A short story from an admin perspective

Today I was informed on one of my daily news websites about a security problem in rocket.chat.
https://www.heise.de/news/Rocket-Chat-Luecke-erlaubte-Remote-Code-Execution-durch-praeparierte-Nachrichten-4873678.html (in german)
https://blog.redteam.pl/2020/08/rocket-chat-xss-rce-cve-2020-15926.html (in english)

Since rocket.chat is part of the critical communication infrastructure in my company, I had a brief moment of "Oh, wait. This is important and I must react now".

I opened the dashboard of Cloudron and took a quick look at the version number of the rocket.chat app and ...

Many thanks to the Cloudron team. I'm safe because of the "built-in" admin

Charming participants at the first (virtual) Cloudron meetup

Let us find out how many participants are possible with a Kopano Meet app on Cloudron (v5.15).

Invitation
When: Monday 20. April 21:00 (Europe/Berlin)
Where: https://meet.luckow.org/meet/r/join/group/public/cloudron-meetup

Please: use chromium/chrome & Headset

Specs: netcup vm, 6 CPU, 32 RAM, HDD

@scooke eg. a use case is an open source community that uses a cloudron instance with some apps. They offer the apps to their community members. To have a consistence user management, it makes sense to have it in the ldap of Cloudron instead of in the user management of each individual application. If you only have 10 or 20 members it's not a problem to delegate the user creation to a user with the admin role. For all other numbers an open registration fits.

#heretoo #thanksforthefix

@yusf interesting tools. never heard of them before. My first impression is: if the foss-communities works close(r) together, the idea of a seamless and shapy ui is possible. But for today: no, there is no foss around

The new update works fine. I had my first guest meeting

If you follow the idea of ip tables (imho the only valid thing), think of the openVPN app from the app store. The idea is to allow access to the dashboard only from the (external) ip from the Cloudron instance itself. Therefore you need openVPN. If everything works correctly, you need an active vpn session to your cloudron and (only) then you can reach the dashboard of my.example.org

Since this version, OpenProject displays a banner for administrator accounts "Future versions of OpenProject will likely drop or reduce support for MySQL and MariaDB databases. Your installation is still running on MySQL and we suggest you migrate your installation to PostgreSQL. This process is easy when following our migration guides: Migrating your installation to PostgreSQL"
Do we have a roadmap for this change? I've heard from some guys from drupal, that they need PostgreSQL because of migration tasks.

I also like the idea of FreePBX on Cloudron. But do you have an idea of the complexity of a VoIP system? The abbreviations and the technical language are completely different than in the IT world. To understand dial plans, it takes hours of lifetime.

Really?

my 2 cents for this topic:
for backups you need fast save & restore options. The "normal" S3 buckets are fine. Some for backup solutions from your hoster. And same for snapshops. They all are fast enough to get a full recovery in a short time.
IMHO solutions like glacier are more or less something for archives. If you need to save your data longer as your typical backup periode is, you need an archive solution. Especially if you are in a business and your government tells you to store your business "papers" for at least 10 years. In that case it's more an archive topic than a backup topic.

@jdaviescoates take a look at https://docs.cloudron.io/apps/nextcloud/ There is a paragraph about managing deleted files. And yes, it's true: you can't look into the trash of others. And because people (i.e. the users) are a bit lazy when it comes to cleaning up, the only chance is an automatic cleanup.

the important thing is: trashbin_retention

https://docs.nextcloud.com/server/18/admin_manual/configuration_server/config_sample_php_parameters.html#deleted-items-trash-bin

In my case I chose a retention time of max. 10 days for all users.

Anyone else with this kind of "feature"?

This only happens with pdfs.

@nebulon a kind of "empty" app? with access control to show it to different users or groups?

taken from https://my.example.org/#/system

/dev/sda4 mounted at /home
This ext4 disk contains: ...

@girish said in ==> Changing ownership on every restart:

ls -l /app/data

from inside the container it looks like

root@3435b3d0-07cb-4c5e-9723-d69d7feb6285:/app/code# ls -l /app/data
total 4
drwxr-xr-x 4 cloudron cloudron 4096 Sep 11 20:41 data

I've run the update. It's a little bit faster:
Sep 11 21:58:16 ==> Changing ownership
Sep 11 22:41:17 ==> Starting minio

Reading documentation is sysadmins nightmare
Thank you for the clarification. That makes sense and it looks like a clever solution.

I guess that in case of a Cloudron trivia night, the question "How many backups do you expect in your storage location?" will be answered in many different ways according to the "important rules" from the documentation

It doesn't look like preserveSecs makes sense

Sep 11 22:00:16 box:settings initCache: pre-load settings
Sep 11 22:00:16 box:taskworker Starting task 641. Logs are at /home/yellowtent/platformdata/logs/tasks/641.log
Sep 11 22:00:16 box:tasks 641: {"percent":2,"error":null}
Sep 11 22:00:16 box:tasks 641: {"percent":10,"message":"Cleaning box backups"}
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/box_2020-09-10-230044-903_v5.5.0 box keepWithinSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/box_2020-09-10-210036-557_v5.5.0 box keepWithinSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/box_2020-09-09-210041-129_v5.5.0 box keepWithinSecs
Sep 11 22:00:16 box:backups cleanupBoxBackups: done
Sep 11 22:00:16 box:tasks 641: {"percent":40,"message":"Cleaning app backups"}
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_e9f85919-502d-4b59-97ae-d073f2e54fff_2020-09-10-230042-063_v1.0.2 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_e9f85919-502d-4b59-97ae-d073f2e54fff_2020-09-10-210033-848_v1.0.2 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_e9f85919-502d-4b59-97ae-d073f2e54fff_2020-09-09-210038-556_v1.0.2 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-08-28-213000-891/app_e9f85919-502d-4b59-97ae-d073f2e54fff_2020-08-28-213001-983_v1.0.1 app preserveSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_af18b149-703c-429b-96fc-8cb0f2a5561c_2020-09-10-230040-949_v1.4.5 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_af18b149-703c-429b-96fc-8cb0f2a5561c_2020-09-10-210032-175_v1.4.5 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_af18b149-703c-429b-96fc-8cb0f2a5561c_2020-09-09-210036-955_v1.4.5 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-02-213000-992/app_af18b149-703c-429b-96fc-8cb0f2a5561c_2020-09-02-213002-048_v1.4.4 app preserveSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_a2d58898-6c99-48f3-bd91-84a73524721b_2020-09-10-230039-574_v1.7.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_a2d58898-6c99-48f3-bd91-84a73524721b_2020-09-10-210030-626_v1.7.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_a2d58898-6c99-48f3-bd91-84a73524721b_2020-09-09-210035-485_v1.7.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_941bc6c6-72cb-416b-ba3f-9a112ad2d7c4_2020-09-10-230034-424_v1.1.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_941bc6c6-72cb-416b-ba3f-9a112ad2d7c4_2020-09-10-210026-587_v1.1.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_941bc6c6-72cb-416b-ba3f-9a112ad2d7c4_2020-09-09-210030-626_v1.1.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_93a78c89-d2c2-46a1-b57e-2b8bf518d916_2020-09-10-230022-647_v1.0.2 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_93a78c89-d2c2-46a1-b57e-2b8bf518d916_2020-09-10-210013-071_v1.0.2 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_93a78c89-d2c2-46a1-b57e-2b8bf518d916_2020-09-09-210015-685_v1.0.2 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-08-31-213000-909/app_93a78c89-d2c2-46a1-b57e-2b8bf518d916_2020-08-31-213002-135_v1.0.1 app preserveSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-08-25-033000-866/app_93a78c89-d2c2-46a1-b57e-2b8bf518d916_2020-08-25-033001-932_v1.0.0 app preserveSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_8e64a058-8d8c-41c4-8550-1b4019006fcc_2020-09-10-230021-162_v1.2.1 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_8e64a058-8d8c-41c4-8550-1b4019006fcc_2020-09-10-210011-822_v1.2.1 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_8e64a058-8d8c-41c4-8550-1b4019006fcc_2020-09-09-210014-183_v1.2.1 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_75ad1fbb-f09a-46f3-8414-addfba6da593_2020-09-10-230019-641_v0.5.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_75ad1fbb-f09a-46f3-8414-addfba6da593_2020-09-10-210008-519_v0.5.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_75ad1fbb-f09a-46f3-8414-addfba6da593_2020-09-09-210011-099_v0.5.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_6f4c222e-1adc-4b47-ad9e-9c5d40be46da_2020-09-10-230017-561_v0.7.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_6f4c222e-1adc-4b47-ad9e-9c5d40be46da_2020-09-10-210005-865_v0.7.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_6f4c222e-1adc-4b47-ad9e-9c5d40be46da_2020-09-09-210008-008_v0.7.0 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-03-213000-893/app_6f4c222e-1adc-4b47-ad9e-9c5d40be46da_2020-09-03-213005-022_v0.6.0 app preserveSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-08-24-213000-924/app_6f4c222e-1adc-4b47-ad9e-9c5d40be46da_2020-08-24-213004-190_v0.5.0 app preserveSecs
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-230012-415/app_40bdc701-b03e-4989-858d-056b31fc3eb2_2020-09-10-230014-114_v1.9.1 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-10-210000-798/app_40bdc701-b03e-4989-858d-056b31fc3eb2_2020-09-10-210002-569_v1.9.1 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-09-09-210000-933/app_40bdc701-b03e-4989-858d-056b31fc3eb2_2020-09-09-210002-875_v1.9.1 app reference
Sep 11 22:00:16 box:backups applyBackupRetentionPolicy: 2020-08-27-213001-082/app_40bdc701-b03e-4989-858d-056b31fc3eb2_2020-08-27-213002-811_v1.9.0 app preserveSecs
Sep 11 22:00:16 box:backups cleanupAppBackups: done
Sep 11 22:00:16 box:tasks 641: {"percent":90,"message":"Cleaning snapshots"}
Sep 11 22:00:16 box:backups cleanupSnapshots: done
Sep 11 22:00:16 box:taskworker Task took 0.103 seconds
Sep 11 22:00:16 box:tasks setCompleted - 641: {"result":{"removedBoxBackupIds":[],"removedAppBackupIds":[]},"error":null}
Sep 11 22:00:16 box:tasks 641: {"percent":100,"result":{"removedBoxBackupIds":[],"removedAppBackupIds":[]},"error":null}