Welcoming James to the team

Hello Everyone (= Happy to be here and looking forward to help wherever I can.

Hello @vaultwarden users

Since users have voiced their concerns about manually editing the database I have created a bash script that does it for you.
Please follow these steps if you have this issue:

1. create an app backup of your @vaultwarden Cloudron app
2. put the erroring @vaultwarden app in recovery mode
3. open the File Manager of your @vaultwarden app and create a fix_db.sh file
4. copy and paste the following script into the just created fix_db.sh file:

   #!/bin/bash
   
   echo "=> Checking if DEFAULT_CHARACTER_SET_NAME and DEFAULT_COLLATION_NAME are set to utf8mb4 and utf8mb4_unicode_ci"
   
   CURRENT_DEFAULT_CHARACTER_SET_NAME=$(mysql --silent --skip-column-names --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT DEFAULT_CHARACTER_SET_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = '${CLOUDRON_MYSQL_DATABASE}';" 2>/dev/null)
   CURRENT_DEFAULT_COLLATION_NAME=$(mysql --silent --skip-column-names --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SELECT DEFAULT_COLLATION_NAME FROM information_schema.SCHEMATA WHERE SCHEMA_NAME = '${CLOUDRON_MYSQL_DATABASE}';" 2>/dev/null)
   FIX_NEEDED=0
   
   if [ "${CURRENT_DEFAULT_CHARACTER_SET_NAME}" != "utf8mb4" ] || [ "${CURRENT_DEFAULT_COLLATION_NAME}" != "utf8mb4_unicode_ci" ]; then
       echo "=> DEFAULT_CHARACTER_SET_NAME or DEFAULT_COLLATION_NAME is not set to utf8mb4 or utf8mb4_unicode_ci."
       echo "==> Current values are: DEFAULT_CHARACTER_SET_NAME=${CURRENT_DEFAULT_CHARACTER_SET_NAME}, DEFAULT_COLLATION_NAME=${CURRENT_DEFAULT_COLLATION_NAME}"
       FIX_NEEDED=1
   else
       echo "=> DEFAULT_CHARACTER_SET_NAME is ${CURRENT_DEFAULT_CHARACTER_SET_NAME} and DEFAULT_COLLATION_NAME is ${CURRENT_DEFAULT_COLLATION_NAME}"
       echo "=> Nothing to do - quitting."
       FIX_NEEDED=0
       exit 0
   fi
   
   if [ ${FIX_NEEDED} -eq 1 ]; then
       read -p "Have you created a backup of your Cloudron Vaultwarden app? (y/N): " yn
       case $yn in
           [Yy]* )
               echo "=> Setting database character set and collation to utf8mb4 and utf8mb4_unicode_ci."
               mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "ALTER DATABASE \`${CLOUDRON_MYSQL_DATABASE}\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" 2>/dev/null
               echo "=> Converting all tables to character set utf8mb4 and collation utf8mb4_unicode_ci."
               mysql --silent --skip-column-names \
     --user="${CLOUDRON_MYSQL_USERNAME}" \
     --password="${CLOUDRON_MYSQL_PASSWORD}" \
     --host="${CLOUDRON_MYSQL_HOST}" \
     "${CLOUDRON_MYSQL_DATABASE}" \
     -e "SELECT CONCAT('ALTER TABLE \`', TABLE_NAME,'\` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;') AS CharSetConvert FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='${CLOUDRON_MYSQL_DATABASE}' AND TABLE_TYPE=\"BASE TABLE\";" 2>/dev/null | while read -r sql_command; do
                   echo "==> Executing: ${sql_command}"
                   mysql --user=${CLOUDRON_MYSQL_USERNAME} --password=${CLOUDRON_MYSQL_PASSWORD} --host=${CLOUDRON_MYSQL_HOST} ${CLOUDRON_MYSQL_DATABASE} -e "SET foreign_key_checks=0; ${sql_command} SET foreign_key_checks=1;" 2>/dev/null
               done
               ;;
           [Nn]* )
               echo "=> Please create a backup of your database before proceeding with the fix. Exiting."
               exit 1
               ;;
           * )
               echo "=> Invalid response. Please answer with y or n. Exiting."
               exit 1
               ;;
       esac
   fi
   

5. open the Web Terminal of your @vaultwarden Cloudron app
6. execute the following command:

   bash /app/data/fix_db.sh
   

7. Execute the following command to start @vaultwarden:

   /app/pkg/start.sh
   

8. Validate if your @vaultwarden is now working correctly
9. If validated working, you can delete the fix_db.sh file and disable the recovery mode of your @vaultwarden Cloudron app

---

If you run into any issues, copy the output of the terminal, post it here and restore your app from the backup created.

Hello @mirotalk
We have added the group @validated-app-maintainer and force 2FA for users in this group to mitigate a hostile account takeover.
I have enabled the display of this group next to your profile like for me with STAFF.
The group @validated-app-maintainer is private, invite only and pre-vetted by the Cloudron Team to ensure only people verified by the Cloudron Team get into this group.
Being in this group indicates that a user was validated by the Cloudron Team to be a maintainer of a Cloudron app.

Hello @IniBudi

@IniBudi said in Newbie Question: Why Do We Need to Request Apps on Cloudron?:

This is a genuine newbie question, and I don’t have an IT background. I hope someone can shed some light on this for me.

I will go into a bit of detail here, so be prepared for a wall of text.

---

@IniBudi said in Newbie Question: Why Do We Need to Request Apps on Cloudron?:

Why do we actually need to submit a request for an application to be added to Cloudron’s app installation list?

Every app in the Cloudron App-Store is pre-vetted by the Cloudron team and comes with life-cycle testing before publishing updates to all the users of Cloudron to ensure as minimal friction as possible when using Cloudron and the apps available.
This means, every app needs to be understood on an application and technical level by the Cloudron team and handled accordingly so the end-user of Cloudron has as minimal as possible issues with the apps.
As you can imagine, these life-cycle tests don't just materialize out of thin air.
From the understanding of the packaged application, the life-cycle tests are developed to ensure a seamless app update process.
Let's take the Nextcloud app.
For the Nextcloud app for each app update runs through the life-cycle test https://git.cloudron.io/packages/nextcloud-app/-/blob/master/test/test.js which needs to succeed before the app update is shipped to you the end-user.

    // no sso
    it('install app (NO SSO)', function () { execSync(`cloudron install --no-sso --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);

    it('can login as admin', login.bind(null, adminUser, adminPassword));
    it('can close wizard', closeWizard);

    it('can upload file', uploadFile.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    it('can logout', logout);
    it('uninstall app', async function () {
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });

    // sso
    it('install app (SSO)', function () { execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can close the wizard', closeWizard);
    it('can logout', logout);

    it('can login as admin', login.bind(null, adminUser, adminPassword));
    it('can close wizard', closeWizard);
    it('can upload file', uploadFile.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));

    xit('can list users', listUsers);
    xit('has no setup warnings', checkSetupWarnings);
    it('can logout', logout);

    it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`); });

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('can list users', listUsers);
    it('can logout', logout);

    it('backup app', function () { execSync(`cloudron backup create --app ${app.id}`); });
    it('restore app', function () {
        const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
        execSync('cloudron install --location ' + LOCATION, EXEC_ARGS);
        getAppInfo();
        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
    });

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('can list users', listUsers);
    xit('has no setup warnings', checkSetupWarnings);
    it('can logout', logout);

    it('move to different location', async function () {
        browser.manage().deleteAllCookies();
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time

        execSync(`cloudron configure --app ${app.id} --location ${LOCATION}2`, EXEC_ARGS);
        getAppInfo();
    });


    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('can list users', listUsers);
    xit('has no setup warnings', checkSetupWarnings);

    it('uninstall app', async function () {
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });

    // test update
    it('can install app for update', function () { execSync(`cloudron install --appstore-id com.nextcloud.cloudronapp --location ${LOCATION}`, EXEC_ARGS); });
    it('can get app information', getAppInfo);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    it('can close the wizard', closeWizard);
    it('can upload file', uploadFile.bind(null, adminUser, adminPassword));
    it('can logout', logout);

    it('can update', function () { execSync(`cloudron update --no-backup --app ${LOCATION}`, EXEC_ARGS); });

    it('can login OIDC', loginOIDC.bind(null, username, password));
    it('can close the wizard', closeWizard);
    it('can check file', checkFile.bind(null, 'Readme'));
    it('can logout', logout);

    it('can admin login', login.bind(null, adminUser, adminPassword));
    xit('can close the wizard', closeWizard);
    it('can check file', checkFile.bind(null, 'sticker'));
    it('can download previously uploaded file', testFileDownload.bind(null, adminUser, adminPassword));
    xit('has no setup warnings', checkSetupWarnings);
//    it('can logout', logout);

    it('uninstall app', async function () {
        await browser.get('about:blank'); // ensure we don't hit NXDOMAIN in the mean time
        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
    });

And this could still be considered a very broad life-cycle test.
Since Nextcloud has the capability to be unpredictably on the end-user part.
You can install 562 "apps" / "plugins" for Nextcloud which in turn would need their own life-cycle test again.
But since each of these "plugins" again is custom code from somewhere and in an unknown multiplication with other "plugins" makes it impossible to predict and thus test.
The more complex the app and more extendable the app itself, the harder it gets to maintain and the Cloudron team needs to find a good balance for each app.

This all needs to be handled by the Cloudron team so the end-user, you, can simply install and update an app without worrying.
From this angle it might be more understandable that simply adding a new app to the app-store is not actually that simple.

---

@IniBudi said in Newbie Question: Why Do We Need to Request Apps on Cloudron?:

Is it possible to add custom applications to Cloudron? If yes or no, is it something difficult for beginners or is there another reason behind it?

Possible, yes.
Difficult? Depends.
The user @timconsidine developed a custom app installer https://forum.cloudron.io/topic/14231/ccai-cloudron-custom-app-installer available at https://ccai.appx.uk/ which makes the installation of already existing custom Cloudron apps easier for "newbie" users.

already existing custom Cloudron apps?

From my previous explanation about the technicality of Cloudron apps and just the life-cycle tests.
Each Cloudron app needs to follow the Cloudron app packaging rules.
A small glimpse into the rules that can make it difficult to package an application for Cloudron.
All source-code most exist in /app/code and only backup worthy data (user-data) should be stored in /app/data
/app/code is read-only to ensure the security, see https://docs.cloudron.io/security/#app-isolation-and-sandboxing

Apps run with a read-only rootfs preventing attacks where the application code can be tampered with.

Meaning, when packaging an app for Cloudron, the packaging developer needs to understand the application he is packaging to certain degree to ensure this.
The more complex the app and more extendable the app itself, the more difficult it can be to package and maintain the app.
Broadly spoken, you can't just take the source-code of e.g. Agno - python-based open-source alternative to n8n and just make it an app for Cloudron.

I know that @BrutalBirdie started the Community Event - Workshop / Webinar - App Packaging initiative, which might be something for people like you.

There is also this topic Proposal: The CUR - Cloudron User Repository

What do you people think of the following?
Adding an input field in the app-store view to directly upload a CloudronManifest.json.

Mockup:

To make this work, a new optional 'key': 'value' in the CloudronManifest.json would be needed to add the Docker Image information so Cloudron knows where to pull the image from for this custom app.
Example from @BrutalBirdie custom FounderyVTT app => https://forum.cloudron.io/topic/8296/foundry-virtual-tabletop // https://github.com/BrutalBirdie/cloudron-foundryvtt

{
  "id": "foundryvtt.cloudron.app",
  "title": "FoundryVTT",
  "author": "Elias Hackradt ",
  "tagline": "FounderyVTT",
  "upstreamVersion": "13.345",
  "version": "1.2.0",
  "healthCheckPath": "/",
  "icon": "file://logo.png",
  "tags": [ "game", "multiplayer" ],
  "memoryLimit": 1342177280,
  "httpPort": 30000,
  "manifestVersion": 2,
  "minBoxVersion": "5.3.0",
  "addons": {
    "localstorage": {}
  },
  "dockerimage": "brutalbirdie/foundryvtt.cloudron.app:1.2.0"
}

This would make the barrier relatively small in my opinion.

Looking forward to reading your opinions.

Hello Cloudron Community

Currently, the Cloudron Docs at docs.cloudron.io are build with mkdocs and mkdocs-material.
Unfortunately mkdocs-material is now in maintenance mode which means we have to look for alternatives.

We have looked into Docusaurus and migrated the documentation and would appreciate some feedback from the community.

Here is the URL: https://docs-ng.cloudron.io/

---

My personal favourite is the new API Doc which has an interactive component to test the API.
Example: https://docs-ng.cloudron.io/api/list-apps-by-user you can edit the URL and your token and actually use the API:

Thank you very much @archos from the Cloudron Team.
We'd like to extend the same wishes back to you and every Cloudron user.

Stay healthy and jolly celebrations to everyone.

@mirotalk-57bab571 I have pinned the topic so it will always stay on top in this category.

Hello @nostrdev and @timconsidine
Signup to the git.cloudron.io instance was disabled due to an overwhelming amount of spam accounts.
@nostrdev I will take this as a request for an account and access rights to create repositories.

The @staff will create your account with the e-mail address used here in the forum.

Hello @lewisl

@lewisl said in So Many Problems:

Cloudron itself has many UI problems and functional problems.

Cloudron 9 brings a full new UI. I am looking forward to hearing your thoughts on that.

---

@lewisl said in So Many Problems:

During setup the switch from Cloudron.IO (the "business" site) to Cloudron Server Portal is not clear. Each requires its own password though the login pages for both are indentical.

Suggestion: Simply make the login pages distinct with titles like: Cloudron Portal (the business site--pick anything you want) and Cloudron Server App Console.

This is a good suggestion.

---

@lewisl said in So Many Problems:

The email setup is quite complex and unreliable. Required 2.5 hours to get everything working. Even though I had given Cloudron a correct Cloudflare API token with correct settings, Cloudron created all of the appropriate DNS records EXCEPT the needed MX record.

This is rather unusual. Did you have an existing MX record?
Since by default, Cloudron does not simply overwrite your DNS records if they are existent.
When existent DNS records are found for e.g. apps, the user will get a notification informing that if they like to overwrite this record.
This should also be added to the Mail setup records.
Good catch.

---

@lewisl said in So Many Problems:

Cloudron email setup IS ESSENTIAL. Critical password changes can only be made via a change request email being sent. But, Catch-22: this can only be done with a correct setup. External SMTP did not work because the settings fields are incomplete or in accurate. Never did work. Don't blame Digital Ocean: I requested and obtained an exemption and 25, 587, etc were unblocked. I know this to be true because email sent by OnlyOffice worked through port 587.

The "user 0" can always be accessed without any mail setup needed, even if the password is lost.
When you ssh into your server and run the following command, a temporary password for the "user 0" will bet set and valid for exactly one use:

cloudron-support --owner-login

---

@lewisl said in So Many Problems:

...Suggestion: build outgoing email setup into the workflow of the initial setup. Make it something that can be skipped. have a better standalone setup for outgoing email (from the Cloudron Server Management console, not from applications) for those who may choose to defer it.

This might be a good idea.
Maybe like a "Cloudron Tour" that guides the user what he should setup, where he can find xyz.

---

@lewisl said in So Many Problems:

Another substantial confusion is the App Store accessible from Cloudron.io is basically a NOOP: it is non functional. clicking install does nothing. it is marketing. OK to do marketing--but point people to the proper creation of the managed server and the Cloudron server console--that's the only place where the market place works to install apps.

I don't really understand this point.
The https://www.cloudron.io/store/index.html does what it should do.
Display all available apps and when you click one and install, you get the marketing message.
Could you please elaborate?

---

@lewisl said in So Many Problems:

Suggestion: rather than the App Store just launching a setup, you should really launch a workflow of your own design to lead people through the essential steps. It's part of your value add.

Like a guided step by step for each app what to do and configure in each app?

---

@lewisl said in So Many Problems:

The dashboard could also be more robust.

In what sense? Could you please explain this a bit more?

Happy New Year 2026

Shall the new year bring health and prosperity.
Users like you, who share knowledge, challenge ideas, and improve the platform through active participation in the forum are the engine that continually improves Cloudron.
Your involvement turns individual usage into a collective effort.
This shared effort is what carries Cloudron forward into the year ahead.

---

We will also use this topic to merge all new year wishes topics into this one to keep the forum search clean.

Hello @zonzonzon
The current latest version in the Cloudron app store 2.1.2 is not effected.
Also, the latest N8N version for the old 1.123.7 is also not effected.

If you have your N8N updated to the last 1.123.7 or 2.1.2 version, then you are save.

Hello @dgtlmoon

I am sorry that your experience started so negatively.
This is normally not the standard in our forum and I believe we can turn this into a productive topic as it should be.

---

@dgtlmoon said in Mark Change Detection app as unstable?:

please let me know what those bugs were?

That is what I asked of the users.

---

@dgtlmoon said in Mark Change Detection app as unstable?:

if you can not use such strong language I would probably appreciate it

Only because of you I now know what the POS even means. I was unaware that it was "its a piece of SH...T". Thank you for that.
This is indeed no productive way and does not improve anything.
@svtx I have reviewed your previous topic on @change-detection, and it seems your overall negative view on this software stems from not getting it to work in the proper way.
But nowhere did you explain your issues. Otherwise, we (the Cloudron Forum) would have been able to assist in a meaningful way.
Could you please describe your issues so that we can work on that?

---

Regarding the:
@dgtlmoon said in Mark Change Detection app as unstable?:

"unstable state"

For clarification, if we Cloudron mark an app as unstable, it does not mean the software itself is unstable.
Since we have to package the app to work within the Cloudron ecosystem the issue can be with us packaging the app.

---

To improve future topics for @change-detection @dgtlmoon I took the liberty and took the official bug issue template from your GitHub and changed it a little to fit the Cloudron scope.
If people create topic for @change-detection they can use the template.

---

Once again @dgtlmoon I must apologize about this negative experience.
Let's make it a productive one!

Hello @Dave-Swift
A great video and I can see you respond to many skeptical comments.
Keep it up!

Hello @teiluj
We have moved IT-Tools to the fork with the latest update.

Hello @luckow
An app update will be aviable soon.
This update moves the following folders in /app/data/writable(session|cache|logs) to /run/castopod/writable/ and /app/data/writable/temp to /tmp/castopod.
This will reduce the backup size and also automatically clear the session files.

I can confirm this seems to have no impact.
Added the following lines to /app/data/env

OIDC_FORCE_USERNAME=false
OIDC_EMAIL_AS_USERNAME=false
OIDC_NAME_AS_USERNAME=true

Cloudron writes this to /run/mirotalksfu/env and /run/mirotalksfu/env is symlinked to /app/code/.env.
So everything in that /app/data/env => /run/mirotalksfu/env => /app/code/.env is loaded, otherwise all the other settings would be missing.

But now when checking the /app/code/app/src/config.js I see:

peer_name: {
                force: process.env.OIDC_USERNAME_FORCE !== 'false', // Require identity provider authentication
                email: process.env.OIDC_USERNAME_AS_EMAIL !== 'false', // Request email claim
                name: process.env.OIDC_USERNAME_AS_NAME === 'true', // Don't require full name
            }

So from that I can conclude the env vars should be:

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

This now had the desired effect.

I assume what @mirotalk-57bab571 wrote https://forum.cloudron.io/post/107999 was simply a typo or first draft of that variable names.

---

Solution

Use the following variables in /app/data/env

OIDC_USERNAME_FORCE=false
OIDC_USERNAME_AS_EMAIL=false
OIDC_USERNAME_AS_NAME=true

Hello @ccfu @imc67 I found the issue and the app will receive an update soon.

Hello @mirotalk

We greatly appreciate the work you do for the MiroTalk software and also your active contribution here in the forum to get issues sorted out and features implemented.

Our main concern would be a scam attempt and not a spam.
We will add a way to validate posts like yours from validated app authors that help develop and maintain apps on Cloudron.
Since the massive influx of AI posts we receive in the forum and generally present anywhere else, people tend to recognize or associate certain styles with AI and thus, these styles get disregarded as spam very fast.

Hello Everyone

We have added a guide documentation for Per-App storage limit.
If there are questions about this guide, or you have feedback on how to improve it further, please let me know.