Multi-Stage Dockerfiles

I’m using multi stage dockerfiles for my projects, works like a charm. Only for final stage I use the cloudron base image.

@girish just wanted to check this but my /.well-known/openid-configuration endpoint doesn't list the picture claim?
Am I missing something? I'm on v7.7.2.

"claims_supported": [
    "sub",
    "email",
    "email_verified",
    "family_name",
    "given_name",
    "locale",
    "name",
    "preferred_username",
    "sid",
    "auth_time",
    "iss
]

Tbh not really but I am check with my own app if I’m getting anything

So here's a little sum up how I do it:

1. Create dockerfile

ARG nodeversion=21-bullseye

# build stage using standard node container
FROM docker.io/node:$nodeversion AS builder

WORKDIR /app

# copy & install dependencies
COPY package.json yarn.lock .yarnrc.yml ./
COPY .yarn/ .yarn
RUN yarn install
# copy source code & build
COPY . .
ENV NODE_ENV=production
RUN yarn build --standalone 

# use cloudron base image for running the app
FROM docker.io/cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df

WORKDIR /app
ENV NODE_ENV=production

# copy built files
COPY --from=builder ./app/.output ./.output/
# start script for execution of the app, make sure its executable
COPY --from=builder ./app/start.sh ./
RUN chmod +x /app/start.sh

# set the port and host and expose the port
ENV HOST 0.0.0.0
ENV PORT 8000
EXPOSE 8000

# start the app using start script
CMD [ "/app/start.sh"]

2. Create start.sh

#!/bin/bash

set -eu

# set any environment variables here, e.g. database connection details

# run the server
node .output/server/index.mjs

3. Create CloudronManifest.json
   Nothing special here, follow documentation from Cloudron, set app details, add addons, set exposed port, etc.
4. Create CI/CD pipeline
   This depends a bit on your runner setup, I'm using a custom gitlab runner package on Cloudron I build for myself + the cloudron build service app. This has some quirks but works for me. Its a docker in docker runner but without access to the docker.sock its not possible to run docker commands itself (or at least didn't figure out how). Normally you'd need access to the docker.sock which is not possible with app packages and a security risk.
   Nevertheless here's a sample of my .gitlab-ci.yml

stages:
  - stage

deploy_stage:
  stage: stage
  image: node:19
  environment:
    name: STAGE
  variables:
    BUILD_SERVICE: 'https://builderbot.serverdomain.de'
    FQ_IMAGE_NAME: 'docker.serverdomain.de/imagepath'
    TAG: pre
  only:
    - main
  script:
    - npm install -g cloudron
    - cloudron build --tag $TAG --set-build-service $BUILD_SERVICE --set-repository $FQ_IMAGE_NAME --build-service-token $CI_BUILD_SERVICE_TOKEN
    - cloudron update --server my.serverdomain.de --token $CI_CLOUDRON_TOKEN --app appsubdomain.serverdomain.de --image docker.serverdomain.de/imagepath:$TAG
    #- cloudron install --server my.serverdomain.de --token $CI_CLOUDRON_TOKEN --location appsubdomain.serverdomain.de --image docker.serverdomain.de/imagepath:$TAG

For first run you need to use install cli cmd and afterwards update. Hence I always keep it commented out in the pipeline in case I need to reinstall the app from scratch. A combined command for this would be brilliant *hint *hint @girish

Apart from that there's a little more to it in terms of one time setup which I ommited:

• Setup private docker registry in Cloudron (alternative use a public registry)
• Register the gitlab runner in gitlab
• Setup secrets in gitlab, e.g. Cloudron access tokens
• might be more I've forgotten, as always once setup things get blurry in memory

My code might be a bit to specific for my way of doing it, but I can try to give more details when I find the time.

I’m building a nuxt.js app myself (same as next but for vue). I find it relatively easy to build a custom docker image for cloudron. Using gitlab + gitlab runner on cloudron to build the app and push a docker image to the internal docker registry and deploy it from there to cloudron. Even got 2 versions of the app running for some test staging.

FYI the changed username fixed it, everything is running fine now.

@subven You might be right, noticed my username is different from the one on Cloudron, changed it to mach the Cloudron Username and will try again after I return from Vacation. @girish guess you can make the update stable for now. I've disabled automatic update on my Cloudron until I return.

@girish no, admin user has a generic email.
Happy to help debugging if I can do anything, but I'll be on vacation starting tomorrow for a week, so it would have to wait til next week.

@girish I'm only using it myself, so the only accounts active are my own account through LDAP, an admin account and a couple of bots.

Something went wrong with the OIDC migration in v1.88. I can't login any more. Using Sign in with Cloudron gives me an "Email already in use" error.

Reverted back to v1.87 for now.

Unless I'm missing something the profile information provided by the build in oidc provider doesn't seem to include the users profile picture.
Would it be possible to include this as well?

@brianb you can compile your app as self contained. It will eliminate the need of having the .net framework installed in the cloudron base images.

@robi but this would mean I’d have to change the container runtime on my cloudron server to achieve that, or am i mistaken?

I had this running like this a while back. It works fine if you feel comfortable spinning it up manually on your server. Something to remember is to backup this stuff manually as obviously it will not be part of any automatic cloudron backups.
I did run it using the docker in docker mode which means you have to mount the docker sock. Maybe not the best idea to give a build agent access to the docker system running your production cloudron images.
Hence I have abandoned this eventually and running now a gitlab runner as a custom cloudron app. Has some downsides as well, like docker in docker not working (at least didn’t figure out how to do this).

Has anyone tried setting up oidc authentication with cloudron?

Getting a "oauth2: "invalid_grant" "grant request is invalid"" error when cloudron redirects back to vikunja after authentication.

@girish works perfectly fine now, thanks for the quick fix

Currently playing a bit around with the buildservice and gitlab runners.
When I call the cloudron build command using the build service it fails with the following error:

Pushing 7961033aba9e [==================================================>]     512B/usr/local/node-18.12.1/lib/node_modules/cloudron/src/build-actions.js:100
                process.stdout.clearLine();
                               ^
TypeError: process.stdout.clearLine is not a function
    at EventSource.<anonymous> (/usr/local/node-18.12.1/lib/node_modules/cloudron/src/build-actions.js:100:32)
    at EventSource.emit (node:events:513:28)
    at _emit (/usr/local/node-18.12.1/lib/node_modules/cloudron/node_modules/eventsource/lib/eventsource.js:287:17)
    at parseEventStreamLine (/usr/local/node-18.12.1/lib/node_modules/cloudron/node_modules/eventsource/lib/eventsource.js:302:9)
    at IncomingMessage.<anonymous> (/usr/local/node-18.12.1/lib/node_modules/cloudron/node_modules/eventsource/lib/eventsource.js:259:11)
    at IncomingMessage.emit (node:events:513:28)
    at addChunk (node:internal/streams/readable:324:12)
    at readableAddChunk (node:internal/streams/readable:297:9)
    at Readable.push (node:internal/streams/readable:234:10)
    at HTTPParser.parserOnBody (node:_http_common:129:24)

Any ideas? Works perfectly fine on my local machine. My gitlab runner is running inside a docker container as well, might it be related?

@girish I’ve used their env sample as a reference for configuring it with Dex in my package: https://github.com/outline/outline/blob/main/.env.sample

I’m also experiencing the same problem, it always seems to fail on large files or when a lot of files are backed up. In my case it’s a Nextcloud backup which is failing. Smaller apps with less data work just fine.
Using a similar setup: incremental backup with minio/s3