Expose disk usage / free space to API (preferably with a readonly token)

From here. So we can monitor the space with tools like Grafana to avoid running out, because the check and notification mails aren't always reliable.

@nebulon ah alright, thanks for the info and thanks for adding a read-only token. I'm going out on limb here and ask if it's possible to add the free disk space to the api so we could monitor that the same way, via grafana or something?

@nebulon what role would that be? I have a regular user but that one only sees App Passwords but no API tokens

@nebulon that's actually how I noticed it, I have an Uptime Kuma on a different box, but I'm not monitoring all my apps But if that's the case, I'll try to think of something. Is it maybe possible to have a read-only API token to fetch all installed apps of a Cloudron? Don't want to add a r/w/d token to an IFTTT tool

One of my Nextcloud instances is using Hetzner Storagebox as primary storage and they just have a small outage, which means the app does not respond anymore - which is great and supposed to happen. But it would be nice if Cloudron sent out an email that the app is not working anymore so an admin can go and identify what's up, wasn't that the case many versions ago?

@LoudLemur you might want to check your comments/codeblocks, not easy to identify Could be many things that happened here, a space that doesn't belong, a missing ' there, are you even in the right directory?

@kris you probably need to chown the files in /app/data/public/ to www-data:www-data with the terminal

@Jeyakumarrathnaselvi jump on the terminal of the Directus app and run env | grep POST, this should give you the credentials you need.

@nebulon perfect, thanks for confirming!

@nebulon this guy suggests to remove the IP address altogether and/or 7 days: https://dr-dsgvo.de/webseiten-logfiles-welche-speicherdauer-ist-zulaessig-eine-datenschutzfrage/ (German)

@nebulon no no, the 7 days are no official requirement, that would be just for this instance to get rid of old logs and data. However, it would be cool if that could be adjusted globally.

I've gotten a lot of requests lately from customers that are using random WordPress templates which are using Google Fonts, because they got mail from a lawyer about illegally using those without consent from the users (a GDPR thing). The claim may be bogus, but they also attached a data inquiry about what is saved for a specific IP address (which you usually have to comply if the request is legit). Which nginx config would I need to adjust to save only 7 instead of 30 (!) days of access/error logs (so I can just wipe them clean and give a negative response) and also retain the config after a Cloudron restart/update?

Best, M

@nothing after being a customer for 6 months you can ask for this feature to be disabled. I am using postmark as well and the only issue I have is the 10MB size limit when sending emails. I've talked to the support multiple times and they put it on their product map, but there's no ETA. Maybe it helps if more people ask for that

@girish said in What's coming in 7.3:

Mailbox quota is implemented:

Uhhh very nice! Will there be a warning via email so users know that they're running low on space and what happens if the storage is already over quota? Will there be auto-replies that the mailbox is full?

@d19dotca funny that you mention them, BunnyCDN was the provider I wanted to check out before any other

thanks for the replies

@nebulon I wanted to avoid Cloudflare traffic, but I reckon it's worth a try

@girish I'll do some local and remote http benching as soon as I have an idea what the actual content of the site will be

@nj thanks for your packaging efforts! I just tried to run odoo and it wouldn't start, it was always looping the First run. Initializing DB... bit. I've jumped in the terminal and ran the cmds manually and eventually figured out, that the /app/data needed chowning to the cloudron-user before it worked - which it now does! So all we need to do is add /app/data/ to https://github.com/njsubedi/cloudron-odoo/blob/main/start.sh#L17

Hey everyone, hope it's ok if I chime in here and ask if anyone has built something in this direction. I'm asking because I got approached to host a static site (basically html, js and a few smaller images) which has trafficspikes where 50k+ users will try to access it for a short period of time and then mostly idles again. How would you go about that, is this doable on Cloudron? I did manage to have 100s of users, but 1000s is a different story

Can the surfer app (being a node server and all) handle that load if there's enough CPU/RAM on the host machine? Or would you rather build a custom nginx app which does nothing but serve compressed static files? Or fire up some smaller VPS, install nginx and use a load balancer to spread the traffic? Any information and suggestion is appreciated

@ApplegateR you can just grab the synapse admin package from here and put it inside a Surfer/LAMP app, it's just static files. You can login with your admin user and manage users and channels.

@Grafnus no you don't need to adjust anything on the image or manifest. When you install it from the appstore, you can set the ports in the installation settings.

@girish true, but some apps (like Teamspeak) rely on additional ports for communication and file transfer, which can only be used once. So if you want to have two Teamspeak servers, the second one needs to use different ports than the first which then also need to be added to the connection-string.

@girish the user might refer to a Nextcloud setup with a mounted volume as data directory which is set in Nextclouds config.php via 'datadirectory' => '/media/cloud', like I've described here - which does not backup the actual files, only Nextcloud data. Using this for months without any issues, should we worry that it will be not supported anymore at some point?

@fbartels I get most of the reasons and I'm using it the same way you suggested, but I once crashed one of my Cloudrons because I installed a wrong docker-compose thing to launch the runners, which either updated or removed Docker, thus killing Cloudron. It was a quick fix to reinstall Docker, but would be nice to have the runners as an app so people don't have to tinker and install things outside the Cloudron ecosystem.

Would be also easier to migrate and such, or launch/start additional runners on different Cloudrons with one click if more are needed without sshing into each box.

@fbartels ah good point, thanks for the clarification! Do you think we can get it to work with the docker addon we have?

@girish oh nice, it seems the woodpecker agents come with single binary files, this could make it easier to set up, right?

@girish thanks, I usually fire up a fresh one and use duplicator to migrate it to the live domain

thanks, I'll give it a go!

edit: already looking good, appreciate it!

@jdaviescoates no particular reason, it just felt more right because only half of them will stay on a Cloudron environment, the rest will eventually migrate to some other provider and I wanted to keep it as vanilla as possible. It's also easier to change PHP versions to see if things are still working afterwards.

Hi there! Quick question about the LAMP app: I'm using that to develop my WordPress sites, local template files get sent to the server after being updated and I would expect to see the changes immediately after a refresh (yes, also tried hard refresh and different browsers), but sometimes it takes up to a minute or maybe even longer until they are actually live. Is there some aggressive caching going on that could be disabled until the site is ready to be published? I also checked with the filemanager, the changes are on the server, but the rendered files are still the old ones.

Any suggestions on how to debug that?

@timka said in MySQL and Postgresql as standalone apps:

@girish I had the same need and was surprised that there's no option. So I Would really appreciate it! PostgreSQL /MySQL, MongoDB and REDIS would be perfect

also Elastic/OpenSearch

@chetbaker there are people around that can do better when it comes to Docker images, that's just not one of my specialities.

@fbartels I'm about to give up, just checked where cal.com wants to write during the yarn process and there are many many folders. The Dockerfile their community provides is also no help, since the URL needs to be supplied during build, which doesn't work in Cloudrons case. So yea, the current status is pretty useless to improve from

@fbartels not yet, because I think you have to build the thing after adding the environment variables and that's a tricky task on the read-only fs. I did take a look at the Dockerfile, which might make it more convenient, but haven't had time yet to copy and try it out

@girish (sorry to hijack) while talking size graphs, would be cool if the Volumes usage would show up in the System Info as well

@guyds I'm already in the restoring process and will disable encryption in the future, since this kind of encryption isn't secure anyways if someone would have access to the storage... Thanks again for your insights!

@guyds hey, thanks for sharing that, I have the exact same setup and I'm trying to troubleshoot that very same issue since yesterday and I'm close to start from scratch because I'm too far down the try and error road. Can you elaborate which keys/files you replaced? Ah I see the solution in your GH post, that won't work here, since I moved all the original data to the storagebox

Best, M

@girish what's the status on this, won't it work properly even with the patched LDAP server?

When trying to check the mail logs in Email -> Log, the superadmin-user works, regular admin throws this error and forwards to the dashboard:
Failed to fetch mail eventlogs. Object { name: "ClientError", statusCode: 403, status: "Forbidden", message: "role 'owner' is required but user has only 'admin'" }

Not sure if this is by design, if it is, we should rather hide the button to avoid confusion.

@nebulon haha oh boy, this is embarrassing, never checked the surfer get --help, thanks

Hi there! Having surfer at the end of a build pipeline is quite nice, but over time the instance grows bigger, even though some assets should no longer be there because they got deleted earlier in the process.

Sure, we could do a surfer del -r -y / before deploying, but this could result in temporary 404s on bigger sites. Some rsync like option would be awesome, is that something that would be in the scope of the surfer app? If not, how is everyone else keeping their servers clean?

@chetbaker I've been working on a package but I'm a bit stuck, will revisit it when they make their next release (they changed from biweekly to monthly tags recently). Also, they're massively reorganizing things and adding features, like jitsi integration got added not too long ago, so a lot of changes are happening there.

@girish nice one! I was about to say, I could swear I tried with AUTH_LDAP_USER_ATTRIBUTE=username as well

@jcgonnard I can't really tell, it's always running in the background and I haven't encountered any issues so far

Instead of the email-address (which is shown afterwards in the Access Control tab of an app), it only shows empty fields during the installation process - which could be a bit tricky if there are more than one invited but not activated user

@girish I tried repacking it with LDAP earlier today and wasted quite some time, because of "Unexpected Errors". But there's an already merged PR that that will come with the next release, maybe that fixes the issue.

For reference, this is what I added to my env file, at least the LDAP tab shows up, but it wouldn't let me in:

export LOG_LEVEL="trace"

export AUTH_PROVIDERS="ldap"
# AUTH_DISABLE_DEFAULT="true"

export AUTH_LDAP_DRIVER="ldap"
export AUTH_LDAP_CLIENT_URL="ldap://172.18.0.1:3002"
export AUTH_LDAP_BIND_DN="cn=...,ou=apps,dc=cloudron"
export AUTH_LDAP_BIND_PASSWORD="superlongpwd"
export AUTH_LDAP_USER_DN="ou=users,dc=cloudron"
export AUTH_LDAP_GROUP_DN="ou=groups,dc=cloudron"

Leaving AUTH_LDAP_BIND_DN and AUTH_LDAP_BIND_PASSWORD empty resulted in the same [Error]: Invalid provider config from the PR, but maybe I'm missing something else.

@girish nice, thanks!

@girish hah indeed, I only checked out http://ohmyform.com/docs/install/ and the corresponding dockerfiles in their ui/api repos, hopefully you're right, have to check again

they finally pushed v1.0.0 2 days ago, but their focus shifted to a docker-only deployment, not sure if this is going to fly with cloudron

@luckow yes, v7.1.2 (Ubuntu 20.04.4 LTS)

Hi there, are there any plans to add LDAP or other means of SSO authentication to the current package? It seems to be supported, but LDAP is not activated in the manifest

@girish I just installed a fresh Directus and it still shows what @markjames mentioned earlier. Are the changes live yet?

@robi it sounds like something that WooCommerce is capable of doing, but since I don't know what you're looking for exactly, not sure about that

@robi DuckSell [deprecated/archived] - last commit was 2y ago, don't think this qualifies

Wasn't sure where to put that, Support or Discussion, but I just realized that regular admins are able to impersonate a Superadmin and can then do what every Superadmin is allowed to, like change branding, edit backup config and such. I would think this shouldn't be possible, right?

@atridad uh nice catch, that would be awesome!

@humptydumpty go to Settings and change the update schedule, in there you can choose to disable automated updates

@nebulon I still have 2 custom apps running on manifestversion 1, what will happen to them if I upgrade before updating those apps?

@fbartels thanks, it does work indeed, I even used your cloudron-surfer image to deploy a demo Hugo to a surfer instance.

Although I would still find it a lot more practical if the runner was an actual part of cloudron, so we go full circle and have all the benefits, like when you migrate everything on a new machine

@fbartels I'm trying to have a complete deployment solution for static pages, like Directus + Gitea + Drone (with Agents) + Surfer on one server which can be given/rented to the customer when the site is finished, so they can have everything in one place and can build/update the website(s) themselves. Would be nice to have it in the GUI (and there's a dashboard on :3000 if you set credentials, right?) and have the possibility to restart if need arises without sshing onto the box. But if it's too tricky or crazy effort, your suggestion will probably be the way to go

@atridad I had to add RUN chmod +x /app/code/start.sh to your Dockerfile in order to install it properly, it was throwing a 400 error.

Is there any chance to add the runners/agents as cloudron apps as well? I was just playing around with the exec runner and couldn't get it to work, but I would think it could be the same as the cloudron-build-service, no?