CouchPotato

For once, this post is not really to request an app, but to announce that my package for it is ready ^^

https://git.cloudron.io/mehdi/couchpotato-app

http://couchpota.to/

I am strongly against replacing the server in the current OpenVPN app.

However, it totally makes sense as a new, separate, app.

@fbartels said in 2FA for all LDAP apps:

and rotate them regularly

(Forcing password rotation when there has been no indication of compromise has actually been proven experimentally to lower security, rather than enhance it : if encourages users to chose simpler passwords, because they're gonna have to remember more passwords)

@girish @nebulon My Transmission app is done, tests and all https://git.cloudron.io/mehdi/transmission-app

In my opinion, it's ready to push to store. It may need a bit more doc, but other than that it's good to go

BTW, the proxyAuth addon rocks !

@lonk It combines Jellyfin (for which there's already an app now), Transmission, SickChill, Couchpotato (the 3 I just mentioned), a custom file manager (built before Cloudron had one), and a custom TV Shows and Movies streaming interface (built before I integrated Jellyfin). Plus a few custom things, like a script to auto-remove finished torrents on transmission, and a script to auto-convert videos to MP4 for easy streaming in the browser (for my custom streaming interface. I disabled it now that I mainly use jellyfin, which handles this automatically).

@ruihildt said in Why not make Cloudron fully open source again?:

I'm sad not to be able to recommend Cloudron as the best open source paas since the license change.
It has in effect changed my relation to the project, from an invested advocate to a simple client.

I totally agree with this part. More than that, I would never have picked up Cloudron at all at the beginning if it weren't open source.

And as to contributions, I am the author of one of these rare contributions ^^ (to make the platform compatible with the OpenVPN app), and I would definitely not have contributed if it were not open source.

TLDR: I am 100% in favor of switching back to an open source licence.

(As for the precise licence, I do not really care, be it MIT, Apache, GPL, AGPL ... whatever.)

Slowly rolling-out automatic updates, but allowing manual updates immediately, seems a great idea to me.

Personally, from a security standpoint, I would totally not recommend Cloudflare. Their model is literally performing a (authorized) man-in-the-middle attack on your traffic. They have access to all your data.

I'm not saying they're nefarious. I'm just saying that for the minute benefit they offer, I don't think it's worth it to add yet another entity to the chain of trust.

@infogulch said in Scaling / High Availability Cloudron Setup:

I'd rather have multi-node app management than distributed app runtime. Manage all your cloudron nodes and assign apps between them, migrate them etc, but most apps can still only be deployed to one cloudron instance at a time. At least I think this would be a better scaling/ha goal for a v1 implementation.

I totally agree, and I think it's the way the cloudron team is headed for the V1

@girish I think a reasonable default would be to blacklist all non-local IPs (RFC 1918) by default. That way, connecting from VPNs should work, connecting from LAN should work, but connecting from public internet would require manual white-listing.

@ethanxrosen No worries I hit the same problem a few months ago (however, I ended up basically never using CouchPotato to download stuff directly, instead basically only using it for post-processing, as it's not that good at it, and it's much less useful for movies than for TV shows)

This caveat shoud however be noted in the CouchPotato documentation https://docs.cloudron.io/apps/couchpotato/ . @girish maybe you can add a line there that says that to use CouchPotato with Transmission, one has to use Black-hole?

@ethanxrosen Yes, CouchPotato seems to not like connecting to Transmission over HTTPS, so there's nothing you can do to connect directly. What I am doing to work-around the problem is using a Volume shared between the 2 apps and using the black-hole method of torrents.

I have recently had to re-authentify to a bunch of apps that are behind proxyAuth, which in my opinion is quite annoying, especially with 2FA. I don't think there is a way to change the duration of the auth cookie. I think by default it should be infinite, or at least configurable to be infinite.

The LAN usecase should work really well, yeah, but I would be surprised if you could make wake-on-lan work : for it to work there has to be a device physically on the same network to send a magic-packet for the ethernet card to interpret and trigger wake up.

There are some ways to do wake-on-lan relays stuff, I believe, but you would still have to have a computer awake on the network on which you want to wake another.

Dumb question : what's your time-zone ?

I run Cloudron for personal use.

I run it on a rented Dedicated Server at OneProvider, much better bang for the buck compared to a VPS :
CPU: Intel Xeon 4 cores
RAM: 16GB
Hard Drives: 2x 2TB (HDD SATA)
Bandwidth: Unmetered @ 1Gbps
For 25€/month

I have mainly media apps on it (JellyFin, SickChill, ...), but also a few websites with Ghost and Wordpress that I host for friends, and a few utilities (VPN, NextCloud, Etherpad, ...).

@infogulch said in Thinking about self-hosting; why do/don't you run your own hardware?:

I have a large library of media that would be prohibitively expensive to host with a generic provider (and I expect this to grow substantially).

I am in the same situation here, about 3.5To of media, and I use a cloud server. It's really not that expensive, at about 20€/month.

Why cloud instead of home server? Mainly because the barrier to entry is much lower, and when I took this server I lived in a tiny Parisian apartment with crappy Internet. Now that I could have a server at home, I'm thinking of migrating to a home server (mainly because the 4To of space on my cloud server are starting to feel a bit limited ^^), but I have not jumped the gun yet.

@jdaviescoates It's not the mount that's the problem here, it's the static IP part.

@odie sorry, I'm not sure about Ubuntu 20.04, I never had to configure a static IP on a distro that wasn't using ifconfig

@p44 The doc in question actually says the opposite :

You can try UDP for a possibly faster connection, but if it can not connect, switch it to TCP.

Which makes sense : UDP OpenVPN traffic is very specific, so easy to detect. TCP OpenVPN traffic is very hard to detect.

I am quite surprised that some providers detect and block VPN over TCP, as it should literally be impossible to distinguish between it and any other TLS-encrypted stream.

However, it would be very valuable to add the option of using UDP instead, as it can be unstable to have TCP streams inside a TCP VPN when the network is not very reliable (the effect is called "TCP Meltdown", which is quite a badass name in my opinion ^^ https://openvpn.net/faq/what-is-tcp-meltdown/ )