@atridad
it's not so easy, you need to compile all the C extensions modules that you are using. For example, are not compatible libraries because there's no way to easily compile them are tensorflow, pytorch.
But in generaly Yes is compatible with all the python code because it's a fork of its default interpreter/compiler CPython.
For those cloudron installs that use external spam filtering/gateway, the extra latency/resources that haraka use to process every email are wasted because that email has already been processed by an antispam.
it would be a really great feature to be able to disable SA check.
For now it's possible but not permanent, because the Harake config files are not save in the filesystem,
@nebulon
yep, I will, it's more a pre-check here if somebody has found something.
Hello,
I got this strange issue with ackee, and I don't find any documentation on the previous issue both on the Cloudron forum and on ackee git.
when you try to log in, there is this warning message:
whit no consol log, but container log show:
Jun 29 23:49:30 [Ackee] › ✔ success Connected to mongodb://mongodb:27017/******
Jun 29 23:49:30 [Ackee] › ▶ start Starting the server
Jun 29 23:49:31 [Ackee] › … watching Listening on http://localhost:3000
Jun 29 23:50:39 [Ackee] › ✖ fatal GraphQLError: Float cannot represent non numeric value: NaN
Jun 29 23:50:39 at GraphQLScalarType.serializeFloat [as serialize] (/app/code/node_modules/graphql/type/scalars.js:106:11)
Jun 29 23:50:39 at completeLeafValue (/app/code/node_modules/graphql/execution/execute.js:653:37)
Jun 29 23:50:39 at completeValue (/app/code/node_modules/graphql/execution/execute.js:578:12)
Jun 29 23:50:39 at /app/code/node_modules/graphql/execution/execute.js:469:16
Jun 29 23:50:39 at processTicksAndRejections (internal/process/task_queues.js:93:5)
Jun 29 23:50:39 at async Promise.all (index 1)
Jun 29 23:50:39 at async Promise.all (index 2)
Jun 29 23:50:39 at async Promise.all (index 0)
Jun 29 23:50:39 [Ackee] › ✖ fatal GraphQLError: Float cannot represent non numeric value: NaN
Jun 29 23:50:39 at GraphQLScalarType.serializeFloat [as serialize] (/app/code/node_modules/graphql/type/scalars.js:106:11)
Jun 29 23:50:39 at completeLeafValue (/app/code/node_modules/graphql/execution/execute.js:653:37)
Jun 29 23:50:39 at completeValue (/app/code/node_modules/graphql/execution/execute.js:578:12)
Jun 29 23:50:39 at /app/code/node_modules/graphql/execution/execute.js:469:16
Jun 29 23:50:39 at processTicksAndRejections (internal/process/task_queues.js:93:5)
Jun 29 23:50:39 at async Promise.all (index 1)
Jun 29 23:50:39 at async Promise.all (index 3)
Jun 29 23:50:39 at async Promise.all (index 0)
@girish
I will,
I just think that standard storage backend will make also your job easier to maintain it in the future.
Maybe storage already on S3, it's easier to maintain and it's scalable, redundant, easy to have a remote backend for storage.
A good fit for the new multiserver cloudron.
@derin
You can use cockpit for managing the server, you can install module like storage, networking, bridge, but now docker module, it's will not allow you do do much more then cloudron.
@atrilahiji
hello,
sorry for being late, got sick.
like that:
"dockerImage": "cloudron/org.wordpress.unmanaged.cloudronapp:20210208-171207-630daccf7",
@atrilahiji
Yes it is, you need to specify in the manifest the image.
If you can w8 on Monday I can send you more details
@micmc
Is been always the same, we previously have use OLS as moocloud app of OLS that use a custom image that include proprietary code.
That allow us to choose the license for our image.
OLS and the other software inside will maintain there license as usual.
Our license will not interfere with any cloudron customer but only with MSP or Hosting providers, if you are one of those 2 you can contact moocloud and we can have an agreement.
@micmc
We are not closing OLS, but the other code on the image, that we have written and develop, like the cli interface.
Docker image (dockerfile), cloudron.manifest file and the software that they contain can have different license in any case.
@atrilahiji said in Dashbard UX enhancement suggestions:
Perhaps a Play/Stop button to start/stop the server and a restart button here?
+1
@d19dotca said in Is there a way to add in more DNSBL / RBL sources?:
That is an interesting approach, and I'll consider it.
I know that is not the best solution out there.
But you can automate it, with API and Sieve is an open protocol.
But is a start for now, and yes having a mail filter also for mail fwd is a good option, and if you don't need it you should just be able to disable SpamAssassin from the server.
I really don't like to w8st resources
@d19dotca said in Is there a way to add in more DNSBL / RBL sources?:
spam will never be 100% blocked and there will always be false-positives too
Yes, I totally agree with that.
By big question here is how much is useful to add feature and complexity to cloudron, when there are solutions that are specifically built for that.
About mailspike and Spamhaus, they both have SpamAssassin module, and if cloudron provides the possibility to disable SA, I think is a grate idea to have them.
But not as simple DNSBL, but as SA module.
For spamrats idk, having to many DNSBL or SpamAssassin module will slow down the server a lot, remember for every incoming email, you need to call unbound that check his cache and if doesn't have the record call the DNSBL.
This happens for every email, and every external check you have, and maybe they are slow at that moment and the request take more time than usual, ... and so on
Resources usage need to be taken into count.
The issue with Greylisting in email is that is super easy to just add delay on email delivery.
So need to be a really good consideration being that.
And all those features need a better cloudron UI to be able for users to release an email that is in graylist quarantine.
@d19dotca
ok,
that's the main reason that pushes us to use a centralized mail gateway, having control over incoming and outgoing traffic is fundamental for provider, and learning+settings are easier to do.
Cloudron with Haraka can't be a replacement of good email proxy or antispam, if you think all the service to prevent spam been send or received are some kind of proxy, for example, rspamd is build to have a demon on the mail server but all the elaboration is done in an external server.
I'm sure that with better setup of DNSBL, URIBL,DCC, and SURBL will be better, but will not resolve the issue and make the setup harder for newbies.
For the fwd issue use a sieve forward from imbox this should prevent email marked as spam to been sent out.
Sorry if miss some point, I'm in paternity leaving so sleep is not a thing. (not for a baby. for now just an adorable husky that doesn't understand that he can sleep at night)
@d19dotca
i advise you to update regularly your custom rules on SpamAssassin to add new words used and improve your filtering base on your own experience with spam.
You can also use a Domain provider that protects your email and contact data on whois, which is the main cause of spam.
@girish
+1 for not let add additional DNSBL.
i think that DNSBL check is good, but for example, spamhaus.org have multiple modules that you can use, some DNSBL use custom score, so I think that let people add list as they like just create more mess then use just a good one.
And you should add them also to the unbound server so that he can cache the requests.
@imc67
yep, @girish fixed in seconds, like a superhero! was an issue with the system link in rsync, and I discovered the output of the error was on the app log file, not on the container that's why we couldn't find anything on the log in Cloudron initially.
@jlx89
Yes and no,
yes, Pterodactyl Panel can be installed in Cloudron, no Wings can't be installed in Cloudron.
The question is you should install Pterodactyl on Cloudron, aside from firewall Pterodactyl you will need a lot of dependencies, and because you can use Pterodactyl + Wings on the same server as a start you should.
If you have just 1 node you can also use the hosted free version of Pterodactyl and you will be probably fine, but if you have more than 1 node you want to dedicate all instance to Pterodactyl.
A limitation that you will have is probably the HTTPS on a custom port that cloudron doesn't support at the moment.
@nebulon
I know that migrating all your app to a new language takes time and effort, but don't you think that now in 2021 is time to stop pushing on building new apps and improve the old ones?
OwnCloud and Pydio both are in a migration phase from the old PHP/Python-based app to modern code and container base setup.
Is maintaining PHP support something good for us as users and providers?
PHP8 support is appreciated but JS/NodeJS is much faster than PHP and offers today same compatibility on hosting platform then PHP so is good for us as the user to have always more app but kiping the nextcloud core with PHP that perform as it performs today.
@nebulon
we just migrate our main server to a new one, and we got the same issue.
i will message you the link to our instance so you can check that out.
I just try the new backend on ubuntu directly and I found it interesting.
My wish was that NextCloud has started a migration to a different language, a modern one.
BUT, this is not the case what they are doing is just improving the connection for metadata with WebSocket, but all the files are still using PHP Webdav Rest-like protocol.
NextCloud.com says that been their software modular they can develop a small and incremental module (AKA rust backend), and this is good news.
But what we read also is that they want to keep PHP as the main backend to be able to have full compatibility with industry-standard hosting.
NOTE: this is my interpretation of their PR on social media, forum, and their blog post.
The conclusion for me is that NextCloud is OLD if they will not invest in a new main backend now that docker is the new industry standard and JS/TS is the new language for wild compatibility on modern hosting (both Cpanel and Plesk support nodejs app). I think that we need to look around to find a new alternative to host or files on the cloud.
@girish
nope,
no information on stability found either.
This is the repo
https://github.com/nextcloud/notify_push
@jlx89
Is really hard to port Pterodactyl to Cloudron because they to the same thing, manage docker container on servers.
But we are as community to develop minecraft image with multiple server type (Forge, Fabric, Spigot, ...) for cloudron directly.
@moocloud_matt
The main benefits on having 1 server type + 1 image combination insted of 1 for everything is the support for easy backup, update and rollback, Webui can be simple to the end user because it have just the function that he needs.
You can offer back compatibility to Minecraft Beta with no afford, and maintain there java version updated.
Development if the automation is good, will be easy because when you push a change a server type all his version will be updated automatically and rebuild.
If you update the basic java image all the server type will be updated, and all the version will be updated too.
@atrilahiji
welcome in the manage service world.
The big issue is understanding how much you want to manage for the future users.
What you say about backups is true, manage update with cloudron will provide backup, but is also true that cloudron don't let you install the version of an app that you want, but just the latest.
What i suggest if you want to still provide good quality image, with backup support is to differentiate the image/apps, but making them inter-compatible.
What that mean:
Do do a good work on maintaining all those image, they will became a lot, multiple minecraft version, multiple server type, you should use some sort of automation we can contribute with one of our tech guy on that part.
@ultraviolet
I suggest you to go use gitlab ci, maybe can be a bit tricky to setup and you probably need 2 servers, but is really the best option to automate even more than cloudron build + docker registry.
in Gitlab CI you can also setup to update with the new image your current apps on cloudron automatically tanks to cloudron cli.
@atrilahiji
One app for multiple minecraft is good, but i think that should be allow to run just 1 server at the time:
1- to limit extra complexiti on the manifest file
2- to improve performance, one docker need to have max 1 minecraft process or you will have poor performance specially for forge, fabric and vanilla that are super dependent on single tread performance.
an other think to consider is to not download the server when building the image, but download the jar just wen you have chosen your server type, so there is no need to update cloudron app for every server realise that are supported in the cloudron app.
@lonk said in Apache, OLS and Nginx-Custom Benchmarks:
redis is already apart of Cloudron
Yes & no,
Yes is part of the cloudron addon, but it can be integrated in different way.
You can use it for dynamic cache (as cloudron use in there apps), behind the php, db lvl.
You can use it as a Full Page Cache (similar to what Cache Enebler do but in RAM and not in local disc). php lvl
You can use it for partial page caching, in this case is at webserver/proxy lvl.
Redis is just a "database" in RAM, you can use it to store what you want, Redis is not a cache, but you can use it as it was one.
@lonk
btw the all section is for prestashop:
@moocloud_matt said in Apache, OLS and Nginx-Custom Benchmarks:
prestashop php-fpm + cache
We are working on prestashop for cloudron too.
This is a test to see how much flexible is our FPM+fastcgi cache setup
(No redis cache possibile, due to license on plugin to support it)
But a tweek for closed source plugin in WP.
GPL in WP is applied to ALL folder inside the ROOT folder of WP.
That mean that all function that call script in other section of the server are not included, an exemple is the ESI part for LS cache for wordpress, is the module that manage the "Edge Side Includes" feature inside WP and WooCommerce.
@lonk
Yes, ofc!
just contact me on the cloudron chat: @MooCloud-Matt.
@lonk
it's only mandatory to be on wp.org repo
@lonk
i think just basic one like:
Need reboot
Update available
Admin/Super Admin/Owner User login
Backup Faild
But if is something like stripe webhook that is amazing!
A good addition to the Cloudron API, is 4 shore the possibility to been notify of the event accruing on the server with webhooks.
For us business is a good feature, to help us setup action or workflow base on them, increse security and stability are consequences.
For private geek user, they can setup telegram or main with notification coming from there server, that will make a smoother experience with there server.
Event are already json, we just need to be able to send them to an endpoint, maybe with the possibility to choose witch event we want to receive.
@girish said in Docker base image - 3.0:
I have often struggled working with minimal images because they often lack the tools for debugging
You will use minimalism only in production, if you are debugging you can use the full tool-set image, but on production you will only include what's is necessary.
In a Apache PHP based app, you don't need 2 web-server, you don't need java or nodejs.
@girish said in Docker base image - 3.0:
just 2GB
2 GB is from 10% to 5% of a Basic NVMe Cloud instances on most provider, is really a lot of space especially during update, it will take resources and time on server that know days are especially small 2 or 3 vCore and 4 to 8 GB of RAM.
Most of the time your docker image update is longer because CPU bottleneck not network (we have a proxy for the image on docker hub) we have test that.
I don't think is urgent to do or that cloudron need to do it, but i can understand why most of the docker community like small alpine images, and docker is born for that 1 software-1container, but now is thing of the past.
@mehdi said in Docker base image - 3.0:
container layer
btw if you are using "container layer" with small image stack is better, is how docker work better, a cloudron with just nextcloud don't need to have java on it, that's just w8st of space (jdk is from 160 to 180MB).
You can have:
This can be a possible and probably not so much time consuming to maintain (gitlab ci, is haven in this case), obviously is not the only answer to the image maintenance issue, and one is the big complete image that cloudron is using.
Everything have pros and cons.
And maybe this look like me angry but i'm not, and cloudron support every app that build on there baseimage or build on top of Alpine, so if somebody don't like it, is easy to build a custom app =D.
@marcusquinn
Hey Marcus,
yes and no, OLS/LS is objectively more efficient over apache, and this make it more performant then apache.
Berceuse as Nginx it can serve static file without wake up a php, that apache is using for every request on a WP.
But as i already say sometimes a good server lvl optimization of nginx is performing as well but is not easy to setup, OLS or LS offer LSCache to do all the config from WP dashboard.
WP plugin are not the best way to go, because they just let the call be managed by a PHP, many like Cache enabler, just create a HTML copy of the website, that is more performant no elaboration needed by db or php, but if you use apache you will wake up PHP anyway so CPU and RAM wasted.
@ruihildt
We are in Open Beta for OLS, if you want we can provide you the image.
But for now the code is closed sourse, it will be realise with a custom licenses that is open source but not commercially usable by MSP or ISP to offer WordPress as a Service or PaaS.
We have disable the WAF features for now, that we had plan due to instability in TTFB timings.
Maybe we will add a CDN to host blacklists and information repository that WAF module need to work.
Because now it take from .9 to 2 seconds to check the ip/browser and our objective is to have mostly all normal page load in 3 or less seconds.
We are working on the partial page cache, or sr-cache module.
But we are not shore if this will improve performance even more.
Is just a better management of the cache.
We are using nginx-helper plugin to let you clear your cache from WordPress, but due to how we are implementing stuff, we will create a fork to better sweet our nginx stack.
We are working on prestashop for cloudron too.
This is a test to see how much flexible is our FPM+fastcgi cache setup
(No redis cache possibile, due to license on plugin to support it)
@lonk
we pause the OLS development, (is in beta and is stable) to focus on Nginx Setup.
Now our focus is to create a open beta soon, then post those app on the Cloudron store.
and early next year make a some image intercompatible, so you can change from FastCGI + PageSpeed to only FastCGI, or From RedisFPC to FastCGI, ...
But we don't know for now what we will able to do, we are focusing to prepare open beta for now.
@marcusquinn said in Apache, OLS and Nginx-Custom Benchmarks:
Nice work!
Ty!
@marcusquinn said in Apache, OLS and Nginx-Custom Benchmarks:
uncached benchmark
Yes we have already done it, we have a 20% on the complete page (whit all the css, js, pics, ...) tanks to the better resources management by Nginx on static content, we will provide more details later this week.
But no big improvement on just php-fpm (nignx) or fastcgi (apache) performance, apache is pretty much the best in just php content.
@marcusquinn said in Apache, OLS and Nginx-Custom Benchmarks:
Woocommerce
WC will be supported just on the Redis Full-Page Cache (Redis FPC) cache for now, we plan to support it on fastcgi early next year, with the support for tmpfs on Cloudron APP.
Btw on Redis FPC we will support partial cache soon, so wp-admin will be cached to, but partially.
@d19dotca said in Apache, OLS and Nginx-Custom Benchmarks:
Apache and Redis caching
Sorry i was not so clear on this.
Cloudron now don't provide any webserver cache (for what i know), what you have now is a DB cache, it sit between PHP and the DB.
What you see as "Apache" in the test is the standard cloudron app with "REDIS OBJECT CACHING", during the test in all app testes that lvl of cache was active, but in the Redis Full-Page Cache we use a integration between Nginx and Redis directly in addition to the Object Cache, so that PHP will never get involve if the page was already been serve to a similar client.
i will use this pics by runcloud to show you:
What we build is similar to what runcloud call RunCache, redis in this case is used to store HTML, CSS and JS content and not query to the DB.
Soo here we are with some data, and information.
To best test which solution was the best we actually have to create 3 image for nginx.
Our main image will be Redis Full Page Cache in till the support for RAM disk inside the container, then we will see how FastCGI will perform.
All the test are on our cloud platform hosted in 2 datacenter using 2 different server.
Server 1:
Server 2:
Both server have 1Gbit's port
The test are been done using as a client a server in the same rack, with the same specks of the tested one.
Only the app what we was testing was on at that time, and have 1 Cloudron GB as memory limit, that mean 1/2 is ram 1/2 is swap.
CPU Shares are set as default at 50%
Remember: this a preliminary test, not completely validated, we need to have various confirmation and runs before calming that they are perfect score.
We reboot the server, then stop all the app.
Check using HTOP if there was something going on on the server, if it was all clear we start testing.
We build 2 page, using divi builder the most commune builder with Elementor.
They have inline CSS, JS and we didn't use any plugin for optimizing the content, we have only use the plugin needed to enable cache control from WP.
Both pages have varius CSS file and Image + SVG.
For this test all image was the original, we will testing our auto optimize image script later.
We execute 8 test for every App.
What we see is 2 image that have server side cache boost there performance, they use different technique, redis full page cache save (similar to what nginx proxy cache do) a copy of the output in the RAM using the 300MB standard container provided by cloudron (we have better performance on Epyc due to low latency memory supported).
FastCGI save part of the page and the information pre-elaborate on the NVMe Storage and some on the RAM (we have a 3% better performance on the Epyc server probably due to the Storage been connected directly to the CPU).
What we didn't aspect was the terrible results (compare to the other NGINX set up) that Cache Enabler image have done, this is probably due to a check and the redirect of the request to an HTML page, saved in the NVMe Storage.
Why Redis Full Cache is for now the fastest?
Because it use a direct connection to Redis and is all in the cache, nginx don't need to interact with the FileSystem, and as we probably know Redis is one of the fastest "DB" available and is not limited to the IO for your disk, DRAM of your SSD, Chipset or raid card, but only from your RAM and CPU_RAM connection.
Especially with near AMD CPU that provider higher RAM frequency and bandwidth, Redis Full Cache page show to be the fastest solution that we can provide on cloudron.
Remember: this a preliminary test, not completely validated, we need to have various confirmation and runs before calming that they are perfect score.
@nebulon
using pyzor, MooCloud use it on his antispam gateway, we host a self hosted exchange pyzor server.
@necrevistonnezr said in Firewall / Spamassassin: Automatic list update:
Spamassassin lists from Heinlein
I think that this config file is mostly oriented on German email, probably if an incoming email is in Italian or French or English wold be completely useless, this is one of the biggest issue in spam protection and having a 0% ham.
You need custom rules for every language and if you use Rspamd you also need different AI/db for every language.
@lonk
here below, probably this week, in 2 or 3 days. also I wanted to specify that we will work mainly with Server-Side-Cache apart from OLS which integrates the server side with wordpress.
@robi
naxsi is included in our nginx build probably
Hi!
in the next days we start testing on 2 of the images we have prepared.
We would like to know what data you would most like to know about their performance.
Our testing environment will be:
The app will be tested with 500MB of ram and 500MB of swap.
Our goal is to have similar performance for our image and other WordPress hosting setup available, for this we have plan to test:
All 3 with this combination:
If you have any advice on testing tool to use, or other setup for wp to be test just commend, every thought is appreciated.
Matt.
@dreamcatch22
if you use a Laravel+WordPress i highly advice to go on a LAMP app, it will give you more control, and better stability for Laravel.
@dreamcatch22
which theme is it ?
@jdaviescoates said in What's coming in 6.0 (take 2):
Faster Nextcloud and WordPress!
We have some test image with Nginx + WP, that i have already shared with @girish, in the next few day we will work with him on some special feature to make the manifest compatible with OLS base image that we have pretty much ready, and later we will work on WP and NextCloud performance boost.
Probably next week, we will post some performance benchmarks of the new WP image, for both Nginx and OLS base image.
Hello anybody have this issue after the last update:
we have all the page with missing CSS file.
It's not a loading issue, no CSS is included in the header link of the HTML.
@jimcavoli
i think that's possible with nginx too, the ldap backend for auth.
Custom Template for nginx config, will be the best i think, especially for performance optimization.
But this Kong proxy is interesting i will ask to my team, if they have use it.
@jimcavoli
for adding .htpasswd support ? or what kind of auth are you talking about?
@jimcavoli
You mean to use Kong or Traefik (this are exeple) as incoming proxy for every container ?
If yes, we need to consider how reliable is Nginx and the feature that can be easily added (Proxy_Cache, brotli, WAF, ...)
@Lonk
you mean for a private docker registry ?
@mehdi
In our case, end customer can use it, even in 3° party cloud platform, but can't be use in a SaaS like solution or used ad Selling Point for competitors.
If it will be impossible to have custom license on the app store we need to offer those image just to our customer, optimizing a image like that one of OLS or the new image with Nginx take a lot of time, and they have our knowledge inside of them.
Big software that use similar license: Redis, MongoDB
@robi
OLS, for what we have tested is not good as nginx as container proxy, especially because nginx have push this as his main features.
If u use Docker/Kube, and you want the max from your stack, just go on nginx.
There are good proxy on the market especially for API, but nginx proxy cache can be use to speed up, not only json file, and standard API request. But also image, js, css, html ecc ecc
That make nginx the king of general proxy for container environment (and it can be use to proxy request to FPM directly no webserver needed inside of the container)