Calls not working on updated instances past v2.2.22

@james thanks for digging deeper and figuring out the port thing, I didn't have time yet to debug it myself!

I have two Mirotalks and both stopped working after upgrading past v2.2.22. I'm guessing some changes in this commit didn't work well on migrated instances. Participants can see other people join, but the loading circles never disappear, so no video and/or audio.

However, copying the .env settings, installing a fresh Mirotalk and pasting those settings worked out in the end, but it's not great if the rolling updates crash existing instances.

@james it's a Hetzner VPS (CPX51) and I admit, I'm trying to figure out the limits a bit, there are ~70 apps installed on that one, but none of those seem to be hogging a lot of RAM. Backups run at 1:00 in the morning, crash happened at ~8:00ish. I'll keep monitoring to figure out if there's a pattern, but so far I couldn't spot it.

system graphs:

htop:

This happened 2-3 times now on a MiroTalk SFU instance on a beefy machine with plenty of resources left, there are currently 2GB of RAM allocated to MiroTalk. It doesn't do that every week, but every other I would say. There aren't any calls going on since it happens quite early in the morning, no traffic or anything, logs don't say much (at least for me):

Sep 09 07:51:07 2025-09-09T05:51:07Z
Sep 09 07:51:07 ----- Native stack trace -----
Sep 09 07:51:07 1: 0xe36196 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [node]
Sep 09 07:51:07 2: 0x123f4a0 v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, v8::OOMDetails const&) [node]
Sep 09 07:51:07 3: 0x123f777 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, v8::OOMDetails const&) [node]
Sep 09 07:51:07 4: 0x146d1a5 [node]
Sep 09 07:51:07 5: 0x146d1d3 [node]
Sep 09 07:51:07 6: 0x148628a [node]
Sep 09 07:51:07 7: 0x1489458 [node]
Sep 09 07:51:07 8: 0x1cc6071 [node]
Sep 09 07:51:07 <--- JS stacktrace --->
Sep 09 07:51:07 <--- Last few GCs --->
Sep 09 07:51:07 Aborted (core dumped)
Sep 09 07:51:07 FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
Sep 09 07:51:07 [37:0x12386000] 545929425 ms: Mark-Compact 1014.2 (1043.2) -> 1013.4 (1042.9) MB, pooled: 1 MB, 546.68 / 0.06 ms (average mu = 0.073, current mu = 0.037) task; scavenge might not succeed
Sep 09 07:51:07 [37:0x12386000] 545929953 ms: Mark-Compact 1014.2 (1042.9) -> 1013.4 (1043.2) MB, pooled: 1 MB, 502.80 / 0.00 ms (average mu = 0.062, current mu = 0.049) task; scavenge might not succeed
Sep 09 07:51:08 \npm notice
Sep 09 07:51:08 |
Sep 09 07:51:08 npm notice
Sep 09 07:51:08 npm notice Changelog: https://github.com/npm/cli/releases/tag/v11.5.2
Sep 09 07:51:08 npm notice New major version of npm available! 10.9.2 -> 11.5.2
Sep 09 07:51:08 npm notice To update run: npm install -g npm@11.5.2
Sep 09 07:52:06 => Healtheck error: Error: Timeout of 7000ms exceeded
Sep 09 07:52:06 => Healtheck error: Error: Timeout of 7000ms exceeded
Sep 09 07:52:06 => Healtheck error: Error: Timeout of 7000ms exceeded
Sep 09 07:52:06 => Healtheck error: Error: Timeout of 7000ms exceeded
Sep 09 07:52:06 => Healtheck error: Error: Timeout of 7000ms exceeded

Any idea what's going on there or what logs I could check for more info? After it dies it becomes unresponsive and 20 minutes later Cloudron sends the down notice via email, then I can react and restart it.

Thanks a bunch for the list @d19dotca! Quick question about the rest of the setup though: Do you still have entries in the Email ACL DNSBL Zones or is that empty because everything is handled in the custom rules? Like those:

zen.spamhaus.org
bl.mailspike.net
noptr.spamrats.com
dnsbl.sorbs.net

Or is that empty on your side?

@LoudLemur for your bash snippets you should use the code formatting with either a single backtick ` for lines or tripple ones for codeblocks:

cloudron install --location d20.cloudron.dev --image brutalbirdie/$(jq -r .id CloudronManifest.json):$(jq -r .version CloudronManifest.json)

usage stats seem to be quite old (updated 10 days ago?), what happens if you click the refresh icon?

awesome as always, much obliged

@girish yeah I was looking for a txt log/history for convenience and overview of what's going on, is that something you might consider?

@girish are successful logins logged somewhere? And is it possible to check for disabled account attempts? Because in theory they could get in (since the password is valid) but are denied because the account is inactive.

Hi there! Just tried to find any information if Cloudron-logins (and maybe also email) are being logged anywhere, successful or failed ones. Successful logins I could see in the event-log in the UI, is there a corresponding log file and if so, does it also track failed logins? For context: I had to disable several users and want to know if they attempted to get back in.

@girish IPv6 is enabled on the server but not "in use", since some domains that are added manually don't have v6 and I don't want to run into troubles. Those are mostly Hetzner Cloud servers.

@girish exactly, it's disabled in the network view, but still tries to provision. Turns out it's not superbad, apparently it takes one minute per domain until it times out. I just had the case that I had a LAMP with a primary domain & redirect domain and a secondary domain (both apex and www) also as redirects, which nedeed to be split. So I had two minutes of downtime while removing the secondary domain and another 2 minutes of setup-time for the secondary domain on a new LAMP. However, if you have more than one redirect and change anything, that downtime grows quite quickly.

Jun 30 18:10:14 box:dns/waitfordns waitForDns: waiting for example.com to be 123.123.123.123 in zone example.com
Jun 30 18:10:14 box:dns/waitfordns waitForDns: nameservers are ["fred.ns.cloudflare.com","carol.ns.cloudflare.com"]
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 108.162.193.113
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 172.64.33.113
Jun 30 18:10:14 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS fred.ns.cloudflare.com (108.162.193.113). Expecting 123.123.123.123. Match true
Jun 30 18:10:14 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS fred.ns.cloudflare.com (172.64.33.113). Expecting 123.123.123.123. Match true
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 173.245.59.113
Jun 30 18:10:14 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS fred.ns.cloudflare.com (173.245.59.113). Expecting 123.123.123.123. Match true
Jun 30 18:10:14 box:dns/waitfordns resolveIp: Checking A for example.com at 2a06:98c1:50::ac40:2171
Jun 30 18:10:19 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2a06:98c1:50::ac40:2171
Jun 30 18:10:25 box:dns/waitfordns isChangeSynced: NS fred.ns.cloudflare.com (2a06:98c1:50::ac40:2171) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:25 box:dns/waitfordns resolveIp: Checking A for example.com at 1234:5678:58::adf5:3b71
Jun 30 18:10:30 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 1234:5678:58::adf5:3b71
Jun 30 18:10:35 box:dns/waitfordns isChangeSynced: NS fred.ns.cloudflare.com (1234:5678:58::adf5:3b71) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:35 box:dns/waitfordns resolveIp: Checking A for example.com at 2803:f800:50::6ca2:c171
Jun 30 18:10:40 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2803:f800:50::6ca2:c171
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: NS fred.ns.cloudflare.com (2803:f800:50::6ca2:c171) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:45 box:dns/waitfordns waitForDns: example.com at ns fred.ns.cloudflare.com: done
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 108.162.192.80
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS carol.ns.cloudflare.com (108.162.192.80). Expecting 123.123.123.123. Match true
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 173.245.58.80
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS carol.ns.cloudflare.com (173.245.58.80). Expecting 123.123.123.123. Match true
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 172.64.32.80
Jun 30 18:10:45 box:dns/waitfordns isChangeSynced: example.com (A) was resolved to 123.123.123.123 at NS carol.ns.cloudflare.com (172.64.32.80). Expecting 123.123.123.123. Match true
Jun 30 18:10:45 box:dns/waitfordns resolveIp: Checking A for example.com at 2803:f800:50::6ca2:c050
Jun 30 18:10:50 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2803:f800:50::6ca2:c050
Jun 30 18:10:55 box:dns/waitfordns isChangeSynced: NS carol.ns.cloudflare.com (2803:f800:50::6ca2:c050) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:10:55 box:dns/waitfordns resolveIp: Checking A for example.com at 1234:5678:50::adf5:3a50
Jun 30 18:11:00 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 1234:5678:50::adf5:3a50
Jun 30 18:11:05 box:dns/waitfordns isChangeSynced: NS carol.ns.cloudflare.com (1234:5678:50::adf5:3a50) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:11:05 box:dns/waitfordns resolveIp: Checking A for example.com at 2a06:98c1:50::ac40:2050
Jun 30 18:11:10 box:dns/waitfordns resolveIp: No A. Checking CNAME for example.com at 2a06:98c1:50::ac40:2050
Jun 30 18:11:15 box:dns/waitfordns isChangeSynced: NS carol.ns.cloudflare.com (2a06:98c1:50::ac40:2050) not resolving example.com (A): Error: queryCname ETIMEOUT example.com. Ignoring
Jun 30 18:11:15 box:dns/waitfordns waitForDns: example.com at ns carol.ns.cloudflare.com: done
Jun 30 18:11:15 box:dns/waitfordns waitForDns: example.com has propagated

@girish piggybacking on that (also not a 100% sure if I or someone else asked that already): Why is it that letsencrypt is trying to get both, ipv4 and ipv6, in order to provision a certificate, even though ipv6 is disabled in Cloudron? Every time I change something with a location setting, it takes 2 minutes per (sub)domain to check, because ipv6 isn't set up and always fails.

@canadaduane cool, but it seems it's not yet available to the public

@shrey how does it work with SMTP2GO? You add a single account/address as external smtp server and can still send from all email addresses via this one?

My issue is resolved, adding a --allow-other parameter to the mount solved it, thanks @girish and @joseph

@joseph happy to, can you maybe enable chat so we can do that 1:1?

@joseph sure:

/mnt# node -e "console.log(fs.realpathSync('/mnt/media'))"
/mnt/media

Can only speak for my issue, not a symlink:

/mnt# ls -la
total 12
drwxr-xr-x  4 root root 4096 Jun  9 09:21 .
drwxr-xr-x 23 root root 4096 Dec 17 11:10 ..
drwxr-xr-x  1 root root    0 Jun  9 09:22 media
drwxr-xr-x  2 root root 4096 Dec 17 11:31 volumes

Your command doesn't fail, but doesn't give any output either.