Welcoming James to the team

Hello Everyone (= Happy to be here and looking forward to help wherever I can.

Hello @IniBudi

@IniBudi said in Newbie Question: Why Do We Need to Request Apps on Cloudron?:

This is a genuine newbie question, and I don’t have an IT background. I hope someone can shed some light on this for me.

I will go into a bit of detail here, so be prepared for a wall of text.

---

@IniBudi said in Newbie Question: Why Do We Need to Request Apps on Cloudron?:

Why do we actually need to submit a request for an application to be added to Cloudron’s app installation list?

Every app in the Cloudron App-Store is pre-vetted by the Cloudron team and comes with life-cycle testing before publishing updates to all the users of Cloudron to ensure as minimal friction as possible when using Cloudron and the apps available.
This means, every app needs to be understood on an application and technical level by the Cloudron team and handled accordingly so the end-user of Cloudron has as minimal as possible issues with the apps.
As you can imagine, these life-cycle tests don't just materialize out of thin air.
From the understanding of the packaged application, the life-cycle tests are developed to ensure a seamless app update process.
Let's take the Nextcloud app.
For the Nextcloud app for each app update runs through the life-cycle test https://git.cloudron.io/packages/nextcloud-app/-/blob/master/test/test.js which needs to succeed before the app update is shipped to you the end-user.

    // no sso
    it('install app (NO SSO)', function () { execSync(`cloudron install --no-sso --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);

    it('can login as admin', login.bind(null, adminUser, adminPassword));
    it('can close wizard', closeWizard);

    it('can upload file', uploadFile.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    it('can logout', logout);
    it('uninstall app', async function () {
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });

    // sso
    it('install app (SSO)', function () { execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can close the wizard', closeWizard);
    it('can logout', logout);

    it('can login as admin', login.bind(null, adminUser, adminPassword));
    it('can close wizard', closeWizard);
    it('can upload file', uploadFile.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));

    xit('can list users', listUsers);
    xit('has no setup warnings', checkSetupWarnings);
    it('can logout', logout);

    it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`); });

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('can list users', listUsers);
    it('can logout', logout);

    it('backup app', function () { execSync(`cloudron backup create --app ${app.id}`); });
    it('restore app', function () {
        const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
        execSync('cloudron install --location ' + LOCATION, EXEC_ARGS);
        getAppInfo();
        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
    });

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('can list users', listUsers);
    xit('has no setup warnings', checkSetupWarnings);
    it('can logout', logout);

    it('move to different location', async function () {
        browser.manage().deleteAllCookies();
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time

        execSync(`cloudron configure --app ${app.id} --location ${LOCATION}2`, EXEC_ARGS);
        getAppInfo();
    });


    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('can list users', listUsers);
    xit('has no setup warnings', checkSetupWarnings);

    it('uninstall app', async function () {
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });

    // test update
    it('can install app for update', function () { execSync(`cloudron install --appstore-id com.nextcloud.cloudronapp --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can close the wizard', closeWizard);
    it('can upload file', uploadFile.bind(null, adminUser, adminPassword));
    it('can logout', logout);

    it('can update', function () { execSync(`cloudron update --no-backup --app ${LOCATION}`, EXEC_ARGS); });

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can close the wizard', closeWizard);
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    xit('can close the wizard', closeWizard);
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('has no setup warnings', checkSetupWarnings);
//    it('can logout', logout);

    it('uninstall app', async function () {
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });

And this could still be considered a very broad life-cycle test.
Since Nextcloud has the capability to be unpredictably on the end-user part.
You can install 562 "apps" / "plugins" for Nextcloud which in turn would need their own life-cycle test again.
But since each of these "plugins" again is custom code from somewhere and in an unknown multiplication with other "plugins" makes it impossible to predict and thus test.
The more complex the app and more extendable the app itself, the harder it gets to maintain and the Cloudron team needs to find a good balance for each app.

This all needs to be handled by the Cloudron team so the end-user, you, can simply install and update an app without worrying.
From this angle it might be more understandable that simply adding a new app to the app-store is not actually that simple.

---

@IniBudi said in Newbie Question: Why Do We Need to Request Apps on Cloudron?:

Is it possible to add custom applications to Cloudron? If yes or no, is it something difficult for beginners or is there another reason behind it?

Possible, yes.
Difficult? Depends.
The user @timconsidine developed a custom app installer https://forum.cloudron.io/topic/14231/ccai-cloudron-custom-app-installer available at https://ccai.appx.uk/ which makes the installation of already existing custom Cloudron apps easier for "newbie" users.

already existing custom Cloudron apps?

From my previous explanation about the technicality of Cloudron apps and just the life-cycle tests.
Each Cloudron app needs to follow the Cloudron app packaging rules.
A small glimpse into the rules that can make it difficult to package an application for Cloudron.
All source-code most exist in /app/code and only backup worthy data (user-data) should be stored in /app/data
/app/code is read-only to ensure the security, see https://docs.cloudron.io/security/#app-isolation-and-sandboxing

Apps run with a read-only rootfs preventing attacks where the application code can be tampered with.

Meaning, when packaging an app for Cloudron, the packaging developer needs to understand the application he is packaging to certain degree to ensure this.
The more complex the app and more extendable the app itself, the more difficult it can be to package and maintain the app.
Broadly spoken, you can't just take the source-code of e.g. Agno - python-based open-source alternative to n8n and just make it an app for Cloudron.

I know that @BrutalBirdie started the Community Event - Workshop / Webinar - App Packaging initiative, which might be something for people like you.

There is also this topic Proposal: The CUR - Cloudron User Repository

What do you people think of the following?
Adding an input field in the app-store view to directly upload a CloudronManifest.json.

Mockup:

To make this work, a new optional 'key': 'value' in the CloudronManifest.json would be needed to add the Docker Image information so Cloudron knows where to pull the image from for this custom app.
Example from @BrutalBirdie custom FounderyVTT app => https://forum.cloudron.io/topic/8296/foundry-virtual-tabletop // https://github.com/BrutalBirdie/cloudron-foundryvtt

{
  "id": "foundryvtt.cloudron.app",
  "title": "FoundryVTT",
  "author": "Elias Hackradt ",
  "tagline": "FounderyVTT",
  "upstreamVersion": "13.345",
  "version": "1.2.0",
  "healthCheckPath": "/",
  "icon": "file://logo.png",
  "tags": [ "game", "multiplayer" ],
  "memoryLimit": 1342177280,
  "httpPort": 30000,
  "manifestVersion": 2,
  "minBoxVersion": "5.3.0",
  "addons": {
    "localstorage": {}
  },
  "dockerimage": "brutalbirdie/foundryvtt.cloudron.app:1.2.0"
}

This would make the barrier relatively small in my opinion.

Looking forward to reading your opinions.

@mirotalk-57bab571 I have pinned the topic so it will always stay on top in this category.

Hello @lewisl

@lewisl said in So Many Problems:

Cloudron itself has many UI problems and functional problems.

Cloudron 9 brings a full new UI. I am looking forward to hearing your thoughts on that.

---

@lewisl said in So Many Problems:

During setup the switch from Cloudron.IO (the "business" site) to Cloudron Server Portal is not clear. Each requires its own password though the login pages for both are indentical.

Suggestion: Simply make the login pages distinct with titles like: Cloudron Portal (the business site--pick anything you want) and Cloudron Server App Console.

This is a good suggestion.

---

@lewisl said in So Many Problems:

The email setup is quite complex and unreliable. Required 2.5 hours to get everything working. Even though I had given Cloudron a correct Cloudflare API token with correct settings, Cloudron created all of the appropriate DNS records EXCEPT the needed MX record.

This is rather unusual. Did you have an existing MX record?
Since by default, Cloudron does not simply overwrite your DNS records if they are existent.
When existent DNS records are found for e.g. apps, the user will get a notification informing that if they like to overwrite this record.
This should also be added to the Mail setup records.
Good catch.

---

@lewisl said in So Many Problems:

Cloudron email setup IS ESSENTIAL. Critical password changes can only be made via a change request email being sent. But, Catch-22: this can only be done with a correct setup. External SMTP did not work because the settings fields are incomplete or in accurate. Never did work. Don't blame Digital Ocean: I requested and obtained an exemption and 25, 587, etc were unblocked. I know this to be true because email sent by OnlyOffice worked through port 587.

The "user 0" can always be accessed without any mail setup needed, even if the password is lost.
When you ssh into your server and run the following command, a temporary password for the "user 0" will bet set and valid for exactly one use:

cloudron-support --owner-login

---

@lewisl said in So Many Problems:

...Suggestion: build outgoing email setup into the workflow of the initial setup. Make it something that can be skipped. have a better standalone setup for outgoing email (from the Cloudron Server Management console, not from applications) for those who may choose to defer it.

This might be a good idea.
Maybe like a "Cloudron Tour" that guides the user what he should setup, where he can find xyz.

---

@lewisl said in So Many Problems:

Another substantial confusion is the App Store accessible from Cloudron.io is basically a NOOP: it is non functional. clicking install does nothing. it is marketing. OK to do marketing--but point people to the proper creation of the managed server and the Cloudron server console--that's the only place where the market place works to install apps.

I don't really understand this point.
The https://www.cloudron.io/store/index.html does what it should do.
Display all available apps and when you click one and install, you get the marketing message.
Could you please elaborate?

---

@lewisl said in So Many Problems:

Suggestion: rather than the App Store just launching a setup, you should really launch a workflow of your own design to lead people through the essential steps. It's part of your value add.

Like a guided step by step for each app what to do and configure in each app?

---

@lewisl said in So Many Problems:

The dashboard could also be more robust.

In what sense? Could you please explain this a bit more?

Hello @nostrdev and @timconsidine
Signup to the git.cloudron.io instance was disabled due to an overwhelming amount of spam accounts.
@nostrdev I will take this as a request for an account and access rights to create repositories.

The @staff will create your account with the e-mail address used here in the forum.

Hello @dgtlmoon

I am sorry that your experience started so negatively.
This is normally not the standard in our forum and I believe we can turn this into a productive topic as it should be.

---

@dgtlmoon said in Mark Change Detection app as unstable?:

please let me know what those bugs were?

That is what I asked of the users.

---

@dgtlmoon said in Mark Change Detection app as unstable?:

if you can not use such strong language I would probably appreciate it

Only because of you I now know what the POS even means. I was unaware that it was "its a piece of SH...T". Thank you for that.
This is indeed no productive way and does not improve anything.
@svtx I have reviewed your previous topic on @change-detection, and it seems your overall negative view on this software stems from not getting it to work in the proper way.
But nowhere did you explain your issues. Otherwise, we (the Cloudron Forum) would have been able to assist in a meaningful way.
Could you please describe your issues so that we can work on that?

---

Regarding the:
@dgtlmoon said in Mark Change Detection app as unstable?:

"unstable state"

For clarification, if we Cloudron mark an app as unstable, it does not mean the software itself is unstable.
Since we have to package the app to work within the Cloudron ecosystem the issue can be with us packaging the app.

---

To improve future topics for @change-detection @dgtlmoon I took the liberty and took the official bug issue template from your GitHub and changed it a little to fit the Cloudron scope.
If people create topic for @change-detection they can use the template.

---

Once again @dgtlmoon I must apologize about this negative experience.
Let's make it a productive one!

Hello @Dave-Swift
A great video and I can see you respond to many skeptical comments.
Keep it up!

Hello @ccfu @imc67 I found the issue and the app will receive an update soon.

I can confirm this seems to have no impact.
Added the following lines to /app/data/env

OIDC_FORCE_USERNAME=false
OIDC_EMAIL_AS_USERNAME=false
OIDC_NAME_AS_USERNAME=true

Cloudron writes this to /run/mirotalksfu/env and /run/mirotalksfu/env is symlinked to /app/code/.env.
So everything in that /app/data/env => /run/mirotalksfu/env => /app/code/.env is loaded, otherwise all the other settings would be missing.

But now when checking the /app/code/app/src/config.js I see:

peer_name: {
                force: process.env.OIDC_USERNAME_FORCE !== 'false', // Require identity provider authentication
                email: process.env.OIDC_USERNAME_AS_EMAIL !== 'false', // Request email claim
                name: process.env.OIDC_USERNAME_AS_NAME === 'true', // Don't require full name
            }

So from that I can conclude the env vars should be:

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

This now had the desired effect.

I assume what @mirotalk-57bab571 wrote https://forum.cloudron.io/post/107999 was simply a typo or first draft of that variable names.

---

Solution

Use the following variables in /app/data/env

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

Hello @baris
Again, just wow and huge thanks!

Hello Everyone

We have added a guide documentation for Per-App storage limit.
If there are questions about this guide, or you have feedback on how to improve it further, please let me know.

Hello @elorden and welcome to the Cloudron forum.

I will answer your questions:

---

@elorden said in Pre Sales Questions:

I read in an old post (from 2020) that the same application can only be installed 5 times within the same Cloudron.
Is this still the case, or has this limitation been removed?

No, this is no longer the case. If you wish to install e.g. 100x LAMP apps, you can do that.

You can even test this on the Cloudron Demo Server https://my.demo.cloudron.io/
I just installed 8x LAMP apps:

---

@elorden said in Pre Sales Questions:

In my case, I want to install 20 instances of the same app for 20 clients. I want to see if I can do this with one Cloudron license. Or, on the contrary, will I need four licenses? And is it allowed to market this according to Cloudron's TOCs?

Yes you can do so and yes you can market/sell these with no issues.
Be aware, since each app may come with its own license and conditions, please respect them as well.
What you do with your Cloudron Server is fully up to you.
Cloudron does not impose restrictions in this regard.

If you'd like to read our terms, thery are linked here: https://www.cloudron.io/legal/terms.html

---

@elorden said in Pre Sales Questions:

Is it possible to create databases (e.g., Postgree) in Cloudron? There are applications, such as MetaBase, that need to connect to an external database. And, from what I can see, I'm afraid that would be something to configure outside of Cloudron.

Currently, there is no APP just providing a database like PostgreSQL or MySQL etc.
In your question, would this MetaBase be hosted outside the Cloudron server or on the same Cloudron server?

But, creating a simple app that just provides a singular postgresql, mysql or mongodb would be a fast workaround to have Cloudron still provide and manage these Databases.

---

@elorden said in Pre Sales Questions:

Is it possible to add other open source applications?

Yes, many people here even publish and maintain their own apps.
For example, @BrutalBirdie with his custom FoundryVTT requested from this topic https://forum.cloudron.io/topic/8296/foundry-virtual-tabletop

---

@elorden said in Pre Sales Questions:

I'm not a developer, but if it's not too complicated, I'd like to try to help package them so that we can all have them. Because although the Cloudron catalog is very good, I see that new interesting applications are appearing every day that are offered on other platforms (e.g., Coolify) and are not available on Cloudron.

Packaging a Cloudron App comes with some caveats.
There is a big doc section about this topic here: https://docs.cloudron.io/packaging/tutorial/
When packaging you will always have to have the Cloudron App filesystem in mind.

---

If there are any questions left, or I created new ones, please ask away.

FYI @discourse users:
After my work yesterday the discourse-reactions plugin was archived on GitHub.

This repository was archived by the owner on Jul 10, 2025. It is now read-only.

This plugin has now been bundled into Discourse core. See: https://meta.discourse.org/t/bundling-more-popular-plugins-with-discourse-core/373574

So best to uninstall the plugin.

Hello Cloudron Forum

Spreading awareness of the React and Next.js CVE that was published two days ago.

Sources:

• https://nvd.nist.gov/vuln/detail/CVE-2025-55182
• https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp
• https://github.com/facebook/react/security/advisories/GHSA-fv66-9v8q-g76r

TL;DR

If you are running custom React or Next.js applications, please update them as soon as possible.

CVE fixed in:

React:

• 19.0.1
• 19.1.2
• 19.2.1

Next.js:

• 15.0.5
• 15.1.9
• 15.2.6
• 15.3.6
• 15.4.8
• 15.5.7
• 16.0.7

Hello @JueBam
From my experience and the offical doc https://docs.hetzner.com/storage/storage-box/access/access-ssh-rsync-borg

When using sshfs with Hetzner Storage Boxes you have to use /home not /backup.
Also, this is not documented anywhere, but Hetzner Storage Boxes with ssh access use fail2ban.
Meaning, now that you have failed multiple attempts of authentication your instance is blocked for approximately 15 Minutes.

This block can be resolved faster by contacting the Hetzner Support.

Hello @rene-dhemant and welcome to the Cloudron forum

This question should be targeted at your hosting provider, and they should have a guide for that.
Example guide from some DigitalOcean: https://docs.digitalocean.com/products/volumes/how-to/increase-size/

WARNING

Always make sure you have a valid backup before doing anything like this.

To boil it down, it should be very simple.

1. ssh into your server
2. run the following command:

   resize2fs /dev/sda3
   

3. confirm the size of your partition with the following command:

   df -h /dev/sda3
   

But please check with your hosting provider if he offers a guide specific to their platform.

Hello @overholt

@overholt said in Nextcloud OIDC integration:

It would have been nice to provide a way to migrate NC users to Cloudron while maintaining files, shares and access.

All users that exist in LDAP are automatically migrated to OIDC when they log in for the first time with OIDC.
They retain all files, shares, access, groups and so on.
The reconfiguration part on the desktop client or mobile client part is only a login and everything else should stay the same.
One exception for other clients explained further down.

@overholt said in Nextcloud OIDC integration:

Now I will have to explain to everyone why they need to go through that process all over again.

I understand this is not optimal and the wish for a discussion first with the community is also very understandable.
If you are looking for the argument for your company that just started using Nextcloud on Cloudron why this change is necessary?
Answer with, Security and Usability.
Usability might not be that obvious at first since the given task of migration at hand.

OIDC Login enables 2FA authentication before the application.
Plain vanilla LDAP has no concept of 2FA.
So, with LDAP, users will have to maintain 2FA codes for every application.
With OIDC, only one 2FA code is needed.

Nextcloud specific security advancement with OIDC is that you need to create an app-password within Nextcloud for external clients like DAVx5 or other calendar apps.
This reduces the risk of some random thrid party application leaking the user password.

Hello @jeau
I have found the issue and a fix is currently being build.
An app update will be available soon.

Hello @stoccafisso
The Humhub app version 1.8.3 which packages HumHub 1.17.4 is the latest available version in the app-store.

Could you please go into detail what you would expect there?

In HumHub you can create your own User Profile Attributes under /admin/user-profile.
You can create new profile category e.g. named Personal Details:

and add custom fields

Here I added Nickname and What foods can I eat. One a freetext and one a checklist. Be sure to mark them as editable.

Resulting in these two fields in the profile which I can fill.

I hope this helps.