How to build (custom) apps using the docker-registry

Since I was documenting what I was doing to debug errors, here's a short how-to for people who want to use the docker-registry app with authentication to build their own apps. Before submitting I realized that @girish already made a post here, but that was without the registry so I'm posting it either way

Prerequisites:

A machine that has both, docker and the cloudron cli installed and of course one or two Cloudrons for the apps to build and/or install

Docker: https://docs.docker.com/engine/install/ubuntu/
Cloudron CLI: https://docs.cloudron.io/custom-apps/cli/

How to build apps and push to your Docker-Registry

install the docker-registry app on a cloudron (if possible don't use a production server), e.g. docker.example.com (you might want to create a dedicated user to work with it). Add the URL and docker credentials to your target cloudron in Settings / Private Docker Registry

Optional: use the Cloudron Build Service

install the Build Service app, e.g. https://build.example.com, open the terminal or file manager of the app and enter your docker credentials in /app/data/docker.json. After those changes reboot the build service app to make sure the correct registry is in there. You can directly login to your build service (no trailing slash in the url! see https://docs.cloudron.io/apps/build-service/ for more information) via
$ cloudron build --set-build-service (enter https://build.example.com)

clone any repo you want to build
$ git clone https://git.cloudron.io/cloudron/lamp-app

cwd into the cloned git directory
$ cd lamp-app/

With local build

login to the docker-registry with your credentials (as non root user you might need to use sudo when issuing docker commands)
$ docker login docker.example.com

build the thing (use custom lamp-app:tags if you want specific tag names)
$ docker build -t docker.example.com/lamp-app .

push to the registry - this does not work without logging in first
$ docker push docker.example.com/lamp-app

install on your target cloudron after logging in via cloudron login
$ cloudron install --image docker.example.com/lamp-app

With the Build Service

If you're using the build service, you can just run
$ cloudron build and enter your docker-repo (e.g. docker.example.com/lamp-app)
and after logging in to your cloudron
$ cloudron install --image docker.example.com/lamp-app

If you updated an app, you can use cloudron update to push a new version for an existing app.

Cheers, M

Not sure if paying for updates defeats the purpose of having a secure system with rolling auto-updates, people will probably postpone important patches because they want to save a buck

Just did a quick count of the apps and wanted to congratulate @girish and @nebulon to app #100, but I was wrong, there are 105 already, we missed the celebration

So here's to you, keep up the good work!

Haven't had the time (or need for my usecase) to migrate to something fancier. Still using PHP Server Monitor, even made an almost complete package. Since I don't need a public status page, this fulfills all my needs (it does ping, monitor certs, check for strings, mail and other services, even custom ports)

Ok I've got it to work, but there are some things missing, maybe you can take over from here @girish

Here's the repo: https://git.cloudron.io/msbt/strapi-app

You build it, install it, jump on the terminal, cwd into /app/pkg/cloudron and run yarn build. The build process requires 2GB of RAM, I tried with less and it failed a few times. This step should eventually go into the start.sh, but I was rebuilding a lot, that's why it's still there.

After that the adminpanel is available in /admin where you can create your first user and add data.

What's not working (from what I can see):

• Email (the plugins are installed (nodemailer and such), but something must be wrong with my plugins.js, at some point it complained about a self-signed cert, after that I couldn't get it to work at all)
• Installing/uninstalling plugins, that's why all 7 are installed by default now

Other than that, tests are missing, but it doesn't look so bad.

I'm a web developer for a startup and run my own little company on the side which offers programming and hosting for designers, agencies and other customers.

@atrilahiji I think that's one of the reasons why the exception flags were added to proxyauth, but you'd need to stick to default naming to not break the thing, @jimcavoli suggested that here.

@edapm I've pushed the latest version which has various updates (.ie. latest base image and such) and basically it works, the only 2 things that make problems are email and the slugify feature from node.js.

Here's the repo where you can check it out: https://git.cloudron.io/msbt/strapi-app

After you've built and installed it, you have to run /usr/local/bin/gosu cloudron:cloudron yarn build in the terminal to build the adminpanel, this step can be added to the start.sh as well, but I wanted to do it manually for the time being, because it takes quite a while on slower machines. Talking of which: this step requires 2,5GB+ RAM, so make sure your machine has plenty available. After that you can create an admin user.

Email:

• When I try to use SMTPS, it says error Error: Couldn't send test email: Greeting never received.
• When using SMTP: error Error: Couldn't send test email: Mail command failed: 550 Authenticated user strapi.app@example.com cannot send mail as .

As for the slugify issue: I followed the tutorial from here to dynamically create slugs for collections, but as soon as I edit the modelname.js in /api/collectionname/models/ and add const slugify = require('slugify');, strapi crashes with Error: Cannot find module 'slugify' even though it's in node_modules and referred to from other places - no idea why, if I build strapi on an empty machine with just a few commands, it works without any issues:

apt update
curl -sL https://deb.nodesource.com/setup_14.x | sudo bash -
apt-get install -y nodejs
npm install --global yarn
yarn create strapi-app cloudron --quickstart --no-run
cd cloudron/
yarn add pg slugify strapi-provider-email-smtp
yarn strapi install email documentation graphql
yarn build
yarn develop

So if you don't need email or slugs, you're good to go

Ok so quick update here: I was following the mount procedure from the first link and it's looking good! However, I started with a fresh installation instead of moving my files around, but seeing as it worked out, migrating an existing installation should be no problem either.

So what I did:

• deployed a new Cloudron with Nextcloud installed on a fresh CPX21 on Hetzner Cloud (kept it at 40GB though, might scale down if performance allows it)
• mounted a 5TB Hetzner Storagebox via sshfs into /mnt/cloud and added it as Cloudron volume (/media/cloud)
• mounted that volume into the Nextcloud app (uncheck read-only)
• change the datadirectory in config/config.php from 'datadirectory' => '/app/data', to 'datadirectory' => '/media/cloud',
• cp -r /app/data/admin to the mounted volume and touch .ocdata in /media/cloud

That's pretty much it I reckon, if you log in now you have this extra storage available:

I have both, uploaded a few GB manually and the rest via sync client, no errors so far. A restart won't change the datadirectory, so this should continue working after reboots. Encryption is also enabled and working as intended, still waiting for something that doesn't work properly.

@humptydumpty probably not the intended usecase, but I'm using Hetzner VPS for Cloudron and mount a storagebox into it (via SSHFS), which serves solely as Nextcloud storage. That way the VPS itself can't run out of space (at least not because of NC) and the storage space is easily scaleable. This can be done on multiple servers (the storagebox allows up to 10 connections). So you don't have a quota system, but at least you can expand/scale it easilty up to 10TB with one click when the space gets low.

Hi there! I've been using PHP Server Monitor for years to check my (customers) sites for uptime, valid SSL certificates and the likes. The reason why I haven't packaged this for Cloudron was because of the missing LDAP support which was requested and in the works for quite a few years now. But this got resolved now and it would be good to go when merged to master, so I gave it another shot, here's what I got so far:

https://git.cloudron.io/msbt/phpservermonitor-app

In theory everything works: You can build and install it, visit the site, create an admin user. Then I ran into two issues:

1. I can't set the SMTP password through start.sh because it's encrypted in the db. I already got a hint on how it might work and it does encrypt something, but not the whole thing and I don't know how to fix it. So if you want to use it at the moment, you have to manually insert the correct password in the adminpanel
2. The LDAP fields only show up in the database after activating it in the Config/Authentication tab, so when you want to use LDAP for your users, you can activate it and restart the server, then the information gets written into the db automatically. I've opened another ticket to ask for an unattended installation procedure or some other way to automatically activate it, but no dice so far, but maybe some of you have an idea how to get around that.

After that extra step with restarting after enabling authentication (and setting the mail password automatically afterwards) it's good to go. You have a nice uptime monitor with a lot of settings and options (like check if a string exists, if not --> mark site as down and send email - using that for WordPress sites that have other issues).

If anyone has an idea how to fix the password issue (I just lack the experience for that), would be much appreciated.

Oh yes, at the moment it uses the regular scheduler-addon which does 15 minute intervals, we could easily change this to a manual crontab which then checks whatever interval you like, this was just the easier approach to get it going.

Cheers

@carrabelloy-0 I guess it's an easy calculation, if 15$/month is too expensive for you, then I don't want to know how much your own time is worth. Depending on your rates, this is only a fraction of an hours work - which Cloudron takes off your shoulders in abundance. So if this is too much, then Cloudron is probably just not for you And of course there's VAT, they have a business, that's what needs to be paid. Just my two cents here...

federation is working, thanks to the help of the synapse admins and community! Please grab the latest version from here and let me know if it also works for you. You might need to adjust the homeserver.yaml again, probably best if you install a fresh one and compare the config. There might be some finetuning required for preview and such, but since I'm on vacation, that's a topic for another day

@girish I can tell you that it doesn't make much sense in German either

Ok I just realized that strapi already has a built in slug-system, so that solution I was working on was already obsolete (there's a UID field available which can take any other field and slugify it properly). This means the only thing that's missing is email

nice, thank you too @girish, always glad to see my contributions going live (and also learn to improve future packages )

@p44 cwd into the folders and check if all of them are complete backups, there are probably app backups from updates in those folders, they aren't listed in the backups view, only when you open each apps settings.

Because I just gave a user the "User Manager" role (I thought this would enable a user to manage the users of a certain group): It would be awesome to lock that user-manager to a specific domain/group, so all other users won't be visible to that person.

Same goes for admin vs. group-admin (admin = global, group admin can only install/manage apps, email and users on the (primary-) groups he's added. This way you can let people manage their own users without interfering with other groups. Does that explanation make sense?

@neurokrish check out this post

@humptydumpty I've had that as well, usually a hard refresh (ctrl + shift + r on windows or cmd + shift + r on osx) solves the issue

Does anyone have the docker-registry working with authentication? I've tried and it works fine without auth (like my old setup with my custom registry solution), but as soon as I enable user management, the images can't be pushed to the target-cloudron.

Recap of what I was doing:

• installed docker and Cloudron cli on a new linux machine
• installed the docker-registry app on Cloudron X (docker.example.com), added a user ("docker") on X and set its credentials in Cloudron Y settings
• git cloned an app of mine on the linux machine
• cloudron login (on Cloudron Y) and docker login docker.example.com
• docker build -t docker.example.com/my-app .
• docker push docker.example.com/my-app
• cloudron install --image docker.example.com/my-app -l myapp

Up until the last step everything works fine, but the containers can't get pushed/downloaded on Cloudron Y, this is what happens:

CLI response:
App installation error: Installation failed: Unable to pull image docker.example/my-app. Please check the network or if the image needs authentication. statusCode: 500

App log:

Feb 06 22:35:08 box:docker downloadImage docker.example.com/my-app
Feb 06 22:35:08 box:docker Downloading image docker.example.com/my-app. attempt: 1
Feb 06 22:35:08 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:15 box:docker Downloading image docker.example.com/my-app. attempt: 2
Feb 06 22:35:15 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:21 box:docker Downloading image docker.example.com/my-app. attempt: 3
Feb 06 22:35:21 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:26 box:docker Downloading image docker.example.com/my-app. attempt: 4
Feb 06 22:35:26 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:31 box:docker Downloading image docker.example.com/my-app. attempt: 5
Feb 06 22:35:31 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:37 box:docker Downloading image docker.example.com/my-app. attempt: 6
Feb 06 22:35:37 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:42 box:docker Downloading image docker.example.com/my-app. attempt: 7
Feb 06 22:35:42 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:47 box:docker Downloading image docker.example.com/my-app. attempt: 8
Feb 06 22:35:47 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:53 box:docker Downloading image docker.example.com/my-app. attempt: 9
Feb 06 22:35:53 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:58 box:docker Downloading image docker.example.com/my-app. attempt: 10
Feb 06 22:35:58 box:docker pullImage: will pull docker.example.com/my-app. auth: yes
Feb 06 22:35:58 box:apptask myapp.cloudrony.com error installing app: BoxError: Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500
Feb 06 22:35:58 box:apptask myapp.cloudrony.com updating app with values: {"installationState":"error","error":{"message":"Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500","reason":"Docker Error","taskId":"6145","installationState":"pending_install"}}
Feb 06 22:35:58 box:taskworker Task took 55.403 seconds
Feb 06 22:35:58 box:tasks setCompleted - 6145: {"result":null,"error":{"stack":"BoxError: Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500\n at /home/yellowtent/box/src/docker.js:141:40\n at /home/yellowtent/box/node_modules/dockerode/lib/docker.js:119:7\n at /home/yellowtent/box/node_modules/docker-modem/lib/modem.js:265:7\n at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/docker-modem/lib/modem.js:284:9)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)","name":"BoxError","reason":"Docker Error","details":{},"message":"Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500"}}
Feb 06 22:35:58 box:tasks 6145: {"percent":100,"result":null,"error":{"stack":"BoxError: Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500\n at /home/yellowtent/box/src/docker.js:141:40\n at /home/yellowtent/box/node_modules/dockerode/lib/docker.js:119:7\n at /home/yellowtent/box/node_modules/docker-modem/lib/modem.js:265:7\n at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/docker-modem/lib/modem.js:284:9)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)","name":"BoxError","reason":"Docker Error","details":{},"message":"Unable to pull image docker.example.com/my-app. Please check the network or if the image needs authentication. statusCode: 500"}}

Docker logs:

Feb 06 22:35:10 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:10.977369199Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:10 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:10.977424454Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:13 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:13.063771584Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Feb 06 22:35:16 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:16.277251730Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:16 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:16.277311467Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:21 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:21.573447894Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:21 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:21.573505543Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:26 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:26.857404427Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:26 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:26.857459284Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:32 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:32.156592002Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:32 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:32.156667957Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:37 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:37.455109662Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:37 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:37.455163318Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:41 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:41.812898340Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Feb 06 22:35:42 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:42.576830368Z" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Feb 06 22:35:42 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:42.748936700Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:42 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:42.748989045Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:48 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:48.041591964Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:48 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:48.041658716Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:53 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:53.335916491Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:53 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:53.335978423Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"
Feb 06 22:35:58 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:58.616154482Z" level=info msg="Attempting next endpoint for pull after error: invalid character '<' looking for beginning of value"
Feb 06 22:35:58 my.cloudrony.com dockerd[1433]: time="2021-02-06T21:35:58.616210521Z" level=error msg="Handler for POST /images/create returned error: invalid character '<' looking for beginning of value"

Does anyone have this working as a standalone registry (without gitlab)? No idea what to make of the docker logs with the character thing.

Cheers, M

@doodlemania2 works, so the actual link would be https://matrix.to/#/#apppackaging:thedoodleproject.net

A rather low priority thing, but I though I'd leave it here to keep in mind: When I open up the users view and refresh the page, the sorting is always different, not alphabetical or sorted by date, it's just random (or so it seems). Could be an issue if you have a many users and look for a specific one but don't know the exact name

@mehdi there were/are cases in which no email is being sent, when internal healthchecks are positive but the app is broken (either working or non-working, e.g. bitwarden, failed postgres migration in nextcloud/surfer)

Ok I gave it another try, because jitsi would be one of the few killer applications that are still missing from cloudron, but I can't get it to install properly from the ubuntu repo, probably because of the minimal image discussed here. I did get it to work somewhat on 16.04, but the 18.04 image probably requires a lot more tinkering (or complete manual installation).

Today I had two compromised WordPress installations (one on Cloudron, one on an external webhoster). The webhoster sent me an email with the infected files and asked for removal. Would be a nice addition to cloudron if it scanned the files of certain apps for malware and notifies the admin.

Any thoughts on that?

Best regards

the redis password option just got added to the repo, I'll push the changes when a new release is out.

Oh that is nice, must have missed that new feature, they used to charge 50 cent/DNS entry for each domain a while ago. At the moment my domains are hosted at hetzner but the DNS at cloudflare, would be nice to get them back there

fyi, v1.0.0 got released earlier and I'm working on it. Everything is looking good so far, the only things that aren't working at the moment are videocalls (audio is working) and the integration server, not sure why. Will keep you posted and eventually push the "final" version so people can test it.

@girish hah true, I'll try again next year

this is already available in the app store: https://cloudron.io/store/com.github.shaarli.html

Element (or rather Matrix/Synapse) already features LDAP

@girish said in matrix.org (communication):

We just integrated coturn into master branch yesterday. So, we are waiting for testing it a bit to get matrix published. Otherwise, the first complaint is going to be that voice doesn't work...

nice!

I was trying to shift my focus on hosting (with Cloudron) the last few years but haven't got around to really fine tune everything and get the pricing down so it's a sustainable business model and also attractive for customers (attractive in the sense of presentation, explaining the thing and spreading the word).

My time is split in half, 50% employed at a company and 50% self employed, which most of the time is developing stuff which leaves only little time to get ahead in the hosting business. The websites of my clients mostly end up on one of my bigger Cloudrons, but they don't know that it is Cloudron because they only need their WordPress and sometimes Email.

You can see the current status here https://bits.at/hosting/ - but as mentioned, haven't had much time to invest there the last months so the apps section and the knowledgebase are rather outdated and the pricing needs a bump

Edit: Obivously my primary target audience would be german speaking, but I was looking forward to translate the page for the european market. But again, time being the limiting factor here

This is not an app request because I've already packaged it

What: WBO is an online collaborative whiteboard that allows many users to draw simultaneously on a large virtual board. The board is updated in real time for all connected users, and its state is always persisted. It can be used for many different purposes, including art, entertainment, design, teaching.

Why: Was playing a round of remote-Activity with my niece and nephew and needed a whiteboard to draw on. We know that zoom has a built-in one, but this is more sleek and can also be integrated with jitsi.

Source: https://github.com/lovasoa/whitebophir
Demo: https://wbo.ophir.dev/

Code: https://git.cloudron.io/msbt/wbo-app

I've used the proxyAuth addon for authentication, not sure if this can be disabled in the regular installation process to have a completely public version.

Cloudron 1: Use minio on Cloudron 2 as backup
Cloudron 2: Backup minio to a different datacenter/location

repo isn't maintained anymore though

It was abandoned by the devs and since Ubuntu 16.04 is now EOL, it's now archived

For those using my version and want to migrate to the official cloudron version, this is how you get there (it is a bit hacky, but worked out better in the end than exporting/importing the db and files) - BE CAREFUL WITH THE CLOUDRON CMDS, I DON'T WANT YOU TO MESS UP YOUR SETUPS:

• backup!

• grab the latest version from here

• get the app-id from resources tab/cli/terminal and ssh into your cloudron to update the appstore-id via:

  • mysql -uroot -ppassword
  • use box
  • UPDATE apps SET appStoreId='org.matrix.synapse' WHERE id='your-current-synapse-matrix-app-id';

• go to Updates, check for a new version and update (do that 3 times and you should be on 0.7.0 which is the latest one)

• if you had external users like I did, you might need to adjust the following config items in the new homeserver.yaml

enable_registration: true
allow_guest_access: true
password_config:
  enabled: true
  localdb_enabled: true

• move your media_store files from /app/data/synapse/media_store to /app/data/data/media_store or adjust the path in homeserver.yaml
• restart and test if everything is working, also check https://federationtester.matrix.org/

Depending on your setup, you might also want to check the new config if the server_name is the same as before - else it won't start I think (I was using a subdomain and the main domain is not on cloudron, so I had to rename it to matrix.mydomain.com and also added echo '{ "m.server": "matrix.mydomain.com:443" }' > server to well-known as described above.

I also had to re-verify the devices to read the encrypted history, but that worked out fine and it seems to be all there. To finish up, you can rm -rf the old dirs and files, best to compare with a fresh installation to be on the safe side.

When trying to delete a docker image in the web-ui it throws this error: {"errors":[{"code":"UNSUPPORTED","message":"The operation is unsupported."}]}

I've tried poking around in the config and giving the delete: option one indent to put it in the storage:-block and restarting the container seems to have fixed it.

before:

storage:
  cache:
    blobdescriptor: redis
  filesystem:
    rootdirectory: /app/data/storage
delete:
  enabled: true

after:

storage:
  cache:
    blobdescriptor: redis
  filesystem:
    rootdirectory: /app/data/storage
  delete:
    enabled: true

This is for reference

Cheers

@vjvanjungg not even the docker files. only when you visit the app store and click install on the app you want, it will download the necessary files to your server.

Updated the repo to the latest 2.9.4, as far as I can tell most of the things work.

I did not implement email just yet because I had no use for that, but maybe I can take a look at that soon.

https://git.cloudron.io/msbt/piwigo-app/ - LDAP, themes, plugins are working out of the box, but the users cannot be added to a specific group automatically, the groups filter doesn't work properly.

Best regards

I was thinking on the dashboard icon itself, but left of the docs works for me as well

Just chiming in here because I came back from a short trip and thought everything would be okay (since I didn't get any emails that said otherwise) but then I saw this (no, the first notification is not about the primary domain):

and the Backup-view

So instead of 7 backups (1 per day) I only got two left, the others apparently got cleaned after the backup failed.

Here are my questions:

As you can see, I'm using encrypted tgz as storage format. Wouldn't it double the required space if I added more times to the scheduler?

Why was there no notification if it failed so often?

The logs of the last crash (the app in question was the culprit for earlier crashes, a mid-size Magento store whose cache might interfere with the backup process, but I thought we fixed that along the way):

Sep 13 01:09:35 box:backups some-app.at Unable to backup BoxError: Backuptask crashed
at /home/yellowtent/box/src/backups.js:901:29
at f (/home/yellowtent/box/node_modules/once/once.js:25:25)
at ChildProcess.<anonymous> (/home/yellowtent/box/src/shell.js:77:9)
at ChildProcess.emit (events.js:315:20)
at Process.ChildProcess._handle.onexit (internal/child_process.js:277:12) {
reason: 'Internal Error',
details: {}

hey @yusf, glad to hear that, although I should be updating more often, there has been quite a few updates since I packed it. They say it's not good security-wise to put the client in the same place as the server, that's why I actually removed it from the initial setup that I forked. But I just updated the riot-app itself, you can check it out here: https://git.cloudron.io/msbt/riot-app

It will try to use $APP_DOMAIN as a host, which is exactly what you're not supposed to do (and won't work with the cloudron setup), so you need to edit the config file after the installation.

@girish what if some eager user already updated to 6.3.1, will those issues be resolved or will they run into problems?

You need to cwd into the cloned directory, where all the files are located and run the build and install commands from there.

@girish said in What's coming in 6.4:

Operator role for specific app. This new role will allow assigning a user as "operator" for some apps and that user can then view logs, restart app, increase memory limit etc but without being a cloudron admin as such.

any chance that this update in management comes with a "group admin", who can install/operate apps and add users for specific groups only?

Ok i've tried to add ldap auth and it seems to work, you can pull the new version from here as well: https://git.cloudron.io/msbt/alltube-app

The logs however are filled with [client 172.18.0.1:48102] AH01797: client denied by server configuration - don't know how to get rid of those, pointers would be appreciated. I'm not great with apache, bit we're not too far off there I guess.

Maybe @fbartels knows how, I've heavily borrowed from his repo

This took a while to wrap my head around, but I think I've got it right:

Just installed GitLab to play around a little and was confused by an email chain that happened during setup. After finishing the installation, GitLab tries to send an email from to gitlab.app@mycloudron.com to admin@example.com (sic!) > Subject: Access to the GitLab Instance group was granted

I've set up Integromat to check for bounced Postmark messages to let my users know when their mail wasn't delivered.

So Postmark is trying to contact gitlab.app@mycloudron.com about a bounced message via notify@my-non-cloudron-email.com (using that for notifications), which of course can't be delivered either because gitlab.app@mycloudron.com doesn't accept mails.

So this mail then also bounces back to notify@my-non-cloudron-email.com which eventually informs me that a message bounced, including an attachment about a bounced message. Does that make sense?

This happens two more times (after you set a root password > Subject: Password Changed and after you changed the email address > Subject: Email Changed.

If the owner of example.com decides to create a catchall address, they could easily take over a fresh GitLab by setting the root password before we do.

Took me a minute to understand what's going on, not sure if it's worth fixing, but this messes with my Postmark statistic of bounced email

I've built a package where everything that I've checked out works as intended, except ldap. Not sure what I'm doing wrong or where the problem is, but if you watch their issue tracker, apparently some other people are having ldap issues as well. Either way, maybe someone can check it out and even find a solution for this, to debug you have to remove the comments in /app/data/.env - enable debug and ldap by removing the #:

https://git.cloudron.io/msbt/bookstack-app

Cheers

@girish awesome, works perfectly from what I can see!

This message is on app-level but valid nonetheless. In a week (10th of June) there should be the release of v1.0 and I'll do a rebuild of the container with python 3 and hopefully audio/video support. I'll keep you posted.

@ultraviolet I wrote the steps together here

if anyone is using that, you might want to update to the latest version (2.0.3), else mp3 conversion won't work anymore.

@alphagroup if it's an actual clone, you can just install the initial app, create a backup and clone the app to a new (sub)domain for each customer. If they don't have access, you might want to check out the Cloudron CLI or API and build some Dashboard around that

alright alright alright, v1.0.0 is (mostly) working, as far as I can see only the videochat feature is missing, I'll further investigate when I have the time. Other than that it seems to be looking good, changed to python3, registration including email & activation is working, url preview (which wasn't always before), introduced a new healthcheck page.

Grab it from here and let me know if you encounter any other issues. Not sure if upgrading from older versions work flawlessly, since quite a few config items got introduced and some are required. So if it doesn't work from scratch, install a fresh one on another domain and compare with your current one before upgrading.

Possible things that might need changing if you want the features (depending on the the version you first installed it) in homeserver.yaml:

enable_notifs: true
comment #template_dir
require_transport_security: false
comment #riot_base_url
add public_base_url: https://yourmatrixserver.com
change case url_preview_enabled: true
comment '172.18.0.0/12' in url_preview_ip_range_blacklist

The Riot app also got pushed to 1.2.2, available here as usual.

A company I work for recently prepended/added an [EXTERNAL] text in the mail body if a message was sent from outside the organization (+ some whitelisted domains like trello.com and others that regularly send emails). This should prevent CEO fraud / spear phishing attacks, in case anyone wants to impersonate someone from the company.

They're using Office 365 for that, not sure if this is something we need because Cloudron itself already has a variety of security measures, but could be a nice addition, especially if a company grows fast.

Further reading:
https://o365reports.com/2020/03/25/how-to-add-external-email-warning-message/
https://evotec.xyz/creating-visual-indicators-for-spoofed-external-emails-with-powershell/

Ah nice catch, I haven't tested federation because it used to work. This could be for a number of reasons, either new regular homeserver settings, nginx config or cors related issues. I'll try to narrow it down, thanks for reporting!

@jdaviescoates said in Feature Request: (Optional) ClamAV installation that scans the local storage for malware and notifies the admin:

@msbt in the meantime install WordFence (if you haven't already)? Does a really great job of blocking and detecting most stuff.

thanks for the suggestion, but I tried that, doesn't work with the wordpress app because it can't write into the root directory