Update on community packages

Sorry, maybe a stupid question, but I didn't find the answer anywhere. Don't we have any "Guide" on how to create the new Community Apps for Cloudron? How do I know how the CloudronVersions.json have to be configured. What are the requirements? Are there limitations? When I look at existing CloudronVersions.json it seems that Community Apps do not need to use the Cloudron Base Image anymore? Questions over questions

@timconsidine very interesting question! I just came to the same conclusion. It looks like all those autonomous AI agents seems to be just another chat interface. Glad to not be alone with that conclusion.

@joseph I know, but it failed

root@cloudron:~# cloudron-support --reenable-ipv6
/usr/bin/cloudron-support: line 932: reenable_ipv6_persistent: command not found

Maybe just one more comment. During troubleshooting I found out that with cloudron-support it is possible to use --disable-ipv6 , but re-enablement is not available.

Since my clouron is running good again, I found some ip-addresses in the mentioned lists that may have forced cloudron firewall to block cloudron itself... the issue is solved.

Thanks for quick reply @james

Its a shell script that is using POST https://CLOUDRON/api/v1/network/blocklist to block IPs from lists like:
https://iplists.firehol.org/files/spamhaus_drop.netset
https://iplists.firehol.org/files/spamhaus_edrop.netset
https://iplists.firehol.org/files/firehol_level1.netset
https://lists.blocklist.de/lists/mail.txt

I assume that one of those lists did contain something that did break my cloudron instance. The POST-request did timedout, and when I was looking to my Cloudron I saw that the services are down.

Luckily I was able to delete the list of IPs from Firewall via GUI after restarting of Cloudron in the first 1-2 minutes. Since then my Cloudron is running good again. I will investigate further on my end if there was something in the ip-list that may break cloudron and will report if there is anything wrong on cloudron or on my script.

Since I tried to do some automagic with ip-address lists sent to cloudron API for firewall I broke my cloudron.

cloudron-support --troubleshoot :

root@cloudron:~# cloudron-support --troubleshoot
Vendor: Hetzner Product: vServer
Linux: 6.8.0-94-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: Intel Xeon Processor (Skylake, IBRS, no TSX)
BIOS NotSpecified  CPU @ 2.0GHz x 8
RAM: 15988568KB
Disk: /dev/sda1       118G
[OK]	node version is correct
[FAIL]	Server has an IPv6 address but api.cloudron.io is unreachable via IPv6 (ping6 -q -c 1 api.cloudron.io)
Instead of disabling IPv6 globally, you can disable it at an interface level.
	sysctl -w net.ipv6.conf.eth0.disable_ipv6=1
For the above configuration to persist across reboots, you have to add below to /etc/sysctl.conf
	net.ipv6.conf.eth0.disable_ipv6=1

cloudron-support --check-services:

root@cloudron:~# cloudron-support --check-services
[FAIL]	Service 'mysql' is not reachable
[FAIL]	Service 'postgresql' is not reachable
[FAIL]	Service 'mongodb' is not reachable
[FAIL]	Service 'mail' is not reachable
[FAIL]	Service 'graphite' is not reachable
[FAIL]	Service 'sftp' is not reachable

When I reboot the machine, the services comming up, but down again within 1-2 Minutes.

Any advice how to fix that? As this is urgent for me, I would be happy to get quick help. Thank you!

@joseph Thank you for your quick help and response!

Yes, it does.

Hi there,

I found the following messages in my mail log:

Jan 27 13:26:26 [INFO] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1] [core] hook=queue plugin=cloudron function=queue_inbound params="" retval=OK msg="Message Queued (1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1)"
Jan 27 13:26:26 [NOTICE] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1] [core] queue code=OK msg="Message Queued (1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1) (1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1)"
Jan 27 13:26:26 [NOTICE] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1] [core] disconnect ip=XX.XX.XX.XX rdns=XXX.de helo=XXX.de relay=N early=N esmtp=Y tls=Y pipe=Y errors=0 txns=1 rcpts=1/0/0 msgs=1/0/0 bytes=135775 lr="" time=6.721
Jan 27 13:26:26 [INFO] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1.1] [outbound] hook=get_mx plugin=cloudron function=get_mx params=ONEOFMYDOMAINS.COM retval=OK msg="{\"priority\":0,\"exchange\":\"127.0.0.1\",\"port\":2424,\"using_lmtp\":true}"
Jan 27 13:26:26 [INFO] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1.1] [outbound] secured verified=false cipher=TLS_AES_256_GCM_SHA384 version=TLSv1.3 error=ERR_TLS_CERT_ALTNAME_INVALID cn=*.CLOUDRONDOMAIN.DE organization="" issuer="Let's Encrypt" expires="Mar 21 12:12:23 2026 GMT" fingerprint=E9:3A:8F:4E:01:XXXXXXXXX:05:F0:C4:59:7B:12:36
Jan 27 13:26:27 [NOTICE] [1C07FE1F-BFFD-44A5-BE12-C4FBAF177077.1.1] [outbound] delivered file=1769516786845_1769516786845_0_66_zECH7t_77_0c956581fbfa domain=ONEOFMYDOMAINS.COM host=127.0.0.1 ip=127.0.0.1 port=2424 mode=LMTP tls=Y auth=N response="<SOMEONE@ONEOFMYDOMAINS.COM> iElcNfKueGnACQAAlsLRwg Saved" delay=0.174 fails=0 rcpts=1/0/0

My concerns are regarding Error ERR_TLS_CERT_ALTNAME_INVALID

cloudron-support --troubleshoot shows

root@cloudron-server:~# cloudron-support --troubleshoot
Vendor: Hetzner Product: vServer
Linux: 6.8.0-90-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: Intel Xeon Processor (Skylake, IBRS, no TSX)
BIOS NotSpecified  CPU @ 2.0GHz x 8
RAM: 15988572KB
Disk: /dev/sda1       118G
[OK]	node version is correct
[OK]	IPv6 is enabled and public IPv6 address is working
[OK]	docker is running
[OK]	docker version is correct
[OK]	MySQL is running
[OK]	netplan is good
[OK]	DNS is resolving via systemd-resolved
[OK]	unbound is running
[OK]	nginx is running
[OK]	dashboard cert is valid
[OK]	dashboard is reachable via loopback
[OK]	No pending database migrations
[OK]	Service 'mysql' is running and healthy
[OK]	Service 'postgresql' is running and healthy
[OK]	Service 'mongodb' is running and healthy
[OK]	Service 'mail' is running and healthy
[OK]	Service 'graphite' is running and healthy
[OK]	Service 'sftp' is running and healthy
[OK]	box v9.0.17 is running
[OK]	Dashboard is reachable via domain name
[WARN]	Domain CLOUDRONDOMAIN.DE expiry check skipped because whois does not have this information

I found a very old Thread about this where claimed that it has been fixed.

Is there anything to worry about or fix?

Yes, it is set to false.
Maybe I was tricked because I had one Domain whitelisted. I don't remember if the "Register"-Link was always there. Would love to hide it.

It seems, that the disabled registration does work. Sorry for alerting...

@timconsidine thanks for checking. My install is also "older"... Is the registration link visible or invisible in your instance?

Hello,

is it just me or is there something wrong with the Vaultwarden App. I have disabled new registrations. Today after the update I realized, that there is a register link on the login page (now?). I tried to register and was successfull. Can someone confirm that registration is disabled and works as expected on their instance?

Best,
Michael

@timconsidine Yes, I did, and also did restart the App.

Hm, instead of <yourappname.domain.tld> it should be the App Id, right?
However, it failed with error that the Manifest is missing...
I uninstalled and installed the CCAI-P App again on my cloudron, but now it fails when trying to install ClouDNS Steward with this error (in fact already after Login):

Verification failed (code 1): (node:67) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
 (Use `node --trace-warnings ...` to show where the warning was created)
 Failed to list apps: Invalid token. Use cloudron login again.

I tried to install it with my private Cloudron CCAI instance, but I get this error:

[14:24:59] Repository URL provided: https://git.cloudron.io/timconsidine/cloudron-cloudns-steward
[14:24:59] Server will auto-detect default branch and construct manifest URL
[14:24:59] Starting installation process...
[14:24:59] Installation started. Streaming logs...
[14:24:59] ERROR: Failed to check installation status: The string did not match the expected pattern.

What string is it that I have to check?

@timconsidine looks like you are 100% in a flow of productivity

I like both options!

@timconsidine I tried the demo and like it, but to make it even better (not at least in comparision with Nextcloud) it should have full text search. Not sure if that is doable?

@james Thank you for clarifying