How to build (custom) apps using the docker-registry

Since I was documenting what I was doing to debug errors, here's a short how-to for people who want to use the docker-registry app with authentication to build their own apps. Before submitting I realized that @girish already made a post here, but that was without the registry so I'm posting it either way

Prerequisites:

A machine that has both, docker and the cloudron cli installed and of course one or two Cloudrons for the apps to build and/or install

Docker: https://docs.docker.com/engine/install/ubuntu/
Cloudron CLI: https://docs.cloudron.io/custom-apps/cli/

How to build apps and push to your Docker-Registry

install the docker-registry app on a cloudron (if possible don't use a production server), e.g. docker.example.com (you might want to create a dedicated user to work with it). Add the URL and docker credentials to your target cloudron in Settings / Private Docker Registry

Optional: use the Cloudron Build Service

install the Build Service app, e.g. https://build.example.com, open the terminal or file manager of the app and enter your docker credentials in /app/data/docker.json. After those changes reboot the build service app to make sure the correct registry is in there. You can directly login to your build service (no trailing slash in the url! see https://docs.cloudron.io/apps/build-service/ for more information) via
$ cloudron build --set-build-service (enter https://build.example.com)

clone any repo you want to build
$ git clone https://git.cloudron.io/cloudron/lamp-app

cwd into the cloned git directory
$ cd lamp-app/

With local build

login to the docker-registry with your credentials (as non root user you might need to use sudo when issuing docker commands)
$ docker login docker.example.com

build the thing (use custom lamp-app:tags if you want specific tag names)
$ docker build -t docker.example.com/lamp-app .

push to the registry - this does not work without logging in first
$ docker push docker.example.com/lamp-app

install on your target cloudron after logging in via cloudron login
$ cloudron install --image docker.example.com/lamp-app

With the Build Service

If you're using the build service, you can just run
$ cloudron build and enter your docker-repo (e.g. docker.example.com/lamp-app)
and after logging in to your cloudron
$ cloudron install --image docker.example.com/lamp-app

If you updated an app, you can use cloudron update to push a new version for an existing app.

Cheers, M

Today I had two compromised WordPress installations (one on Cloudron, one on an external webhoster). The webhoster sent me an email with the infected files and asked for removal. Would be a nice addition to cloudron if it scanned the files of certain apps for malware and notifies the admin.

Any thoughts on that?

Best regards

Ok so quick update here: I was following the mount procedure from the first link and it's looking good! However, I started with a fresh installation instead of moving my files around, but seeing as it worked out, migrating an existing installation should be no problem either.

So what I did:

• deployed a new Cloudron with Nextcloud installed on a fresh CPX21 on Hetzner Cloud (kept it at 40GB though, might scale down if performance allows it)
• mounted a 5TB Hetzner Storagebox via sshfs into /mnt/cloud and added it as Cloudron volume (/media/cloud)
• mounted that volume into the Nextcloud app (uncheck read-only)
• change the datadirectory in config/config.php from 'datadirectory' => '/app/data', to 'datadirectory' => '/media/cloud',
• cp -r /app/data/admin to the mounted volume and touch .ocdata in /media/cloud

That's pretty much it I reckon, if you log in now you have this extra storage available:

I have both, uploaded a few GB manually and the rest via sync client, no errors so far. A restart won't change the datadirectory, so this should continue working after reboots. Encryption is also enabled and working as intended, still waiting for something that doesn't work properly.

Not sure if paying for updates defeats the purpose of having a secure system with rolling auto-updates, people will probably postpone important patches because they want to save a buck

Just did a quick count of the apps and wanted to congratulate @girish and @nebulon to app #100, but I was wrong, there are 105 already, we missed the celebration

So here's to you, keep up the good work!

Wasn't sure where to put that, Support or Discussion, but I just realized that regular admins are able to impersonate a Superadmin and can then do what every Superadmin is allowed to, like change branding, edit backup config and such. I would think this shouldn't be possible, right?

Haven't had the time (or need for my usecase) to migrate to something fancier. Still using PHP Server Monitor, even made an almost complete package. Since I don't need a public status page, this fulfills all my needs (it does ping, monitor certs, check for strings, mail and other services, even custom ports)

I'm using non-superadmin accounts to manage apps and user setup and get this when accessing the support tab:

Since I'm managing that Cloudron, I would be the only one using this tab with the superadmin account. Can we hide that from other admins? I don't think there is much use for that if the customers created separate accounts and opened support tickets, which I will end up resolving anyways

I know this has already been suggested here, but this doesn't go as far as that thread.

There was also a time where we could override this page with custom addresses and disable the form, is that still a thing?

@edapm I've pushed the latest version which has various updates (.ie. latest base image and such) and basically it works, the only 2 things that make problems are email and the slugify feature from node.js.

Here's the repo where you can check it out: https://git.cloudron.io/msbt/strapi-app

After you've built and installed it, you have to run /usr/local/bin/gosu cloudron:cloudron yarn build in the terminal to build the adminpanel, this step can be added to the start.sh as well, but I wanted to do it manually for the time being, because it takes quite a while on slower machines. Talking of which: this step requires 2,5GB+ RAM, so make sure your machine has plenty available. After that you can create an admin user.

Email:

• When I try to use SMTPS, it says error Error: Couldn't send test email: Greeting never received.
• When using SMTP: error Error: Couldn't send test email: Mail command failed: 550 Authenticated user strapi.app@example.com cannot send mail as .

As for the slugify issue: I followed the tutorial from here to dynamically create slugs for collections, but as soon as I edit the modelname.js in /api/collectionname/models/ and add const slugify = require('slugify');, strapi crashes with Error: Cannot find module 'slugify' even though it's in node_modules and referred to from other places - no idea why, if I build strapi on an empty machine with just a few commands, it works without any issues:

apt update
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
apt-get install -y nodejs
npm install --global yarn
yarn create strapi-app cloudron --quickstart --no-run
cd cloudron/
yarn add pg slugify strapi-provider-email-smtp
yarn strapi install email documentation graphql
yarn build
yarn develop

So if you don't need email or slugs, you're good to go

I'm a web developer for a startup and run my own little company on the side which offers programming and hosting for designers, agencies and other customers.

Take a breather and read https://docs.cloudron.io/backups/#import-app-backup - it's just the config of a single backup, not the whole server.

@humptydumpty probably not the intended usecase, but I'm using Hetzner VPS for Cloudron and mount a storagebox into it (via SSHFS), which serves solely as Nextcloud storage. That way the VPS itself can't run out of space (at least not because of NC) and the storage space is easily scaleable. This can be done on multiple servers (the storagebox allows up to 10 connections). So you don't have a quota system, but at least you can expand/scale it easilty up to 10TB with one click when the space gets low.

Quick update on this: A customer of mine refined the package and supplied the code to dynamically enable/disable features and also rebuild the executable on restart. Corresponding MR is here.

Until now custom providers were not usable because adding them required a rebuild of the app (which wasn't working due to readonly fs), with this patch this should work.

cc @girish @nebulon

Hi there! I've been using PHP Server Monitor for years to check my (customers) sites for uptime, valid SSL certificates and the likes. The reason why I haven't packaged this for Cloudron was because of the missing LDAP support which was requested and in the works for quite a few years now. But this got resolved now and it would be good to go when merged to master, so I gave it another shot, here's what I got so far:

https://git.cloudron.io/msbt/phpservermonitor-app

In theory everything works: You can build and install it, visit the site, create an admin user. Then I ran into two issues:

1. I can't set the SMTP password through start.sh because it's encrypted in the db. I already got a hint on how it might work and it does encrypt something, but not the whole thing and I don't know how to fix it. So if you want to use it at the moment, you have to manually insert the correct password in the adminpanel
2. The LDAP fields only show up in the database after activating it in the Config/Authentication tab, so when you want to use LDAP for your users, you can activate it and restart the server, then the information gets written into the db automatically. I've opened another ticket to ask for an unattended installation procedure or some other way to automatically activate it, but no dice so far, but maybe some of you have an idea how to get around that.

After that extra step with restarting after enabling authentication (and setting the mail password automatically afterwards) it's good to go. You have a nice uptime monitor with a lot of settings and options (like check if a string exists, if not --> mark site as down and send email - using that for WordPress sites that have other issues).

If anyone has an idea how to fix the password issue (I just lack the experience for that), would be much appreciated.

Oh yes, at the moment it uses the regular scheduler-addon which does 15 minute intervals, we could easily change this to a manual crontab which then checks whatever interval you like, this was just the easier approach to get it going.

Cheers

federation is working, thanks to the help of the synapse admins and community! Please grab the latest version from here and let me know if it also works for you. You might need to adjust the homeserver.yaml again, probably best if you install a fresh one and compare the config. There might be some finetuning required for preview and such, but since I'm on vacation, that's a topic for another day

While you're touching that, maybe you can also add the time it took from start to finish?

@carrabelloy-0 I guess it's an easy calculation, if 15$/month is too expensive for you, then I don't want to know how much your own time is worth. Depending on your rates, this is only a fraction of an hours work - which Cloudron takes off your shoulders in abundance. So if this is too much, then Cloudron is probably just not for you And of course there's VAT, they have a business, that's what needs to be paid. Just my two cents here...

Ok I've got it to work, but there are some things missing, maybe you can take over from here @girish

Here's the repo: https://git.cloudron.io/msbt/strapi-app

You build it, install it, jump on the terminal, cwd into /app/pkg/cloudron and run yarn build. The build process requires 2GB of RAM, I tried with less and it failed a few times. This step should eventually go into the start.sh, but I was rebuilding a lot, that's why it's still there.

After that the adminpanel is available in /admin where you can create your first user and add data.

What's not working (from what I can see):

• Email (the plugins are installed (nodemailer and such), but something must be wrong with my plugins.js, at some point it complained about a self-signed cert, after that I couldn't get it to work at all)
• Installing/uninstalling plugins, that's why all 7 are installed by default now

Other than that, tests are missing, but it doesn't look so bad.

Does anyone have the docker-registry working with authentication? I've tried and it works fine without auth (like my old setup with my custom registry solution), but as soon as I enable user management, the images can't be pushed to the target-cloudron.

Recap of what I was doing:

• installed docker and Cloudron cli on a new linux machine
• installed the docker-registry app on Cloudron X (docker.example.com), added a user ("docker") on X and set its credentials in Cloudron Y settings
• git cloned an app of mine on the linux machine
• cloudron login (on Cloudron Y) and docker login docker.example.com
• docker build -t docker.example.com/my-app .
• docker push docker.example.com/my-app
• cloudron install --image docker.example.com/my-app -l myapp

Up until the last step everything works fine, but the containers can't get pushed/downloaded on Cloudron Y, this is what happens:

CLI response:
App installation error: Installation failed: Unable to pull image docker.example/my-app. Please check the network or if the image needs authentication. statusCode: 500

App log:

Feb 06 22:35:08 box:docker downloadImage docker.example.com/my-app
Feb 06 22:35:08 box:docker Downloading image docker.example.com/my-app. attempt: 1
Feb 06 22:35:08 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:15 box:docker Downloading image docker.example.com/my-app. attempt: 2
Feb 06 22:35:15 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:21 box:docker Downloading image docker.example.com/my-app. attempt: 3
Feb 06 22:35:21 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:26 box:docker Downloading image docker.example.com/my-app. attempt: 4
Feb 06 22:35:26 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:31 box:docker Downloading image docker.example.com/my-app. attempt: 5
Feb 06 22:35:31 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:37 box:docker Downloading image docker.example.com/my-app. attempt: 6
Feb 06 22:35:37 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:42 box:docker Downloading image docker.example.com/my-app. attempt: 7
Feb 06 22:35:42 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:47 box:docker Downloading image docker.example.com/my-app. attempt: 8
Feb 06 22:35:47 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:53 box:docker Downloading image docker.example.com/my-app. attempt: 9
Feb 06 22:35:53 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:58 box:docker Downloading image docker.example.com/my-app. attempt: 10
Feb 06 22:35:58 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:58 box:apptask myapp.cloudrony.com error installing app: BoxError: Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500
Feb 06 22:35:58 box:apptask myapp.cloudrony.com updating app with values: {"installationState":"error","error":{"message":"Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500","reason":"Docker Error","taskId":"6145","installationState":"pending_install"}}
Feb 06 22:35:58 box:taskworker Task took 55.403 seconds
Feb 06 22:35:58 box:tasks setCompleted - 6145: {"result":null,"error":{"stack":"BoxError: Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500\n at /home/yellowtent/box/src/docker.js:141:40\n at /home/yellowtent/box/node_modules/dockerode/lib/docker.js:119:7\n at /home/yellowtent/box/node_modules/docker-modem/lib/modem.js:265:7\n at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/docker-modem/lib/modem.js:284:9)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)","name":"BoxError","reason":"Docker Error","details":{},"message":"Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500"}}
Feb 06 22:35:58 box:tasks 6145: {"percent":100,"result":null,"error":{"stack":"BoxError: Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500\n at /home/yellowtent/box/src/docker.js:141:40\n at /home/yellowtent/box/node_modules/dockerode/lib/docker.js:119:7\n at /home/yellowtent/box/node_modules/docker-modem/lib/modem.js:265:7\n at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/docker-modem/lib/modem.js:284:9)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)","name":"BoxError","reason":"Docker Error","details":{},"message":"Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500"}}

Docker logs:

Feb 06 22:35:10 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:10.977369199Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:10 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:10.977424454Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:13 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:13.063771584Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Feb 06 22:35:16 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:16.277251730Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:16 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:16.277311467Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:21 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:21.573447894Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:21 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:21.573505543Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:26 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:26.857404427Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:26 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:26.857459284Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:32 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:32.156592002Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:32 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:32.156667957Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:37 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:37.455109662Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:37 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:37.455163318Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:41 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:41.812898340Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Feb 06 22:35:42 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:42.576830368Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Feb 06 22:35:42 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:42.748936700Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:42 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:42.748989045Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:48 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:48.041591964Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:48 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:48.041658716Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:53 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:53.335916491Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:53 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:53.335978423Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:58 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:58.616154482Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:58 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:58.616210521Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"

Does anyone have this working as a standalone registry (without gitlab)? No idea what to make of the docker logs with the character thing.

Cheers, M

nice, thank you too @girish, always glad to see my contributions going live (and also learn to improve future packages )