Cloudron documentation outdated? Bitwarden now supports SSO

@joseph I just tested, and now I can use the SSO login. Thank you @james and @vladimir.d

I came across Safeline through a Meta Ads. The ad was run by a web dev based in Indonesia who offers a course on how to secure WordPress websites against hacking.

After reviewing the course modules listed on the landing page, I noticed that Safeline was mentioned and that it can be integrated with Cloudflare.

This caught my interest, so I decided to do some research.

I then looked into third-party benchmarks and evaluations of Safeline’s protection capabilities and found the following articles:

• https://dev.to/carrie_luo1/the-6-best-web-application-firewalls-compared-2024-1d9l
• https://medium.com/@tvvzvpb186/which-open-source-waf-really-delivers-a-head-to-head-benchmark-37631e08fb7f

Based on the benchmark data presented in those articles, Safeline appears to perform well in blocking common web application attacks.

That said, this is purely based on third-party analysis. I have not personally used Safeline in a production environment yet.

I should also mention that I am not an IT developer or sysadmin by profession. My background is primarily in digital marketing, so I fully understand that many people in this forum have far deeper technical expertise than I do.

That said, I find Safeline interesting due to its feature set and open-source offering, which prompted me to explore it further and request the app here.

• Main Page: https://github.com/chaitin/safeline

• Git: https://github.com/chaitin/safeline

• Licence: GPL-3.0 license

• Dockerfile: ?

• Demo: https://ly.safepoint.cloud/hSMd4SH

• Summary

Safeline is a self‑hosted Web Application Firewall (WAF) designed to sit in front of your web applications and shield them from a wide range of web attacks and exploits. Acting as a reverse proxy, Safeline inspects, filters, and monitors HTTP(S) traffic before it ever reaches your apps.

• Alternative to / Similar tools

Safeline can be seen as an alternative or complement to:

• Cloudflare WAF / other SaaS WAFs

• ModSecurity / OWASP Core Rule Set

• NAXSI

• Imperva, F5 WAF, etc. (commercial solutions)

• Screenshots

@7dowWilkes If I am not mistaken, you can configure it from the DNS level, let's say you're using Cloudflare, so you don't have to create an app to handle MTA-STS for your email. CMIIW.

@p44

@p44 said in Indonesian (Bahasa Indonesia) Translation for Cloudron Is Now 100% Complete:

@IniBudi Very very good news. I wish your efforts brings Cloudron to expand to Indonesian users.

Yes, hopefully, it will bring Indonesian users to use Cloudron as their server and app management.

If the community becomes bigger I hope we can create offline meetup in Indonesia.

Thank you @p44 and @nebulon

I really love all the features here.

@m-si said in Is there a possibility in cloudron to propagate a mta-sts policy?:

Recently I played arround, to improve e-mail security with MTA-STS. I was able to simply use surfer app to publish the mta-sts.txt file and set up the necessary DNS entries. But the solution is somewhat clunky, so may be it might be an easy win @girish , to make this directly possible through cloudron ui, until we implement DANE into cloudron.

Steps to reproduce working MTA-STS setup in cloudron useing surfer app

1. setup surfer app at the following subdomain mta-sts.<DOMAIN.TLD>

2. make folder .well-known inside folder public

3. create mta-sts.txt

version: STSv1
mode: enforce
max_age: 86400
mx: mail.<DOMAIN.TLD>

(where any mail server which it should belong should have an entry. I'am not quite shure wethere we need mx: my.<DOMAIN.TLD> as well, but for the tests the above has been sufficient.)

4. set up following DNS records

_mta-sts in TXT v=STSv1; id=20221123132400Z

(where the id is a simple Timestamp or a uniq number to identify the entry)

_smtp._tls in TXT v=TLSRPTv1; rua=mailto:<USERNAME>@<DOMAIN.TLD> 

(where the rua-Mail-Adress is an Address one want's to get the reports)

EDIT:
We can easily check if the setup is correct via check tls.

Is this tutorial still relevant to be added to the documentation page regarding the MTA-STS, @james?

Thank you @james

@james, yes, I have access to the site, and you can invite me to the translator group.

Hello everyone,

I want to share some good news regarding the translation contributions I have been working on over the past few weeks.

The Cloudron translation for Indonesian (Bahasa Indonesia) is now 100% complete.

Today, I have also performed a thorough review of the strings, with a particular focus on the following:

• Ensuring consistency in Indonesian terminology across all translations
• Correcting capitalization to align with the original English strings
• Retaining original English terms where no clear or widely accepted Indonesian equivalent exists, to avoid ambiguity

If any Cloudron users from Indonesia have suggestions or feedback regarding the Indonesian translation, please don't hesitate to reach out to me via direct message or by replying to this post.

I hope this contribution will be helpful for Cloudron users, especially those in Indonesia.

Thank you,
Best regards

@james thank you James for the information

@andreasdueren said in Cloudron documentation outdated? Bitwarden now supports SSO:

SSO_AUTHORITY=

I encountered an issue when attempting to activate SSO using Cloudron OpenID.

I don't know why SSO_AUTHORITY, I just input my Cloudron URL (my.cloudron.example), but the SSO failed.

Do you face the same problem?

@paradoxbound if I enable Dane, should I enable MTA-STS?

When clicking on an application in the Cloudron App Store to view its details, a popup appears showing relevant information about the selected app, such as the description and other metadata.

However, after closing this popup, the page automatically scrolls back to the top.

This behavior makes it somewhat inconvenient, especially when browsing multiple applications further down the list.

Would it be possible to keep the scroll position unchanged after closing the app details popup, so the user remains at the same position in the App Store list instead of being taken back to the top automatically?

Maintaining the scroll position would make it much easier to review and compare applications without having to repeatedly scroll back to the previous location.

Thank you

@james said in Vaultwarden fails to start after update – DB migration error (SSO):

Hello @archos
I think, I have the same issue.
This is the log:

[2025-12-29 19:23:43.075][panic][ERROR] thread 'main' panicked at 'Error running migrations: QueryError(DieselMigrationName { name: "2024-03-06-170000_add_sso_users", version: MigrationVersion("20240306170000") }, DatabaseError(Unknown, "Referencing column 'user_uuid' and referenced column 'uuid' in foreign key constraint 'sso_users_ibfk_1' are incompatible."))': src/db/mod.rs:505

And seems to be already reported upstream: https://github.com/dani-garcia/vaultwarden/issues/6611

---

EDIT:
I followed the guided instructions and was able to fix it => https://github.com/dani-garcia/vaultwarden/wiki/Using-the-MariaDB-(MySQL)-Backend#foreign-key-errors-collation-and-charset

be sure to replace "vaultwarden" in the SQL querries with your cloudron database name.

I experienced the exact same issue when upgrading to the latest version. I managed to resolve it following @james's suggestion.

Here is a recap of the step-by-step process I executed, which might help others:

• 1. Enter Recovery Mode
     Go to the Cloudron dashboard and enable Recovery Mode for your Vaultwarden application.
• 2. Access the MySQL Database
     Open the application Terminal and click the MySQL button to access the database console..
• 3. Identify the Vaultwarden Database Name
     Run the following command to see the list of databases:

SHOW DATABASES;

Note the database name that appears (it is usually a random string like 9121d...). You will need this for the next steps.

• 4. Change the Database Charset

Replace YourDatabaseVaultwarden in the command below with the actual database name retrieved in Step 3, then run:

ALTER DATABASE `YourDatabaseVaultwarden` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci; 

• 5. Generate Table Modification Commands
     Run this query to generate the specific ALTER TABLE commands for your existing tables:

SELECT CONCAT('ALTER TABLE `', TABLE_NAME,'` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;') 
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_SCHEMA="YourDatabaseVaultwarden"
AND TABLE_TYPE="BASE TABLE";

Copy the output generated by this command. You can paste this list into ChatGPT or Gemini and ask it to format it for the next step (wrapping it between the foreign key check commands).

• 6. Execute the Final Fix
     The final command block should follow this structure:

SET foreign_key_checks=0;
-- Copy/Paste the output from above here
SET foreign_key_checks=1;

If you are unsure about the formatting, I simply copied the raw table list from the terminal in Step 5 and asked an AI to format it into valid MySQL syntax using the structure above.

Here is an example of what the final command looks like (Note: Do not copy-paste the specific table list below; use the one generated from your own database in Step 5, as your tables might differ):

SET foreign_key_checks=0;
ALTER TABLE `__diesel_schema_migrations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `attachments` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `ciphers_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `devices` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `emergency_access` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `favorites` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `folders_ciphers` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `folders` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `invitations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `org_policies` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `sends` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `twofactor_incomplete` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `twofactor` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users_collections` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users_organizations` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
ALTER TABLE `users` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
SET foreign_key_checks=1;

Once you have adapted the command to your specific tables, execute it in the MySQL terminal.

Finally, disable Recovery Mode and restart your Vaultwarden app. Hopefully, this serves as a solution for you as well.

Apologies if there are any technical inaccuracies; I utilized AI to guide me through this solution, and thankfully, it worked perfectly.

Thanks,
Regards

After doing more research on this email topic, I’ve gained some very useful insights.

As mentioned earlier by @andreasdueren, the ActiveSync support is a strong point for SOGo.

I also took note of @fbartels’s comment that Roundcube generally feels faster and lighter compared to the Mail app in Nextcloud.

To better understand the security aspect, I asked ChatGPT and Gemini about Roundcube vs SOGo.

Based on their answers and some public vulnerability data, the rough conclusion I got is:

• SOGo appears to be “more secure” than Roundcube if we look purely at the frequency and severity of reported vulnerabilities,
• For example, there have been fewer recent high‑impact issues (such as major RCE vulnerabilities) publicly associated with SOGo than with Roundcube.

Do you agree with this assessment, or is there important context I might be missing?

Thank you again for all the insights shared so far. They’ve been very helpful.

Hi everyone,

I’d like to ask for some opinions and experiences regarding email apps on Cloudron.

If you already have Nextcloud installed on your server, do you also install a separate webmail app such as SOGo or Roundcube on the same Cloudron instance?

I noticed that Nextcloud has a Mail app that can integrate with Cloudron’s email system. Because of this, I’m wondering:

• What are the reasons or advantages for still installing SOGo or Roundcube
  when Nextcloud already provides email functionality?
• Are there any limitations or issues with Nextcloud Mail that make SOGo or Roundcube a better choice in some situations?

I’m looking for different points of view because I’m not yet fully familiar with the pros and cons of each approach.

Any recommendations, example setups, or best practices from your own deployments would be very helpful.

Thank you in advance for your insights.

Best regards.

@james said in New Cloudron Docs Framework - Requesting feedback:

Docusaurus

Thank you, James. I really appreciate the useful tips from the forum thread compilations and the additional details on the documentation website.

I have a suggestion regarding the filter function in Cloudron.

Would it be possible to improve the current filter so that we can save filter presets and access them later from the dashboard?

Right now, filters are temporary. Once we move to another page or refresh, the filter is lost, and we have to set it up again.

What I’m imagining is something like this:

• We define a filter based on certain criteria (for example:
  • only show apps on a specific domain,
  • that have updates available,
  • and include a particular tag).
• Then we can save this filter with a name (e.g. “Client A – apps with pending updates”).
• Later, we can quickly select this saved filter from a dropdown or sidebar and apply it with a single click.

Possible use cases:

• Quickly checking which apps for a specific client or domain need updates
• Grouping apps by tags (e.g. production, staging, internal tools) and switching views easily
• Having different saved views for different admins or workflows

A simple “Save filter” / “Manage saved filters” option on the dashboard would already make daily management much easier, especially for users handling many apps and domains.

I hope this feature can be useful for others as well.

Thank you.
Regards.

@joseph said in Add Bulk Start/Stop Controls for Multiple Apps:

The last time I brought this up, the idea was to bring to the list view (but not Grid view). Especially updating multiple apps is a pain if you are updating manually.

If I am not mistaken, the Grid view and the List view on NextCloud (when viewing files) can be selected simultaneously. Maybe the same technology can be implemented?