OIDC for Nextcloud?

It sure is a lot of testing for stuff that is not supported by nextcloud itself...

I myself use the nextcloud mobile app for some things. No idea how it works with OIDC...

@girish that would be nice, and it seems to me to be more "natural" to a user, like @d19dotca mentioned. Thanks for taking a look at this!

Thanks for your help, @nebulon, but it seems that's not how it works. At least not on my cloudron.
I'm using a LAMP app, and the "Cron" item on its config page.

This is how it looks:

# +------------------------ minute (0 - 59)
# |    +------------------- hour (0 - 23)
# |    |    +-------------- day of month (1 - 31)
# |    |    |    +--------- month (1 - 12)
# |    |    |    |    +---- day of week (0 - 6) (Sunday=0 or 7)
# |    |    |    |    |
# *    *    *    *    * command to be executed
# * 7,8 * * 1-5  /app/data/latest/main.sh >> /app/data/app.log

It should fire at 7am and then again at 8am, on weekdays. And it's working, but it's 7 and 8am UTC, not on my timezone. And I've changed cloudron's system timezone to my local time.

Yeah, I understand and that makes sense. Scheduled jobs are the only case in which this is kind of annoying, right? Since the container should still run in UTC, but then we should account for it when scheduling our jobs.

Maybe I'll just find another way to schedule the jobs, since a few of them need to be run in a specific time of day (on my TZ). I guess this would be the preferred approach? Because even if I account for the difference in hours and schedule them in UTC time, there's all kinds of specifics like daylight savings and the like that would make it kind of a nightmare...

Thanks anyway for the answers

Yeah, I looked into that, but that's for the cloudron system itself. Backup and update tasks. Host machine and app containers still use UTC.

Hey, guys. Happy holidays!

So I installed a basic LAMP app in order to run a few small jobs and services I have for personal use.

I use the scheduler for the jobs, but my server is not in my timezone, and I understand it's cloudron's policy to have everything outside applications in GMT, which makes sense. But that leads to me having to schedule stuff with GMT in mind, which is not ideal.

Is there a way to set timezone for a specific app container, or is that done on an app-by-app basis? I'd like to not have to package and publish a cloudron app just for that, but am failing to see how easily do this.

Is there a "default" way of injecting environment variables? Does cloudron's base image support some set of env vars it loads from somewhere?

Thanks!

Ah, cool, thanks for the clarification, guys, appreciate it.

Looking forward to using this one!

Hi, guys.

Sorry for the new topic, but the original in the App Wishlist category is locked.

I've just tested https://git.cloudron.io/cloudron/pocketbase-app adding just the sqlite add-on to the manifest ("paths": ["/app/data/pb_data/data.db"]), and it seems to have worked fine.

Tried the API, authentication (local user only, not very familiar with how to authenticate cloudron users in this app), creating and removing collections, items, etc. It all seems to be working fine. Maybe we could publish this in that "experimental" state in the app store?

Another thing I just thought is that it'd be cool to be able to have other apps be VPN clients as well...

So docker-compose has the "service" network mode, which I think is like the "host" network mode, but instead of the host it uses another container's network. Not sure how we'd implement it, and maybe this would be easier if we had a VPN add-on instead of an app, not sure.

The use case is one I'm going through right now: I want to use prometheus and grafana to monitor something that i'd like only be accessed through a wireguard VPN. So at the moment (for testing purposes), I'm keeping the things I want to monitor open on the internet and using prometheus to collect metrics, but if we want to go through with it in production, I'll probably have to host at least prometheus by myself inside our VPN.

what do you guys think?

@girish That sounds good, I'll take a look at the code and see if I'm confident enough to take a crack at it. So you want the same vpn app to support both OpenVPN and wireguard, is that correct?

I understand there's a key manager for OpenVPN, which I think doesn't really make sense as-is for wireguard, right? For wireguard we just generate a private key for the host and generally just have to manage peers (with their public keys, allowed-ips and whatnot)...

@girish I appreciate all your hard work, understand and agree with the priorities. That said, I'd very much like to have an app similar to the OpenVPN one using wireguard. Is that anything one can do to help get it done? Maybe see the OpenVPN code and try to whip up something similar using wg?

@joseph ah, there you go. I have indeed updated to 24.04, and presumably it was before this instruction was added.

Thank you all for the help, guys, all is well now

Hi, thanks for the help!

cloudron-support told me unbound was down (I should've checked cloudron's own "services" page, which I now see has unbound down). It turns out I'm having the same issue as in this post: https://forum.cloudron.io/topic/12556/unbound-service-not-working/11

Went to reinstall unbound-anchor, but I had broken dependencies. Ran apt --fix-broken install (apt's own suggestion), then installed unbound-anchor which seems to have installed unbound itself.

I don't ever run stuff on this server, I follow cloudron's suggestion to have the server all for the cloudron service, so I have no idea how this happened, but reinstalling seems to have fixed the issue.

Had to reinstall two apps that were erroring because of this, though. I had no data in them, so it's fine, but still weird that this happened.

Just checked and, from my cloudron box, I can access route53 with same aws credentials via aws-cli. Not sure what's going on, can anyone maybe shed a light? Thanks!

Hi,

I have been receiving multiple "queryNS ETIMEOUT" for all my cloudron domains. They're all hosted on Amazon's Route53. As a result, my certificates are expiring and multiple services stopped working.

My access key is working, as I have another service that uses it for other subdomains on another machine.

(I left the domain name out of the screenshot, but this is what is going on).

Any clue what might be happening? Any other logs I could check?

Thanks.

Yeah, that makes sense. Thanks for the answer!

I did this and it was VERY hacky and had to mess with cloudron code, but was able to do it in the end.

@nebulon, out of curiosity, could you outline how you go about this process? Thanks!

Hi,

This week I went through a very painful cloudron and server upgrade process, and it got me thinking about this. I was running ubuntu 18 (gasp!) and an old version of cloudron that still supported no-AVX servers (bc it used mongodb 4.x).

I ended up messing around with box code, mainly updater.js and infra.js, disabling the AVX check code, patching the downloaded box code to use an old version of mongodb, it was very hacky and I don't recommend it (though it did work).

So now I'm on version 8 and since I have no apps that use mongodb, all is well.

But it got me thinking if maybe there should be a way of running older versions of services, instead of just disabling them. Now, I can't shake the feeling that it's probably a bad idea, but also can't really put my finger on why exactly it is bad.

Just wanted to know people's thoughts on this here on the forums.

Thanks!

Same issue here. Cloudron says it's blacklisted by Spamhaus, but Spamhaus itself says it's not.

I use gluetun at home with an OpenVPN-based VPN service, and it works like a charm.
Not sure how we would implement it in cloudron, though.

At my home server I use a docker-compose file with all the services, and on the ones I want to use the VPN, I use network_mode: service:gluetun.

Gluetun also needs NET_ADMIN capability enabled.