@girish thanks a lot super fast response. Just installed cloudron this day with the new setup-script. For the people reading this in the future) setting the immutable bit did the trick, no installation like I supposed needed. Works like charme...
m-si
Posts
-
Cloudron install error (dpkg error) -
Cloudron install error (dpkg error)@fbartels you are right the immutability is solved by the last two lines
sudo chattr -i /etc/resolv.conf && ...
but with my RS 2000 G9.5 the whole resolv.conf seemed to miss when I trieddpkg-reconfigure resolvconf
...therefore I simply installed it...like in the snippet...
@girish The VPS have generally AVX not enabled it's only supported by the RS line a supporter of Netcup told me... Maybe this should be mentioned on the list of cloudron providers... -
Cloudron install error (dpkg error)@girish @jdaviescoates The fix is not for the DVD Installation, but for the "original" netcup ubuntu 22.04 minimal image Netcup provides to their users in the Netcup SCP. It makes the DVD full installation of Ubuntu obsolete (and solves the issue of the OP) and reduces the maintenance burden of Netcup RS server customers... with approval I thought of confirmation on a different system by a different user than me. Sorry for the confusion have to work on my english skills
-
Cloudron install error (dpkg error)The minimal image of ubuntu 22.04 of netcup seems to have
resolvconf
not installed, which seems to be a dependency for init-ubuntu.sh which is used by cloudron-setup. So it produces a error like this :Fehler traten auf beim Bearbeiten von:^M resolvconf^M needrestart is being skipped since dpkg has failed E: Sub-process /usr/bin/dpkg returned an error code (1)
To fix it. resolvconf needs to be installed manually with these commands.
sudo apt-get update && sudo apt-get upgrade -y sudo apt-get install -y resolvconf sudo chattr -i /etc/resolv.conf && \ sudo dpkg --configure resolvconf
and one can proceed happily with the installation, without needing to use the full Ubuntu DVD. Can someone approve this fix?
-
Update KB article docker-registry gitlab integrationExactly that was the article I was referring too. Beside oft my findings it worked for my installation like a charm.
-
Update KB article docker-registry gitlab integrationJust stumbling upon the installation and found some minor quirks of the documentation, so I thought I leave my findings here for others:
- the documentation says "
chown -R cloudron:cloudron /media/registry-shared/
" you are able to use user "yellowtent
" if you donĀ“t have user cloudron available (@girish or is this a security fail). - the documentation says
production: <<: *base registry: enabled: true host: <DOCKER_REGISTRY_HOST> ...
I found in my gitlab.yml "
production: &base
" and left it, like it was. When I did the change the KB article mentioned it didn't work out for me.By the way is it possible to propose changes in the KB article like this, so the maintainers just have to accept (that might streamline the workflow a little and keep the KB articles faster up to date. Again thank you so much for your awesome work grish and johannes...really appreciating it.
- the documentation says "
-
Mailpiler - self hosted email archive@necrevistonnezr you are absolutely right. @LoudLemur as the same legislative rules already applied to the paper-based business communication for a long time before already... from the surveillance perspective you are right, but it is not the government but the business owners, that are collecting the information and need too anyway to fulfill the business. When I look from different angles on it, I even sort of can understand it.
-
As a business owner it makes you safe in legal cases (HGB) or financial audits (AO, GoBD)...
-
As an end-user/citizen I like the regulation because, that way it is a bit more difficult to mess around with taxes (I think taxes are fair as long as all of us pay them) and with the GDPR rules we in Europe are always able to ask for deletion, change and handing out of at least any personal information...
IMHO So there is as always a fine line between surveillance and the security/freedom we as a community deserve and rely on and in my eyes we as the technical enablers have to consult at that point wisely...
But I'm neither a judge nor a lawyer anyway
-
-
Mailpiler - self hosted email archive@LoudLemur in germany there is a legal requirement for almost all businesses according to different laws and regulations to archive without the user haveing the option to modify, deleteā¦so before it getās in the inbox. Additionally you have to find mechanisms to not archive personal information due to regulations of the GDPR/DSGVO. Very hairy therefore a solution like mailpiler was developedā¦
Mailpiler is a software to archive not to backup so a different usecase
-
Mailpiler - self hosted email archive@girish First of of all, a huge thank you to all participants. This is huge step for seriuos mail providing especially in germany.... but, maybe I don't see the obvious. As it is published... am I able to install it via the appstore? Or do I have to use the cli route mentioned in vladimirs readme?
-
languagetool connection error 405@girish Thank you so much for the quick response...I can confirm putting in
https://lt.my-domain.org/6FoL0A/v2
worked perfectly. the check is added by the firefox plugin itself... cloudron is awsome, for the software and the people... -
languagetool connection error 405I'am struggeling with the setup of languagetool app. When I use the firefox addon (with server url
https://lt.my-domain.org/secret/6FoL0A/check
) to connect it throws(#1, code=0)
. If I use the terminal withcurl -d "language=de-DE" -d "text=a simple test" https://lt.my-domain.org/secret/6FoL0A/check
I get
<html> <head><title>405 Not Allowed</title></head> <body> <center><h1>405 Not Allowed</h1></center> <hr><center>nginx/1.18.0 (Ubuntu)</center> </body> </html>
even though
https://lt.my-domain.org
works perfectly fine...Steps to reproduce:
- install languagetool app in cloudron
- setup ngrams
/app/pkg/install-ngrams.sh /app/data/ngrams en de
which worked flawless - setup env file
# Protect installation with magic/hidden URL API_PATH_PREFIX=6FoL0A # Activate n-gram datasets (https://docs.cloudron.io/apps/languagetool/#n-grams) NGRAM_DATASET=("en" "de") NGRAMS_DATASET_PATH=/app/data/ngrams
so what am I missing?
(I changed the API-Prefix for obvious reasons...)
-
Penpot - Design Freedom for Teams@girish absolutly fantastic... for almaost any development a vaiable alternative to figma...you guys are awsome...
-
HSTS Preload@girish I would love to have this feature as well. Especcially as without it's impossible to register the domain at https://hstspreload.org...as you said.
-
DANE support for cloudron.mailI'm in a struggle to make cloudron.mail even more secure and tried to set up DANE. I don't know whether this is Hosting-Provider specific (currently on Netcup). So I do have difficulties to set up a valid TLSA.
steps to reproduce:
- Download public key via browser (store it as .pm)
- Generate TLSA entry for let's say port 25 via ssl-tools with
- Usage: DANE-EE
- Selector: Use subject public key
- Matching Type: SHA-256 Hash
- Certificate: Content of .pem file
- Port: 25
- Protocol: tcp
- Domain: mail.<DOMAIN.TLD>
- setup entries at netcup with the following entries
_25._tcp.mail in TLSA 3 1 1 <FINGERPRINT>
If I check the entries via internet.nl I'm able to get one check for DANE Existance...but it seems to be not valid...
But it seems to be even more difficult to setup DANE with the short living Let's encrypt certificates. According to internet.nl we have to republish the entry every time the certificate is renewed and the cloudron generated certificate seems to have no trust anchor TA. So we are not able to use the TA certificate in the "DANE Rollover sceme" (Current + Issuer CA "3 1 1" + "2 1 1") as second TLSA entry...
Maybe @girish or anybody else has experience in pinning the let's encrypt certificate of cloudron with a sufficient workaround?
-
Is there a possibility in cloudron to propagate a mta-sts policy?Recently I played arround, to improve e-mail security with MTA-STS. I was able to simply use surfer app to publish the mta-sts.txt file and set up the necessary DNS entries. But the solution is somewhat clunky, so may be it might be an easy win @girish , to make this directly possible through cloudron ui, until we implement DANE into cloudron.
Steps to reproduce working MTA-STS setup in cloudron useing surfer app
-
setup surfer app at the following subdomain
mta-sts.<DOMAIN.TLD>
-
make folder
.well-known
inside folderpublic
-
create mta-sts.txt
version: STSv1 mode: enforce max_age: 86400 mx: mail.<DOMAIN.TLD>
(where any mail server which it should belong should have an entry. I'am not quite shure wethere we need mx: my.<DOMAIN.TLD> as well, but for the tests the above has been sufficient.)
- set up following DNS records
_mta-sts in TXT v=STSv1; id=20221123132400Z
(where the id is a simple Timestamp or a uniq number to identify the entry)
_smtp._tls in TXT v=TLSRPTv1; rua=mailto:<USERNAME>@<DOMAIN.TLD>
(where the rua-Mail-Adress is an Address one want's to get the reports)
EDIT:
We can easily check if the setup is correct via check tls. -
-
After App and Redis stop Installation no more found by cloudronUpdate:
Steps to reproduce:
- go to cloudron app store install peertube
- wait untill peertube reaches state running.
- stop peertube
- go to section repair in cloudron peertube app
- select "restart app" and restart app.
- try visit your youtube instance
After step 5. redis is stopped as well (without manual restart ist produces a ton of errors like:
2022-08-20T04:53:25.000Z [...:443] 2022-08-20 04:53:25.979 [32minfo[39m: Connecting to redis... 2022-08-20T04:53:26.000Z [...:443] 2022-08-20 04:53:26.007 [31merror[39m: Error in job queue activitypub-http-fetcher. { 2022-08-20T04:53:26.000Z "err": { 2022-08-20T04:53:26.000Z "stack": "Error: getaddrinfo ENOTFOUND redis-876aae5e-572c-45d1-b48e-5176ba2e62fe\n at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:71:26)", 2022-08-20T04:53:26.000Z "message": "getaddrinfo ENOTFOUND redis-876aae5e-572c-45d1-b48e-5176ba2e62fe", 2022-08-20T04:53:26.000Z "errno": -3008, 2022-08-20T04:53:26.000Z "code": "ENOTFOUND", 2022-08-20T04:53:26.000Z "syscall": "getaddrinfo", 2022-08-20T04:53:26.000Z "hostname": "redis-876aae5e-572c-45d1-b48e-5176ba2e62fe" 2022-08-20T04:53:26.000Z }
and after step 6 one will see the following message:
You are seeing this page because the DNS record of ... is set to this server's IP but Cloudron has no app configured for this domain.
the message persists even after manually turning redis on and repeat steps 3. to 6.
-
Adding fonts to NextCloud + Collabora@nebulon I see there is always a lot to do, so maybe it's an idea to mention it again. Do you think we might have a chance to add fonts like thatā¦?
RUN ln -s /app/data/fonts /opt/collaboraoffice/share/fonts/truetype/local
-
After App and Redis stop Installation no more found by cloudronAfter a bug in my peertube-instance I stopped the App and tried to restart the app via repair menu section (PeerTube 4.2.2, v7.2.5 (Ubuntu 20.04.3 LTS)). The app stop stopped the redis as well, therefore the restart of the app failed (after manually restarting redis) the app is no more āfoundā by my cloudron instance even though it is successfully running:
"You are seeing this page because the DNS record of ... is set to this server's IP but Cloudron has no app configured for this domain."
After complete uninstalling and reinstalling the app under the same subdomain the error persists. How am I able to "cleanup" the subdomains at least...?
After the app stop i found the following in the logs:
npm ERR! path /app/code/server Aug 19 18:54:24 npm ERR! command failed Aug 19 18:54:24 npm ERR! signal SIGTERM Aug 19 18:54:24 npm ERR! command sh -c node dist/server Aug 19 18:54:24 Aug 19 18:53:25 Starting supervisor Aug 19 18:53:26 2022-08-19 16:53:26,108 CRIT Supervisor is running as root. Privileges were not dropped because no user is specified in the config file. If you intend to run as root, you can set user=root in the config file to avoid this message. Aug 19 18:53:26 2022-08-19 16:53:26,108 INFO Included extra file "/etc/supervisor/conf.d/redis-service.conf" during parsing Aug 19 18:53:26 2022-08-19 16:53:26,108 INFO Included extra file "/etc/supervisor/conf.d/redis.conf" during parsing Aug 19 18:53:26 2022-08-19 16:53:26,113 INFO RPC interface 'supervisor' initialized Aug 19 18:53:26 2022-08-19 16:53:26,113 CRIT Server 'inet_http_server' running without any HTTP authentication checking Aug 19 18:53:26 2022-08-19 16:53:26,113 INFO RPC interface 'supervisor' initialized Aug 19 18:53:26 2022-08-19 16:53:26,113 CRIT Server 'unix_http_server' running without any HTTP authentication checking Aug 19 18:53:26 2022-08-19 16:53:26,113 INFO supervisord started with pid 1 Aug 19 18:53:27 2022-08-19 16:53:27,117 INFO spawned: 'redis' with pid 13 Aug 19 18:53:27 2022-08-19 16:53:27,120 INFO spawned: 'redis-service' with pid 14 Aug 19 18:53:27 13:C 19 Aug 2022 16:53:27.124 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo Aug 19 18:53:27 13:C 19 Aug 2022 16:53:27.124 # Redis version=5.0.7, bits=64, commit=00000000, modified=0, pid=13, just started Aug 19 18:53:27 13:C 19 Aug 2022 16:53:27.124 # Configuration loaded Aug 19 18:53:27 13:M 19 Aug 2022 16:53:27.125 * Running mode=standalone, port=6379. Aug 19 18:53:27 13:M 19 Aug 2022 16:53:27.125 # Server initialized Aug 19 18:53:27 13:M 19 Aug 2022 16:53:27.125 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect. Aug 19 18:53:27 13:M 19 Aug 2022 16:53:27.125 * Ready to accept connections Aug 19 18:53:27 Redis service endpoint listening on http://:::3000 Aug 19 18:53:28 2022-08-19 16:53:28,255 INFO success: redis entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) Aug 19 18:53:28 2022-08-19 16:53:28,255 INFO success: redis-service entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) Aug 19 18:53:40 [GET] /healthcheck Aug 19 18:54:25 2022-08-19 16:54:25,223 WARN received SIGTERM indicating exit request Aug 19 18:54:25 2022-08-19 16:54:25,224 INFO waiting for redis, redis-service to die Aug 19 18:54:25 2022-08-19 16:54:25,226 INFO stopped: redis-service (terminated by SIGTERM) Aug 19 18:54:25 13:signal-handler (1660928065) Received SIGTERM scheduling shutdown... Aug 19 18:54:25 13:M 19 Aug 2022 16:54:25.314 # User requested shutdown... Aug 19 18:54:25 13:M 19 Aug 2022 16:54:25.314 * Saving the final RDB snapshot before exiting. Aug 19 18:54:25 13:M 19 Aug 2022 16:54:25.316 * DB saved on disk Aug 19 18:54:25 13:M 19 Aug 2022 16:54:25.316 * Removing the pid file. Aug 19 18:54:25 13:M 19 Aug 2022 16:54:25.316 # Redis is now ready to exit, bye bye... Aug 19 18:54:25 2022-08-19 16:54:25,317 INFO stopped: redis (exit status 0)
As you can see, the redis seems to abnormally stops after the npm SIGTERM (or does this work as designed?)ā¦the restart seems to be not successful in restarting the redis service after that...
-
Adding fonts to NextCloud + Collabora@nebulon Another try hopefully less hackish... According to the solution of rLoutrel found here ... maybe it is sufficient to simply:
RUN ln -s /app/data/fonts /opt/collaboraoffice/share/fonts/truetype/local
This one won't add /usr/share/fonts/ as extra volume to collabora and we won' have the ability to get rid of the intially installed fonts but should make it at least possible to add custom fonts via /app/data/fonts. So this might be a solution to the initial Question of SirFiChi...
-
Adding fonts to NextCloud + Collabora@nebulon no this is prevented by the --existing flag...that's the reason why I initially suggest to move the whole thing and afterwords only update the (still) existing... to get a whole copy of the primary folder one has to delete the font folder in app/data... then there will be again the full copy/move...