Welcoming James to the team

Hello Everyone (= Happy to be here and looking forward to help wherever I can.

There is also this topic Proposal: The CUR - Cloudron User Repository

What do you people think of the following?
Adding an input field in the app-store view to directly upload a CloudronManifest.json.

Mockup:

To make this work, a new optional 'key': 'value' in the CloudronManifest.json would be needed to add the Docker Image information so Cloudron knows where to pull the image from for this custom app.
Example from @BrutalBirdie custom FounderyVTT app => https://forum.cloudron.io/topic/8296/foundry-virtual-tabletop // https://github.com/BrutalBirdie/cloudron-foundryvtt

{
  "id": "foundryvtt.cloudron.app",
  "title": "FoundryVTT",
  "author": "Elias Hackradt ",
  "tagline": "FounderyVTT",
  "upstreamVersion": "13.345",
  "version": "1.2.0",
  "healthCheckPath": "/",
  "icon": "file://logo.png",
  "tags": [ "game", "multiplayer" ],
  "memoryLimit": 1342177280,
  "httpPort": 30000,
  "manifestVersion": 2,
  "minBoxVersion": "5.3.0",
  "addons": {
    "localstorage": {}
  },
  "dockerimage": "brutalbirdie/foundryvtt.cloudron.app:1.2.0"
}

This would make the barrier relatively small in my opinion.

Looking forward to reading your opinions.

@mirotalk-57bab571 I have pinned the topic so it will always stay on top in this category.

Hello @lewisl

@lewisl said in So Many Problems:

Cloudron itself has many UI problems and functional problems.

Cloudron 9 brings a full new UI. I am looking forward to hearing your thoughts on that.

---

@lewisl said in So Many Problems:

During setup the switch from Cloudron.IO (the "business" site) to Cloudron Server Portal is not clear. Each requires its own password though the login pages for both are indentical.

Suggestion: Simply make the login pages distinct with titles like: Cloudron Portal (the business site--pick anything you want) and Cloudron Server App Console.

This is a good suggestion.

---

@lewisl said in So Many Problems:

The email setup is quite complex and unreliable. Required 2.5 hours to get everything working. Even though I had given Cloudron a correct Cloudflare API token with correct settings, Cloudron created all of the appropriate DNS records EXCEPT the needed MX record.

This is rather unusual. Did you have an existing MX record?
Since by default, Cloudron does not simply overwrite your DNS records if they are existent.
When existent DNS records are found for e.g. apps, the user will get a notification informing that if they like to overwrite this record.
This should also be added to the Mail setup records.
Good catch.

---

@lewisl said in So Many Problems:

Cloudron email setup IS ESSENTIAL. Critical password changes can only be made via a change request email being sent. But, Catch-22: this can only be done with a correct setup. External SMTP did not work because the settings fields are incomplete or in accurate. Never did work. Don't blame Digital Ocean: I requested and obtained an exemption and 25, 587, etc were unblocked. I know this to be true because email sent by OnlyOffice worked through port 587.

The "user 0" can always be accessed without any mail setup needed, even if the password is lost.
When you ssh into your server and run the following command, a temporary password for the "user 0" will bet set and valid for exactly one use:

cloudron-support --owner-login

---

@lewisl said in So Many Problems:

...Suggestion: build outgoing email setup into the workflow of the initial setup. Make it something that can be skipped. have a better standalone setup for outgoing email (from the Cloudron Server Management console, not from applications) for those who may choose to defer it.

This might be a good idea.
Maybe like a "Cloudron Tour" that guides the user what he should setup, where he can find xyz.

---

@lewisl said in So Many Problems:

Another substantial confusion is the App Store accessible from Cloudron.io is basically a NOOP: it is non functional. clicking install does nothing. it is marketing. OK to do marketing--but point people to the proper creation of the managed server and the Cloudron server console--that's the only place where the market place works to install apps.

I don't really understand this point.
The https://www.cloudron.io/store/index.html does what it should do.
Display all available apps and when you click one and install, you get the marketing message.
Could you please elaborate?

---

@lewisl said in So Many Problems:

Suggestion: rather than the App Store just launching a setup, you should really launch a workflow of your own design to lead people through the essential steps. It's part of your value add.

Like a guided step by step for each app what to do and configure in each app?

---

@lewisl said in So Many Problems:

The dashboard could also be more robust.

In what sense? Could you please explain this a bit more?

Hello @nostrdev and @timconsidine
Signup to the git.cloudron.io instance was disabled due to an overwhelming amount of spam accounts.
@nostrdev I will take this as a request for an account and access rights to create repositories.

The @staff will create your account with the e-mail address used here in the forum.

Hello @ccfu @imc67 I found the issue and the app will receive an update soon.

I can confirm this seems to have no impact.
Added the following lines to /app/data/env

OIDC_FORCE_USERNAME=false
OIDC_EMAIL_AS_USERNAME=false
OIDC_NAME_AS_USERNAME=true

Cloudron writes this to /run/mirotalksfu/env and /run/mirotalksfu/env is symlinked to /app/code/.env.
So everything in that /app/data/env => /run/mirotalksfu/env => /app/code/.env is loaded, otherwise all the other settings would be missing.

But now when checking the /app/code/app/src/config.js I see:

peer_name: {
                force: process.env.OIDC_USERNAME_FORCE !== 'false', // Require identity provider authentication
                email: process.env.OIDC_USERNAME_AS_EMAIL !== 'false', // Request email claim
                name: process.env.OIDC_USERNAME_AS_NAME === 'true', // Don't require full name
            }

So from that I can conclude the env vars should be:

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

This now had the desired effect.

I assume what @mirotalk-57bab571 wrote https://forum.cloudron.io/post/107999 was simply a typo or first draft of that variable names.

---

Solution

Use the following variables in /app/data/env

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

FYI @discourse users:
After my work yesterday the discourse-reactions plugin was archived on GitHub.

This repository was archived by the owner on Jul 10, 2025. It is now read-only.

This plugin has now been bundled into Discourse core. See: https://meta.discourse.org/t/bundling-more-popular-plugins-with-discourse-core/373574

So best to uninstall the plugin.

Hello @JueBam
From my experience and the offical doc https://docs.hetzner.com/storage/storage-box/access/access-ssh-rsync-borg

When using sshfs with Hetzner Storage Boxes you have to use /home not /backup.
Also, this is not documented anywhere, but Hetzner Storage Boxes with ssh access use fail2ban.
Meaning, now that you have failed multiple attempts of authentication your instance is blocked for approximately 15 Minutes.

This block can be resolved faster by contacting the Hetzner Support.

Hello @elorden and welcome to the Cloudron forum.

I will answer your questions:

---

@elorden said in Pre Sales Questions:

I read in an old post (from 2020) that the same application can only be installed 5 times within the same Cloudron.
Is this still the case, or has this limitation been removed?

No, this is no longer the case. If you wish to install e.g. 100x LAMP apps, you can do that.

You can even test this on the Cloudron Demo Server https://my.demo.cloudron.io/
I just installed 8x LAMP apps:

---

@elorden said in Pre Sales Questions:

In my case, I want to install 20 instances of the same app for 20 clients. I want to see if I can do this with one Cloudron license. Or, on the contrary, will I need four licenses? And is it allowed to market this according to Cloudron's TOCs?

Yes you can do so and yes you can market/sell these with no issues.
Be aware, since each app may come with its own license and conditions, please respect them as well.
What you do with your Cloudron Server is fully up to you.
Cloudron does not impose restrictions in this regard.

If you'd like to read our terms, thery are linked here: https://www.cloudron.io/legal/terms.html

---

@elorden said in Pre Sales Questions:

Is it possible to create databases (e.g., Postgree) in Cloudron? There are applications, such as MetaBase, that need to connect to an external database. And, from what I can see, I'm afraid that would be something to configure outside of Cloudron.

Currently, there is no APP just providing a database like PostgreSQL or MySQL etc.
In your question, would this MetaBase be hosted outside the Cloudron server or on the same Cloudron server?

But, creating a simple app that just provides a singular postgresql, mysql or mongodb would be a fast workaround to have Cloudron still provide and manage these Databases.

---

@elorden said in Pre Sales Questions:

Is it possible to add other open source applications?

Yes, many people here even publish and maintain their own apps.
For example, @BrutalBirdie with his custom FoundryVTT requested from this topic https://forum.cloudron.io/topic/8296/foundry-virtual-tabletop

---

@elorden said in Pre Sales Questions:

I'm not a developer, but if it's not too complicated, I'd like to try to help package them so that we can all have them. Because although the Cloudron catalog is very good, I see that new interesting applications are appearing every day that are offered on other platforms (e.g., Coolify) and are not available on Cloudron.

Packaging a Cloudron App comes with some caveats.
There is a big doc section about this topic here: https://docs.cloudron.io/packaging/tutorial/
When packaging you will always have to have the Cloudron App filesystem in mind.

---

If there are any questions left, or I created new ones, please ask away.

Hello @overholt

@overholt said in Nextcloud OIDC integration:

It would have been nice to provide a way to migrate NC users to Cloudron while maintaining files, shares and access.

All users that exist in LDAP are automatically migrated to OIDC when they log in for the first time with OIDC.
They retain all files, shares, access, groups and so on.
The reconfiguration part on the desktop client or mobile client part is only a login and everything else should stay the same.
One exception for other clients explained further down.

@overholt said in Nextcloud OIDC integration:

Now I will have to explain to everyone why they need to go through that process all over again.

I understand this is not optimal and the wish for a discussion first with the community is also very understandable.
If you are looking for the argument for your company that just started using Nextcloud on Cloudron why this change is necessary?
Answer with, Security and Usability.
Usability might not be that obvious at first since the given task of migration at hand.

OIDC Login enables 2FA authentication before the application.
Plain vanilla LDAP has no concept of 2FA.
So, with LDAP, users will have to maintain 2FA codes for every application.
With OIDC, only one 2FA code is needed.

Nextcloud specific security advancement with OIDC is that you need to create an app-password within Nextcloud for external clients like DAVx5 or other calendar apps.
This reduces the risk of some random thrid party application leaking the user password.

I did a comparison what timezone on Linux exist for America and compared them to the list of supported timezones in https://www.php.net/manual/en/timezones.america.php

Comparison can be found here: https://regex101.com/r/mXRK1J/1
Not supported timezones are:

[...]
America/Ensenada
America/Fort_Wayne
[...]

Setting my timezone to America/Fort_Wayne:

timedatectl
Local time: Mi 2025-05-28 02:04:21 EDT
Universal time: Mi 2025-05-28 06:04:21 UTC
RTC time: Mi 2025-05-28 06:04:20
Time zone: America/Fort_Wayne (EDT, -0400)
System clock synchronized: no
NTP service: inactive
RTC in local TZ: no

In a Chrome based Browser running:

console.log(Intl.DateTimeFormat().resolvedOptions().timeZone);
America/Indianapolis

Good America/Indianapolis is not on the list https://www.php.net/manual/en/timezones.america.php

DateInvalidTimeZoneException: DateTimeZone::__construct(): Unknown or bad timezone (America/Indianapolis) in /app/code/vendor/codeigniter4/framework/system/I18n/TimeTrait.php:92
Stack trace:
#0 /app/code/vendor/codeigniter4/framework/system/I18n/TimeTrait.php(92): DateTimeZone->__construct()
#1 /app/code/vendor/codeigniter4/framework/system/I18n/TimeTrait.php(256): CodeIgniter\I18n\Time->__construct()
#2 /app/code/modules/Admin/Controllers/PodcastController.php(697): CodeIgniter\I18n\Time::createFromFormat()
#3 /app/code/modules/Admin/Controllers/PodcastController.php(53): Modules\Admin\Controllers\PodcastController->attemptPublish()
#4 /app/code/vendor/codeigniter4/framework/system/CodeIgniter.php(932): Modules\Admin\Controllers\PodcastController->_remap()
#5 /app/code/vendor/codeigniter4/framework/system/CodeIgniter.php(509): CodeIgniter\CodeIgniter->runController()
#6 /app/code/vendor/codeigniter4/framework/system/CodeIgniter.php(355): CodeIgniter\CodeIgniter->handleRequest()
#7 /app/code/vendor/codeigniter4/framework/system/Boot.php(334): CodeIgniter\CodeIgniter->run()
#8 /app/code/vendor/codeigniter4/framework/system/Boot.php(67): CodeIgniter\Boot::runCodeIgniter()
#9 /app/code/public/index.php(61): CodeIgniter\Boot::bootWeb()
#10 {main}

This is the exact error you are having.

Now in FireFox running:

console.log(Intl.DateTimeFormat().resolvedOptions().timeZone);
America/Indiana/Indianapolis

America/Indiana/Indianapolis is on the list of supported timezone https://www.php.net/manual/en/timezones.america.php

And the scedule publish of castopod worked fine.

---

Solution / Error explanation

It seems your are using a Chrome based Browser on a Unix based system (macOS / Linux) and a Timezone that gets converted into a TimeZone that is not support by PHP.

Quick Fix

Use a different timezone that is more generic and check in the web console with:

console.log(Intl.DateTimeFormat().resolvedOptions().timeZone);

if the timezone returned is avaiable in https://www.php.net/manual/en/timezones.america.php

What should be done in a perfect world

An issue should be raised with PHP and the Chomerium based browser you are using about this specific issue and Timezone.
Either PHP should support all timezone or the chrome based browser should convert it into a supported PHP version one like FireFox does.

I hope this will solve your issue.

Hello @Isaac
This is the Cloudron Community.
Since you stated you are hosting Documenso on proxmox we are unable to assist you any further.
But since you found us, maybe Cloudron can help you to host Documenso so it works out of the box!

Hello @imc67

The mailing for the Pretix should be autoconfigured on every startup and is placed in the /run/pretix/pretix.cfg file.
Can you confirm that in that file it is correct?

Even if these values are correct it seems the mail is not sent.
I have reproduced this issue and I am now looking into it.

Hello @imc67
I reproduced this, and I did not really find an upstream issue for this.
@mirotalk-57bab571 is this something that could be "fixed"?

I think I see the problem here.
The task worker named celery is configured in /run/pretix/pretix.cfg to use redis as the backend and broker but somehow, celery still wants to use AMQP server (e.g. RabbitMQ) which does not exist and fails.

This might be a celery related issue similar to https://github.com/celery/celery/issues/6370

EDIT:
This was a wild goose chase and was some based on a log message I thought saw once.
But did not lead to anything.

I am now starting to debug the problem again.

Hello @luckow
Good news, the team is trying to add this to the Cloudron 9 release.

Oh! @BrutalBirdie just found the issue https://github.com/freescout-help-desk/freescout/issues/4819#issuecomment-2927528981

Since something was changed in 1.8.181 regarding Take into account APP_SHOW_ONLY_ASSIGNED_CONVERSATIONS option when deleting conversation
8484785

When applying this commit in reverse:

wget -O this.patch https://github.com/freescout-help-desk/freescout/commit/8484785a17fa1cd58d46016b45f6822a6adc9b64.diff
git apply --reverse this.patch

the issue resolves.
Since I am not that deep into the freescout code, I can't create a PR right now to fix this.
But my method of undoing that commit with a reverse apply proves that there is a regression.

@bmann I will take care of this and make sure your advanced guide will be added to https://docs.cloudron.io/apps/discourse/#incoming-email-setup

Thanks for the already done write-up!