

Thanks,
Regards

After doing more research on this email topic, I’ve gained some very useful insights.

As mentioned earlier by @andreasdueren, the ActiveSync support is a strong point for SOGo.

I also took note of @fbartels’s comment that Roundcube generally feels faster and lighter compared to the Mail app in Nextcloud.

To better understand the security aspect, I asked ChatGPT and Gemini about Roundcube vs SOGo.

Based on their answers and some public vulnerability data, the rough conclusion I got is:

• SOGo appears to be “more secure” than Roundcube if we look purely at the frequency and severity of reported vulnerabilities,
• For example, there have been fewer recent high‑impact issues (such as major RCE vulnerabilities) publicly associated with SOGo than with Roundcube.

Do you agree with this assessment, or is there important context I might be missing?

Thank you again for all the insights shared so far. They’ve been very helpful.

Hi everyone,

I’d like to ask for some opinions and experiences regarding email apps on Cloudron.

If you already have Nextcloud installed on your server, do you also install a separate webmail app such as SOGo or Roundcube on the same Cloudron instance?

I noticed that Nextcloud has a Mail app that can integrate with Cloudron’s email system. Because of this, I’m wondering:

• What are the reasons or advantages for still installing SOGo or Roundcube
  when Nextcloud already provides email functionality?
• Are there any limitations or issues with Nextcloud Mail that make SOGo or Roundcube a better choice in some situations?

I’m looking for different points of view because I’m not yet fully familiar with the pros and cons of each approach.

Any recommendations, example setups, or best practices from your own deployments would be very helpful.

Thank you in advance for your insights.

Best regards.

@james said in New Cloudron Docs Framework - Requesting feedback:

Docusaurus

Thank you, James. I really appreciate the useful tips from the forum thread compilations and the additional details on the documentation website.

I have a suggestion regarding the filter function in Cloudron.

Would it be possible to improve the current filter so that we can save filter presets and access them later from the dashboard?

Right now, filters are temporary. Once we move to another page or refresh, the filter is lost, and we have to set it up again.

What I’m imagining is something like this:

• We define a filter based on certain criteria (for example:
  • only show apps on a specific domain,
  • that have updates available,
  • and include a particular tag).
• Then we can save this filter with a name (e.g. “Client A – apps with pending updates”).
• Later, we can quickly select this saved filter from a dropdown or sidebar and apply it with a single click.

Possible use cases:

• Quickly checking which apps for a specific client or domain need updates
• Grouping apps by tags (e.g. production, staging, internal tools) and switching views easily
• Having different saved views for different admins or workflows

A simple “Save filter” / “Manage saved filters” option on the dashboard would already make daily management much easier, especially for users handling many apps and domains.

I hope this feature can be useful for others as well.

Thank you.
Regards.

@joseph said in Add Bulk Start/Stop Controls for Multiple Apps:

The last time I brought this up, the idea was to bring to the list view (but not Grid view). Especially updating multiple apps is a pain if you are updating manually.

If I am not mistaken, the Grid view and the List view on NextCloud (when viewing files) can be selected simultaneously. Maybe the same technology can be implemented?

@joseph said in Show Server Time Information in the Cloudron Server Menu:

The server timezone is always UTC no? Or do you want System -> Settings to also be shown in Server page?

Maybe the current time can be shown on Server > System Information

It displays like:
Current server time: 2025-12-19 14:32
Timezone: Europe/Berlin (UTC+1)

@jdaviescoates said in Add Bulk Start/Stop Controls for Multiple Apps:

Personally I'd like to be able to update lots of apps like this too.

Yes, I agree with you. It's like an update feature, theme, or plugin in WordPress. We're able to update many of the apps in bulk

I’d like to suggest a feature to start or stop multiple apps at once.

At the moment (please cmiiw), if we want to stop an app, we have to open the app’s settings and then click the Stop/Running button for each app individually.

This works, but it can be time‑consuming when managing many apps.

It would be very helpful if Cloudron provided a way to:

• Select multiple apps from the app list (for example with checkboxes), and
• Perform actions on all selected apps at once, such as:
  • Stop apps
  • Start/Restart apps
  • (Optionally) Recovery mode or Task error

Some possible use cases:

• Temporarily stopping a group of non‑critical apps during maintenance or server load issues
• Quickly bringing multiple apps back online after maintenance
• Managing apps across different clients or projects more efficiently

This bulk action feature would save a lot of clicks and time, especially for users hosting many apps on a single Cloudron instance.

Thank you for considering this suggestion, and thanks again for all the work on Cloudron.

Best Regards.

I’d like to suggest adding a small piece of information to the Server menu: the current server time and timezone.

When I move to a new hosting provider, I often forget whether I have already adjusted the server time settings or not.

If Cloudron showed the current server time and timezone directly in the Server section, I could immediately see whether the server is still using the hosting provider’s default timezone or if it has already been changed to my own country’s timezone.

Even a simple read‑only display like:

• Current server time: 2025-12-19 14:32
• Timezone: Europe/Berlin (UTC+1)

would help a lot. This could:

• Reduce confusion when checking logs, backups, and scheduled tasks (cron, app restarts, etc.)
• Help ensure that all time‑based operations are aligned with the admin’s local time
• Make it easier to verify the configuration quickly after migrating to a new server

I believe this little detail could be very helpful for many users.

Thank you for considering this suggestion and for all the work you put into improving Cloudron.

I really like the new menu design in the latest Cloudron release. The layout feels very similar to Cloudflare; it’s cleaner, easier to navigate, and it makes switching between sections noticeably faster.

Would it be possible to bring a similar structure and usability improvements to the File Manager as well?

Right now, the File Manager works fine, but compared with something like the cPanel file manager, navigation could be more flexible. For example, cPanel offers:

• A collapsible folder tree on the left, so you can quickly jump between directories without repeatedly going “up” and “down” the path
• Clear information about each item, such as:
  • File permissions (e.g., 0644, 0755)
  • File type (file, directory, symlink, etc.)
  • Optional metadata like size and last modified time, all in one view

Having a similar folder-tree view and basic file details directly visible in Cloudron’s File Manager would make it much easier to manage files.

Some ideas that might fit well with the new UI direction:

• Left-hand sidebar with an expandable folder tree.
• Main panel showing:
  • Name
  • Type (file/folder)
  • Size
  • Last modified
  • Permissions/owner (even read‑only would already be very helpful)

Thank you for all the work on the new UI, it’s a great step forward already.

@humptydumpty I think if Cloudron has passkey features, the YubiKey could be used on the SSH service and Cloudron.

I’d like to suggest an enhancement to the mailing list feature in Cloudron.

Would it be possible to add:

1. A “Tag” field, so each mailing list can be labeled with simple tags (e.g., “internal”, “customers”, “project-X”, “billing”).

This would make it easier to:

• Group mailing lists by purpose or department
• Quickly filter or search mailing lists based on these tags
• Keep large numbers of mailing lists more organized

2. A “Notes” or “Description” field, so we can add a short explanation for each mailing list, for example:

• What the list is used for
• Who should be added or not added
• Any specific rules or context

These two fields could be very helpful for admins managing many mailing lists, especially over time or across multiple domains and teams.

They would also make it easier for new admins to understand the existing setup without guessing from the mailing list name alone.

I hope this suggestion can be considered for a future Cloudron update. Thank you.

I recently installed Bitwarden on my Cloudron instance, and it got me thinking.

Would it be possible to use existing passkeys, either those stored in Bitwarden or on a smartphone, to replace manually entering 2FA codes?

The idea is to make the sign-in process faster and more convenient, for example, by using a fingerprint or device-based passkey instead of typing in an authentication code every time.

I believe this could improve both security and user experience, and I hope this idea can be considered and potentially implemented in Cloudron.

@d19dotca thank you for the present, I will try in my Cloudron.

@d19dotca is it just copy and paste to Cloudron, right? Thank you for the sharing

@nebulon I just want to subscribe without log in first, it makes the process easier and shorter.

@robi yes it can be, clickable qr code or qr code for payment to renewal.

@nebulon said in Show Subscription Expiry Date and Add One-Click Renewal Button:

For the direct action to renew, this would be nice indeed, but this is hard as we have designed the Cloudron to be as decoupled as possible from cloudron.io . In this case we do not really want the Cloudron to stash login tokens for the cloudron.io user as such and we probably cannot rely on an active login session of the current browser used. But maybe we can come up with something smart here in the future.

I got this idea from how Sendy handles license updates, where users can get the latest updates simply by entering their license key.

https://sendy.co/get-updated?l=XXX

So I was wondering if something similar could be possible for Cloudron.

For example, maybe we could just copy and paste our existing Cloudron ID into a URL, similar to the example above, proceed with the payment, and then the invoice and service would automatically activate.

Or perhaps there’s another faster and more efficient solution that doesn’t require logging in to console.cloudron.io. I’m not entirely sure. Hehe

Thank you!
Regards.

@girish Thank you, girish for the update!

@joseph Yes, I am trying to follow the documentation but its still error