queryNS ETIMEOUT when renewing certificates

@joseph ah, there you go. I have indeed updated to 24.04, and presumably it was before this instruction was added.

Thank you all for the help, guys, all is well now

Hi, thanks for the help!

cloudron-support told me unbound was down (I should've checked cloudron's own "services" page, which I now see has unbound down). It turns out I'm having the same issue as in this post: https://forum.cloudron.io/topic/12556/unbound-service-not-working/11

Went to reinstall unbound-anchor, but I had broken dependencies. Ran apt --fix-broken install (apt's own suggestion), then installed unbound-anchor which seems to have installed unbound itself.

I don't ever run stuff on this server, I follow cloudron's suggestion to have the server all for the cloudron service, so I have no idea how this happened, but reinstalling seems to have fixed the issue.

Had to reinstall two apps that were erroring because of this, though. I had no data in them, so it's fine, but still weird that this happened.

Just checked and, from my cloudron box, I can access route53 with same aws credentials via aws-cli. Not sure what's going on, can anyone maybe shed a light? Thanks!

Hi,

I have been receiving multiple "queryNS ETIMEOUT" for all my cloudron domains. They're all hosted on Amazon's Route53. As a result, my certificates are expiring and multiple services stopped working.

My access key is working, as I have another service that uses it for other subdomains on another machine.

(I left the domain name out of the screenshot, but this is what is going on).

Any clue what might be happening? Any other logs I could check?

Thanks.

Yeah, that makes sense. Thanks for the answer!

I did this and it was VERY hacky and had to mess with cloudron code, but was able to do it in the end.

@nebulon, out of curiosity, could you outline how you go about this process? Thanks!

Hi,

This week I went through a very painful cloudron and server upgrade process, and it got me thinking about this. I was running ubuntu 18 (gasp!) and an old version of cloudron that still supported no-AVX servers (bc it used mongodb 4.x).

I ended up messing around with box code, mainly updater.js and infra.js, disabling the AVX check code, patching the downloaded box code to use an old version of mongodb, it was very hacky and I don't recommend it (though it did work).

So now I'm on version 8 and since I have no apps that use mongodb, all is well.

But it got me thinking if maybe there should be a way of running older versions of services, instead of just disabling them. Now, I can't shake the feeling that it's probably a bad idea, but also can't really put my finger on why exactly it is bad.

Just wanted to know people's thoughts on this here on the forums.

Thanks!

Same issue here. Cloudron says it's blacklisted by Spamhaus, but Spamhaus itself says it's not.

I use gluetun at home with an OpenVPN-based VPN service, and it works like a charm.
Not sure how we would implement it in cloudron, though.

At my home server I use a docker-compose file with all the services, and on the ones I want to use the VPN, I use network_mode: service:gluetun.

Gluetun also needs NET_ADMIN capability enabled.

@timconsidine Sorry, but that's not it. Putting the "woke socialism" label everywhere is really not what we should do.
I've seen more entitled pro "freedom" people whine about a company not doing what they want, saying they'll call for a boycott or what have you, "vote with your wallet"-style, than anyone else.

I, too, don't like the attitude of "cloudron NEEDS to go open source bc my admins are whining about it". I'd love for cloudron to be open-source, but I understand why it's currently not, and I'm okay with it. So much so that I have been a paying customer since early 2017 on version zero dot something, and have no plans to cancel my membership anytime soon.

I'd much rather have serious, respectful, adult discussion about open source software and business models (which most people in this thread are doing) than slapping labels on others willy-nilly.

@fbartels Ah, man, it's been a while since I've packaged a cloudron app, of course. My bad.

Yeah, then we'd need to rebuild every app, which is certainly a lot of work.

What about this:

• we make cloudron base images multi-arch (should be easy enough)
• we change the way we package apps that have docker images to use multiple FROM statements, using upstream images to copy stuff to cloudron's base image on the correct architecture

Not sure this is the way to go, just a thought. Does this make any sense to you guys?

Edit: I might try to package something over the weekend like this just to try it out...

@marcusquinn I run a nextcloud instance, mysql and all, on a Raspberry Pi at home using docker-compose. It is CPU hungry, yes, but I had no need to use a different docker tag or anything.

Ran with the same docker-compose.yml file I used on my (amd64) laptop for testing and configuration. Not sure we need to repackage for apps that DO provide multi-arch docker images.

There is a need to rewrite a bunch of the install script and initial configurations, with the addons and all. I'm not saying it is easy or trivial, please don't get me wrong. Just saying we might not need to repackage many apps.

Do all of them really have to be repackaged? I'm pretty sure most popular apps have multi-arch builds nowadays, so you can just use the image name and docker manages to download the correct architecture image. Is that not so?

Thanks for the insights, @arshsahzad and @girish, I’ll explore these solutions.

As for tailscale and cloudflare, I’d have to set them up externally to cloudron on the server, right? Which I’ve always thought was not recommended.

Think I’ll try it anyway and get back to you guys. I’ve already setup a vpn on my home server with wireguard so maybe I’ll go with that.

Thanks!

Hi, ppl.

Is it possible to have an App Proxy that proxies an app via VPN?

I have a few apps I host in a home server, and would love to have them accessible from cloudron App Proxies, but don't want to open ports on my home router.

Thought I could use cloudron's VPN server, add my home server as a client, and proxy apps through the VPN. Not sure that's possible as of now.

What do you guys say?

Thanks!

Kimsufi server over here, no avx support

@scooke Hi, sorry for the delay.

Yeah, @girish was able to solve the problem, which was not a technical one, as usually is the case with these things, heh.

The email she uses is an alias, and not <username>@<mydomain>, and she hadn't used it in a while. We're both pretty sure she used to be able to log in with either username only (no '@domain'), or with her aliased email <alias>@<mydomain>, but it seems we're both wrong on this.

So I tried to log into her email with <username>@<mydomain> and, lo and behold, it worked.

She doesn't use this email at all, so I'm talking to her and seeing if we change her username, since there's only a few apps and email will be the most important one from now on.

Thanks everyone for the help!

@girish sure, doing that right now. Thanks!

@scooke Yes, she can log onto other apps.
What do you mean about logs of working apps showing connection attempts? She can log in and use the apps okay, I've even done it myself using impersionation. I'm not sure I follow what you're getting at, would you mind expanding?

App logs (rainloop, roundcube) show the login attempt, but no info on why it's rejected. Rainloop responds with HTTP 200 whose contents have an error code of 102. a google search didn't really turn anything useful so far. Rouncube shows a HTTP 401 but that's about it.

My email logs show nothing about the attempted logins...

Thanks for helping out.

@robi yes, there are special characters, but as I said, impersonation with a plain and simple password is also not working. Unless it's a specific impersionation problem with email, I wouldn't think that would be the problem?

@scooke thanks for helping as well. Yeah, this is a seldom-used email address, so it's been a while since she last logged in to email, but it's worked before, yes.