Topics created by Mastadamus

@girish Gotcha but as long as I don't do that, I should be gtg. Im just thinking of a script that does 3 things.

Grabs all the IP's from emerging threats block list Grabs all the 403/404's from access logs sends them to greynoise to check if they are known "noise" and then Add both of these IP groups to that file and restart the service.

NVM I found a thread that answer this. Based on my current understanding, the cloudron dashboard shows cloudron package updates. For wordpress core in developer edition we have to control that update.

@Mastadamus a good starting point is to visit one of the many WordCamps -> https://central.wordcamp.org/

@Mastadamus not yet, no. I think it's quite low priority, it needs a lot of testing/changes to support http. Cloudron is designed everywhere to be secure (https) by default, making this complicated.

I haven't had a chance to finish the overall guide for the cloudron specific part but I completed a guide for installing OpenCTI with Traefik, Elasticsearch, and lots of plugins. I also have a complete docker-compose for OpenCTI, Elasticsearch cluster with X-Pack security, and multiple plugins as well as LDAP integration. you can find it here

OpenCTI install guide
https://dev.azure.com/Mastadamus/OpenCTI/_wiki/wikis/OpenCTI.wiki/3/OpenCTI-with-Traefik-Reverse-Proxy

OpenCTI GIT that contains my templates
https://dev.azure.com/Mastadamus/_git/OpenCTI

If you just want to skip to how you integrate LDAP with OpenCTI docker-compose I will paste examples below

- PROVIDERS__LDAP__STRATEGY=LdapStrategy - PROVIDERS__LDAP__CONFIG__URL=ldaps://Your.Domain.Name:636 - PROVIDERS__LDAP__CONFIG__BIND_DN={{`cn=admin,ou=system,dc=YourLDAPserverName`}} - PROVIDERS__LDAP__CONFIG__BIND_CREDENTIALS=XXXXXXXXXX - PROVIDERS__LDAP__CONFIG__SEARCH_BASE={{`ou=users,dc=YourLDAPserverName`}} - PROVIDERS__LDAP__CONFIG__SEARCH_FILTER={{`(cn={{username}})`}} - PROVIDERS__LDAP__CONFIG__MAIL_ATTRIBUTE=mail - PROVIDERS__LDAP__CONFIG__ACCOUNT_ATTRIBUTE=givenName - PROVIDERS__LDAP__CONFIG__ALLOW_SELF_SIGNED=true - PROVIDERS__LOCAL__STRATEGY=LocalStrategy

@jk yeah I saw that. I just wanted to put it formally in app wishlist

@Mastadamus yes, reverse proxy is implemented in next release (7.3) - https://forum.cloudron.io/topic/6655/what-s-coming-in-7-3/21

@Mastadamus From the earlier screenshot you posted, the issue seems to be "Could not establish chain of trust". So, I would investigate that angle (which is DNSSEC related)

@girish I'm not. I'm self hosting. It's running on a Ubuntu 20.04 Server install on a Synology 1517+ with Intel Processor. It's got 4 Cores and 6GB of memory for now.

This happened to me to, and I had to do a full reboot to get the apps back up.

@wind-gmbh FWIW, we don't use the upstream distro packages. We use the packages straight from nginx.org since they provide better security fixes - https://nginx.org/packages/ubuntu/pool/nginx/n/nginx/ . Looks like https://nginx.org/packages/ubuntu/pool/nginx/n/ is the pre-built modules they have.

Revisiting this topic - is Crowdesc running reliably for those who got it installed?

@mastadamus thanks so much for investigating. I have removed it for next release (7.1) - https://git.cloudron.io/cloudron/box/-/commit/6492c9b71f80120413ff4ae7eefa2f03dc96ea0f

@girish ah i didnt even notice bevause of all the 4j notices my eyes where too open 🐶

thx for looking at this anyway

@mastadamus Can you add that as a feature request and mention this thread?

@nebulon said in Add Modsecurity NGINX WAF:

@mastadamus I don't know much about this plugin/addon for nginx, but it kinda seems to be only part of Nginx Plus, which we are not using in Cloudron. Also if that matters here, the main nginx is only used as a reverse proxy.

I understand. Thank you for your answer.

@d19dotca I agree. Would be lovely!

@mastadamus right, the spamlists won't work if those lookups get blocked. Currently, if the lookups fail, the mail server will simply go ahead and try to detect spam via spamassassin. It's just one of the metrics for spam detection. I guess it's fine if it's working OK for you without it .

I gave this a try in the demo instance and I could upload a large file as well. @Mastadamus Can you check if you are able to reproduce this in our demo instance at https://my.demo.cloudron.io (username: cloudron password: cloudron). There's a bunch of large sample files that you can upload from this site - https://www.quinticsports.com/sample-videos/ . This will help us figure if this is related to browser or your network or your server etc.

Also, the error inside rocket.chat usually says the exact number like " File exceeds allowed size of 1 B. [error-file-too-large] ". Does it say 100MB in that error for you? That would mean the File Upload size setting did not get saved for some reason.

21537c50-4cb1-4911-94c4-f16aac44b35e-image.png

The root cause for this turned out to be disk I/O related. Leading to a postgres database startup time longer than 60sec. Our current code will kill the container if it takes longer than that for initial startup and thus the service never came up.

The workaround solution was to stop apps temporarily until the postgres service is healthy and then start the apps one-by-one.

@nebulon yeah I tried reinstalling. It could be a resource issue. I'll investigate further.

@mastadamus that will be very useful, thanks!

@mastadamus yes 🙂 https://git.cloudron.io/cloudron/box/-/commit/f3d9b8194264469152bc38d24d7080c611784b33

Fixed this. My IP address changed and I forgot to whitelist my new IP for NameCheap.

Here's a similar idea that has the hardware part mostly figured out:

https://wiki.debian.org/FreedomBox

https://wiki.debian.org/FreedomBox/Hardware

@girish said in Love this app:

@necrevistonnezr Will do!

…. please you or someone else still do!

I've put out a package release v1 now so the app is marked as stable! Thanks a lot @erics for all the work 😄