Cloudron 9.0 (beta) bug reports

@nebulon I think @firmansi is referring to this https://forum.cloudron.io/topic/14359/cloudron-9.0-beta-bug-reports/87?_=1762939432122 (not that that is particularly clear to me)

This is a duplicate of https://forum.cloudron.io/topic/2248/grocy-erp-beyond-your-fridge

Perhaps @james could do some merging

Now I'm wondering if Nextcloud can be configured to use OpenSearch instead of Eleasticsearch!

And it sounds like the answer is yes!

Excellent question — and you’re right to wonder!

Here’s the situation as of late 2025:

---

Nextcloud and OpenSearch Compatibility

The good news:
Yes — Nextcloud can use OpenSearch instead of Elasticsearch for full-text search.

OpenSearch is a drop-in fork of Elasticsearch 7.10, and Nextcloud’s full-text-search ecosystem (the core Full Text Search app plus back-ends like Full Text Search – Elasticsearch Platform) works with any API-compatible engine — which OpenSearch still is.

Nextcloud’s own documentation and issue tracker confirm that OpenSearch works if you’re running:

• Nextcloud ≥ 23
• OpenSearch ≥ 1.0
• The app Full text search – Elasticsearch Platform version ≥ 1.9.0 (latest is fine)

---

️ How to configure Nextcloud to use OpenSearch

1. Install OpenSearch
   (either via Docker, Cloudron addon, or standalone service)

2. Enable the required Nextcloud apps

   • fulltextsearch
   • fulltextsearch_elasticsearch (this works with OpenSearch too)

3. Set connection details in config.php

   'fulltextsearch' => [
       'elasticHost' => 'http://localhost:9200',  // your OpenSearch endpoint
       'elasticIndex' => 'nextcloud',
       'elasticUser' => 'yourusername',
       'elasticPassword' => 'yourpassword',
   ],
   

   or via occ commands:

   sudo -u www-data php occ config:app:set fulltextsearch elasticHost --value="http://opensearch:9200"
   sudo -u www-data php occ config:app:set fulltextsearch elasticIndex --value="nextcloud"
   

4. Index content

   sudo -u www-data php occ fulltextsearch:index
   

---

️ Things to watch out for

• TLS/HTTPS: Nextcloud’s app requires valid HTTPS certificates if the OpenSearch endpoint is remote.
• Authentication: If you enable OpenSearch security, provide credentials via the above config keys.
• Version mismatch: Some users report minor compatibility warnings in logs (harmless) because OpenSearch identifies itself differently, but functionality works.

---

Summary

Feature	Elasticsearch	OpenSearch
Works with Nextcloud FTS
Open Source (Apache 2.0)	(Elastic 2.0)
Multi-tenant security	Paid feature	Built-in
Best choice for Cloudron addon	️

---

So yes — Nextcloud can happily talk to OpenSearch, making it the perfect backend for a Cloudron-style addon that multiple apps (including Nextcloud) could use securely.

Would you like me to show how that addon provisioning could look (so Nextcloud would automatically get its own OpenSearch index and credentials when installed)?

@girish I'd love to be able to use Eleasticsearch on Cloudron so we can have full text search on Nextcloud (because I keep thinking of moving my Nextcloud away Cloudron and search is one of the reasons why - high performance backends and other shiny features that come as standard in the AIO package being other reasons)...

...so I was intrigued by you question and didn't know the response. ChatGPT say:

Right — so what Girish is asking about hinges on whether Elasticsearch supports secure multi-tenancy, meaning:
can multiple apps share a single ES instance safely, with each app isolated to its own dataset (index or namespace) and credentials?

Here’s how that works in Elasticsearch:

---

Multi-tenancy in Elasticsearch

Elasticsearch does not natively provide hard multi-tenant isolation in the open-source (Basic) tier. All indices in a cluster are accessible to any client that can authenticate, unless you’re running a commercial licence (Elastic’s “Gold” or higher) with role-based access control (RBAC) via Elastic Stack Security (formerly X-Pack).

However, you can approximate multi-tenancy in several ways:

---

1. Single cluster, per-app indices (no true isolation)

• Each app gets its own index (e.g. app1_*, app2_*).
• Credentials: You can create separate API keys or users per app if you’re using Elastic Stack Security.
• Without X-Pack security, you can’t restrict one user to only their own indices.
• Simple to manage
• No isolation without paid security features

---

2. Single cluster, per-app namespaces with RBAC (requires paid Elastic licence)

• You create roles limiting each user to their own index patterns (e.g. role_app1 → indices: app1_*).
• Then create a user per app and assign its role.
• True logical isolation
• ️ Requires enabling security features (which are part of Elastic’s commercial licence, not open source)

---

3. Separate Elasticsearch instances per app

• Each app gets its own single-tenant ES container.
• Cloudron would manage these automatically as separate addons (like how Postgres addons work).
• Strong isolation, no need for commercial features
• More resource usage, less efficient

---

4. OpenSearch alternative

If you switch to OpenSearch (the fully open-source fork of Elasticsearch 7.10), it includes fine-grained access control (FGAC) and multi-tenancy features under the Apache 2.0 licence.
That makes it more suitable for Cloudron’s addon model, since you can:

• Create tenants
• Restrict users to specific indices
• Use internal user databases or LDAP for auth
• Do all this without paid licensing

---

Summary (for Girish / Cloudron dev context)

Option	Isolation	Licensing	Suitable for Addon Model?	Notes
Elasticsearch OSS	None	Open source		No way to restrict users per index
Elasticsearch (with X-Pack Security)	Yes	Commercial	️	Technically possible, but licence issue
Multiple ES containers	Full	Open source		More resource-heavy
OpenSearch	Yes	Open source		Best fit for Cloudron addon use-case

---

Recommendation

If the goal is to package Elasticsearch as a Cloudron addon shared by multiple apps with per-app credentials:

• Use OpenSearch, not Elastic’s OSS build.

• Implement addon hooks to:

  • Create an index pattern per app (app_<id>_*)
  • Create a user + password via the OpenSearch security API
  • Assign permissions for that index pattern
  • Inject credentials into the app container’s env vars

That way, the model matches existing Cloudron addons like PostgreSQL: single shared service, isolated logical databases per app.

---

Would you like me to sketch a quick pseudo-flow (in YAML or JSON) showing how Cloudron could auto-provision an OpenSearch user/index when an app requests the addon?

Have these setting be separated out in Cloudron 9?

I wanted to turn of Automatic Platform updates, but leave App updates on:

@andreasdueren I think perhaps they just slowly roll out alphabetically based on the my. domain - have the servers that have not updated got domains with letters later in the alphabet?

I don't seem to have this issue.

I've got 823.52 GB of video files (in a mounted Hetzner Storage Box) and another 845.46 GB of music files (in another mounted Hetzner Storage Box) but my Jellyfin app is only taking up 5.86 GB of space.

I've never edited these:

@svtx I mean perhaps you've got some non standard configuration, or maybe other stuff on the same server, that sort of thing.

But if you mean Hetzner S3 buckets they are very new so I guess it could be that.

TBH I've only ever used Scaleway S3 buckets and only for PeerTube, Mastodon and Pixelfed data, not backups. I've always just used Hetzner Storage Boxes for backups.

But whatever your setup, the main point is that for the vast majority of us Cloudron backups are not defunct, they work brilliantly.

@svtx said in Cloudron 9.0.5 doesn't show backups from version 8?:

The backup system is DEFUNCT on ALL my installations.

TBH this sounds like a problem with your systems, not Cloudron. I've been using Cloudron for years, in part because the backups Just Work. I've used them to migrate my whole server and all the apps a number of times with zero issues. I have also restored backups of apps lots of times too. Again, it's always just worked seamlessly. The backup system is definitely not defunct in general.

@Neiluj said in Apps Compatible with Keycloak SSO:

Hi - You can find the list of Cloudron packaged app that are SSO enabled here: https://www.cloudron.io/appstatus.html

While this list speaks to a SSO managed by / for Cloudron, I am under the understanding that, for each of these apps, if you leave user management to the app when installting the app on Cloudron, you should be able to configured SSO to work with your Keycloak instance.

Hopefully this is a correct assumption.

I hope that this helps.

Yeah, I'm not certain either, but think you're right that any app that already supports Cloudron SSO could be configured to work with Keycloak SSO too.

I think perhaps @Sam_uk is using Keycloak (or similar) for the SSO for his Cloudrons and so could probably chime in with actual knowledge gained from experience.

@marylou look at the app logs. Perhaps it keeps running out of memory or something?

@msbt said in Who is selling hosted (and supported) Cloudron servers?:

The shiny new thing is this one: The Happy Hosting Company at https://www.happyhosting.co - feedback is welcomed and appreciated!

Looks great!

Presumably the Start-up/ Agency/ Cloudron packages are actually all identical?

Ladybird is currently in heavy development. We are targeting a first Alpha release for early adopters in 2026.

@necrevistonnezr just out of interest, is there any particular reason you'd prefer this to Stirling PDF?

Or are you just adding it because the more the merrier?

@MooCloud_Matt said in Garage, an open-source distributed storage service you can self-host to fullfill many needs:

Garage still doesn't support 100% the s3 protocol.

Seems they got most of it covered now:
https://garagehq.deuxfleurs.fr/documentation/reference-manual/s3-compatibility/

@marcusquinn said in Minio removing the interface for community edition:

@micmc wow, sounds good! Create a wishlist post for it with all the details?

There is already one here:

https://forum.cloudron.io/topic/6461/garage-an-open-source-distributed-storage-service-you-can-self-host-to-fullfill-many-needs?_=1761215051346

@nilesh yeah, "Deploy on Cloudron" needs adding to this list:

@james presume you'll add that to the docs if you've not already done so?

Is there any way to do this yet?

@avatar1024 I'm wondering how you do your Nextcloud onboarding? I've got a e.g a shared folder on my Nextcloud for West Dorset Commons, and a Cloudron Group called west-dorset-commons...

At present, before I can share the WDC folder with WDC members, they first need to login to the Nextcloud (because until they do it doesn't know they exist, even though they already exist on Cloudron).

Ideally anyone on the Cloudron who is in the west-dorset-commons Cloudron group would automatically also have access to the West Dorset Commons folder within Nextcloud - has anyone found a way to do that yet?

@WiseMetalhead said in Nextcloud Mail issues:

The thing is, I still don’t know why my Mail app worked perfectly with the old settings for months and suddenly stopped now.

I guess it must've / might've had something to do with you moving the docker stuff around - and perhaps it kept working for a little while after you did that due to caching or something would be my wild guesses