RE: Bitwarden - Self-hosted password manager

@girish that gives me the same error but pinging works

bitwardenrs-app on master [!?] via ⬢ v12.7.0
➜ cloudron login my.cloudron.io
ERROR (node:55034) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. [ internal/process/warning.js:27:3 ]
ERROR Cloudron my.cloudron.io not found.
Try providing the admin location, probably my.my.cloudron.io [ /Users/kdj/.nvm/versions/node/v12.7.0/lib/node_modules/cloudron/src/helper.js:71:29 ]
bitwardenrs-app on master [!?] via ⬢ v12.7.0 took 18s
➜ ping my.cloudron.io
PING my.cloudron.io (45.55.2.141): 56 data bytes
64 bytes from 45.55.2.141: icmp_seq=0 ttl=50 time=188.063 ms
64 bytes from 45.55.2.141: icmp_seq=1 ttl=50 time=181.041 ms
64 bytes from 45.55.2.141: icmp_seq=2 ttl=50 time=237.531 ms

@girish Yes, the situation is the same with or without "--allow-selfsigned"
BTW I'm on macOS 10.15

Again, there's trouble with cloudron cli. I tried to login but it gives me the following errors:

cloudron login --allow-selfsigned
Cloudron Admin Domain: my.domain.com
ERROR (node:51749) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification. [ internal/process/warning.js:27:3 ]
ERROR Cloudron my.domain.com not found.
Try providing the admin location, probably my.my.domain.com [ /Users/user/.nvm/versions/node/v12.7.0/lib/node_modules/cloudron/src/helper.js:71:29 ]

What am I doing wrong?

@yusf I guess they are talking about the DAV-bridge, but I'm not sure....

@yusf There are dedicated apps for Android and a web app as well as a desktop DAV bridge for Linux / Apple / Windows. An iOS App is announced.

I have one SSD and one HDD in my homeserver running Cloudron 4.2.6 - neither are shown in "Graphs"...

You can craft a query to crash any Unbound server prior to version 1.9.4.

This impacts not only Unbound servers, but a huge amount of downstream services that use Unbound as a dependency for secure services. (Think Let's Encrypt)

This bug was found as a result of the ongoing audit of Unbound by us (OSTIF) and X41 D-sec. A more detailed report on the audit and the fixes will be available soon as we wrap things up.

More Info:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241033
https://nlnetlabs.nl/pipermail/unbound-users/2019-October/011832.html

The current version of Wallabag is 2.3.8 (https://github.com/wallabag/wallabag/releases), Cloudron packages 2.3.6...

Fixes since then:

• Add ability to match many domains for credentials #3937
• Enable no-referrer on img tags, enable strict-origin-when-cross-origin by default #3943
• Fix Intl Locale issue #3964
• material: fix left padding on non-entry pages #3901
• Make dev/install/update script posix compatible #3860
• epub: fix exception when articles have the same title #3908
• Fix PHP warning #3909
• material: add metadata to list view #3942
• Remove preview picture from share view page #3922
• Fix bad order parameter in the API #3841
• Update composer.json to add php-tidy (ext-tidy) #3853
• Add dedicated email for site config issue #3861
• Fix read & starred status in Pocket import #3819
• Fix broken 2 factor auth logo image #3869
• Fix CORS for API #3882
• Add support of expect parameter to change return object when deleting entry #3887
• epub export: fix missing cover image, only for exports of one article #3886
• Allow optional --ignore-root-warning #3885
• material: fix left padding of content on medium screens #3893
• material: hide creation date from card actions on specific sizes #3894

Shiori has a docker image now: https://hub.docker.com/r/radhifadlillah/shiori/

It seems there's a Docker image for the fulltext search backend engine on Nextcloud, now: https://github.com/nextcloud/fulltextsearch/wiki/Basic-Installation

@iamthefij but import / export does not work for attachments, right? Or are these somehow migrateable?

@fbartels said in Spigot-MC-Server:

I know "don't feed the troll", but

@murgero said in Spigot-MC-Server:

At this point, I am no longer going to work on this.

Props for keeping up so long with this ungrateful and entitled behavior.

True. I have rarely read such convoluted and rude statements.

@iamthefij Maybe the migration scripts by the author work that are mentioned here?

* Start bitwarden_rs with and empty mysql database, so diesel can run migrations and set up the schema properly. Do not do anything else.
* Stop bitwarden_rs.
* Dump your existing sqlite database: sqlite3 db.sqlite3 .dump > sqlitedump.sql
* Drop schema creation and diesel metadata from your dump, leaving only your actual data: grep "INSERT INTO" sqlitedump.sql | grep -v "__diesel_schema_migrations" > mysqldump.sql

* Load your MySQL dump: mysql -u bitwarden -p bitwarden < mysqldump.sql

* Start bitwarden_rs
ˋˋˋ

@murgero
I didn’t know SOGo did full text search. I used (MailstoreHome on a windows machine and have that in a VM.... Nad imported my GMail account to my new mail provider.

@vjvanjungg https://www.netcup.eu/ (English)

Relevant for the next TT-RSS update:

https://discourse.tt-rss.org/t/some-plugins-are-getting-renamed/2685

plugin host has a priority-based system for hooks now so this stupid hack with adding endless Zs to names is finally no longer needed.
therefore, some plugins are getting de-zz-ified. because tt-rss class loader expects class name for plugins to match plugin directory name, you will need to rename some external plugins after next git update, if you were using them:

af_zz_img_phash -> af_img_phash
af_zz_api_resize -> api_resize_media

bundled plugins are going to rename themselves after git checkout, but you will need to enable them again in preferences -> plugins if you were using them.

af_zz_imgproxy -> af_proxy_http

for plugins that use native plugin storage (not required but that’s where plugin settings are):

update ttrss_plugin_storage set name = 'Af_Img_Phash' where name = 'Af_Zz_Img_Phash'
update ttrss_plugin_storage set name = 'Af_Proxy_Http' where name = 'Af_Zz_ImgProxy'

Several security issues were identified in nginx HTTP/2
implementation, which might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516).

The issues affect nginx compiled with the ngx_http_v2_module (not compiled by default) if the "http2" option of the "listen" directive is used in a configuration file.

The issues affect nginx 1.9.5 - 1.17.2.
The issues are fixed in nginx 1.17.3, 1.16.1.

https://vuls.cert.org/confluence/pages/viewpage.action?pageId=56393752

https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/

Today we are releasing updates to NGINX Open Source and NGINX Plus in response to the recent discovery of vulnerabilities in many implementations of HTTP/2. We strongly recommend upgrading all systems that have HTTP/2 enabled.
In May 2019, researchers at Netflix discovered a number of security vulnerabilities in several HTTP/2 server implementations. These were responsibly reported to each of the vendors and maintainers concerned. NGINX was vulnerable to three attack vectors, as detailed in the following CVEs:

• CVE-2019-9511 (Data dribble)
• CVE-2019-9513 (Resource loop)
• CVE-2019-9516 (Zero‑length headers leak)

We have addressed these vulnerabilities, and added other HTTP/2 security safeguards, in the following NGINX versions:

• NGINX 1.16.1 (stable)
• NGINX 1.17.3 (mainline)
• NGINX Plus R18 P1

@murgero said in Open ports in firewall:

This might change in the future though as the project I believe was stated somewhere else that might move away from IPT.

I think Cloudron intends to move to ufw which still uses iptables, see https://forum.cloudron.io/topic/1838/replace-iptables-with-nftables

@imc67
You can open ports but again, it's unsupported. See for an example: https://forum.cloudron.io/post/3278 and then make the rule persistent: https://forum.cloudron.io/topic/1780/cloudron-overrides-iptables-persistent/ (see the last 4 posts in that thread)

@d19dotca said in Bitwarden - Self-hosted password manager:

@necrevistonnezr - He means delete the DNS entry from your DNS service provider itself for the domain. So if you already have bitwarden.domain.com in your DNS listing for your domain, then remove the bitwarden entry and then re-create with Cloudron.

That was not the issue since I did not have a subdomain entry in my DNS settings (I have a wildcard DNS entry). The issue was that cloudron-cli was not able to connect to my cloudron properly (TLS, https issues) for reasons I don't know (I told support about it).

After using cloudron login --allow-selfsigned I was able to build and update the bitwarden...