Use Cloudron Logins for host protected settings

@MiroTalk said in Use Cloudron Logins for host protected settings:

@cvachery said in Use Cloudron Logins for host protected settings:

Thanks to @MiroTalk in the latest version it works and the config is nearly perfect
Only issue is still one identified erlier that anonymous users can create room if they go to the specific

Should be fixed in both MiroTalk P2P v.1.3.79 & MiroTalk SFU v.1.5.80. Cheers.

Yeah I am still having issue with this / cannot figure out the correct settings to prevent anonymous user room creation.

Basically, I am trying to limit room creation to registered Cloudron User, but still keep the possibility for anonymous users to join a room once created.

At the moment, my MiroTalk SFU app has its cloudron setting access control set to "Only allow the following users and groups".

I do have a custom config.js with the following:

    host: {
        /*
            Host Protection (default: false)
            To enhance host security, enable host protection - user auth and provide valid
            usernames and passwords in the users array.
        */
        protected: true,
        user_auth: false,
        users: [
            /*
            {
                username: 'username',
                password: 'password',
            },
            {
                username: 'username2',
                password: 'password2',
            },
            ...
            */
        ]
    },

Yet room creation is still allowed for anonymous users.

I could set user_auth to true and provider "provide valid usernames and passwords in the users array." as mentioned in the config.js comment, but my understanding is that this will void/conflict with the cloudron OIDC integration.

Of course, I am likely missing something so I am wondering if anyone got this working properly and if/when so, what are the proper settings for preventing room creation by anonymous users.

Many thanks,

Dupe from https://forum.cloudron.io/post/87474

Quick update - The issue had nothing to do with Cloudron server and everything to do with the Nginx Proxy Manager host sitting in front of the Cloudron server.

Good time to mention that NPM in front of a Cloudron server is not an officially supported Cloudron setup.

Yet, with this being said, once Websockets relay was enabled on NPM proxy host, everything fell into places.

Many many thanks for @nebulon and the cloudron team for their support as always.

I cannot see anything relevant in the logs.

Everything seems to work fine aside from an occasional df command on a NFS mounted volume failing because of permission issue (I will look into this eventually)

Thanks @nebulon

(any) Browser console shows the following error, repeating with each re-connection attempt:

Uncaught Error: Could not dispose an addon that has not been loaded
    _wrappedAddonDispose https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:8
    dispose https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:8
    activate https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    $ https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    activate https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    loadAddon https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:8
    loadAddon https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    setTimeout handler*connect/< https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
terminal-Dbp64GzL.js:8:31585
    _wrappedAddonDispose https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:8
    dispose https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:8
    activate https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    $ https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    activate https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    loadAddon https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:8
    loadAddon https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: setTimeout handler)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    (Async: EventListener.handleEvent)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9
    AsyncFunctionNext self-hosted:807
    (Async: async)
    connect https://url-of-cloudron-server.here/frontend/assets/terminal-Dbp64GzL.js:9

The following is also present in a similar manner:

GET wss://url-of-cloudron-server.here/api/v1/apps/f2f6e4a2-7c5b-4c09-85a5-92fbd63aceec/exec/911d8af29d7724ccbd3e741b9e80c1854cbe863ec065b07b21cef11af69d520c/startws?tty=true&rows=32&columns=282&access_token=jbHcIERcTg8tcUJXdqIM4PaQmqVy8wW4tm5FTI8xXNZ
NS_ERROR_WEBSOCKET_CONNECTION_REFUSED

I am still facing this issue -
Does anyone have an idea where to look? Is there any logs of sort which could be helpful?

OK I am running in circle on this one. So I am hoping some dose of collective wisdom can put me on the right path:

On my Cloudron server (v8.0.6, Ubuntu 24.04.1 LTS), all my apps are in a state of "running" and appear as if they are running correctly (at least each app work the way they are intended).

The issue: no matter which app, when I try to use an app terminal, I am faced with a never ending circle of connecting/reconnecting, without ever being presented with a prompt. Hence the app terminal is unusable.

Tried multiple browsers.
Tried multiple computers.
So I'd venture that this is most likely on the server / Cloudron since there is nothing of significance I can observe network-wise.
However, "cloudron-support --troubleshoot" does not bring up any errors or warnings.

Search on the forum did not return anything other that problem isolated to a given app.
Search in the docs did not yield anything significant.

What would be the next steps to take to troubleshoot this situation?

Hi @ekevu123
If memory serves, I ran into this in some instances earlier.
Depending on the way you mount your block, you might have to check the "ignore permission" flag on the folder properties, of the node/peer "owning" the folder (i.e. node where the folder is mounted):

As far as I know, doing this had no incidence on the sync on any ends/peers, other than allowing this setup to operate. -
I hope that this helps.

Unless mistaken, this was already mentioned here
See @girish response:

we have introduced a new environment variable (just last week) in next release - https://git.cloudron.io/cloudron/box/-/commit/daa8a60da282fc3c8bbccd4b2b1a4920c2b06812 . After the release, we have to adjust the apps to use the text in the environment variable. And then, Branding view will set that variable.

So it seems, it is coming.

Quick related question: is there a list of Cloudron email notifications and their triggers somewhere?

I know of the Events/Webhooks/API possibilities and I have heard of (potential/future) other email notifications, but I am not clear on what email notifications a Cloudron server generates at present times.

Also I suppose it only works so long as outbound email is properly setup on the related Cloudron server.
I suppose what I am asking is where can I find more information about Email notification related to a Cloudron Server?

I could not find any specific info about email notifications in Cloudron docs. Hopefully I have not missed something otherwise apologies in advance.

@nebulon Quick maintenance note (feel free to hide/delete as needed): nothing major, but there seems to have been an involuntary minor version bump in the forum posts at least.
Freescout is still on 1.8.xxx, Cloudron releases show "Update FreeScout to 1.9.xxx"

For a moment I though FreeScout had a bigger update than it currently add.
Thanks!

@nebulon I am actually just trying to access (transfer files) a mounted volume via either Webdav, SMB, SFTP or S3. I was hoping to use one of the "light" (e.g. not nextcloud or wordpress) app from Cloudron to do so, but so far no cigar..

I have tried Surfer, Cubby, LAMP -Next on the line is Minio to see if this is possible. However you might have another idea/trick in mind?

Many thanks again,

Thanks @JLX89 - yeah I thought so too.

I tried actually but could not access the mounted volume, only the default app data.

I might have missed something in my test though. Have you had (or anyone else) success with this already?

Thanks @nebulon - that answers it.

As a side question, in there any app in Cloudron library offering R/W SFTP or Webdav access to mounted volume?

Many thanks,

Hi,

I had this short question:

While we can mount additional volumes to the app via the cloudron admin interface, is there a way to access the mounted volume through the cubby webapp / webdav interface?

I have not found a way so far but maybe I am missing something.

Many thanks,

@scooke indeed!
in approaching these situation, I am a fan of breaking things into "ingestible" bits / smaller actionable parts.
But it doesn't mean I have cracked this nutshell...

@robi Thanks for this.

• LLM: I really need to up my skills on this. Do you know of good resources for developing via LLMs? Any recommendations about a particularity relevant LLM to use in this context?

• Customer interest / hiring: without putting the cart before the wheels, I am also wondering how to determine a ballpark figure of the cost involved here. Say I shop around and get offers back, is there/do you know of a good way to evaluate if this is fairly market priced or simply out of proportions?

Naturally, there are far more questions around the corner - starting with choosing a relevant dev stack depending on the choosen direction.

Any sharing of related resource or experience, is very much appreciated.

@girish docker compose seems to rely on these:

• https://github.com/Swetrix/swetrix-api
• https://github.com/Swetrix/swetrix-fe

Other dependencies:

• Clickhouse
• Redis

Does this help?

About Swetrix:

Swetrix is a cookieless Google Analytics alternative that does not invade your users' privacy.
This is the way analytics should be: GDPR compliant, lightweight and easy to use.

---

Additional links:

Website: https://swetrix.com/
source: https://github.com/Swetrix
docs: https://docs.swetrix.com/
roadmap: https://github.com/orgs/Swetrix/projects/2
License: Swetrix is released under the AGPL v3.0 licence

Selfhosting/docker info:
source: https://github.com/Swetrix/selfhosting
docs: https://docs.swetrix.com/selfhosting/how-to

---

Additional info:

• Made in Ukraine
• Use Redis
• unclear about the costs (if any) when selfhosting
• recently released v2

Hi all,

A short off topic question, humbly pooling community wisdom:

• Let's say you have an app idea (nothing too complicated but also not a static website), and while you can mostly read an interpret code, web dev is not your current daily occupation.
  You start with a "blank canva" (albeit the idea is pretty well defined - and you know it fits a need, albeit somewhat niche) and have no attach to one or another tech stack.

• Naturally, you want to start simple before adding more relevant features (so the potential to further develop and add on the existing is important)

• Ideally, you would want to have a first version in the next 8-10 months and while your time cannot be 100% dedicated to this, you are ready to devote a fair amount of resources to this project (whether it is time or money). You are willing to fail but do not hope or expect to. Succeeding means your app will be used, nothing more, nothing less. But it also means it would open the door to other projects.

• Ultimately, you imagine a PWA or web app with mobile apps, with auth integration (OIDC, LDAP etc..) and easy to update, maintain and deploy (did I hear Cloudron app?).
  You are not interested in being at the forefront of the tech trends (AI, AR/VR etc.. ) at this stage, yet you wouldn't close the door on possibilities.

**

Question: Which way would you go to make this happen, in today's world?

Would it be to go at it alone, learn from books, training, people etc.. and make this happen?
Would it be to go the AI way and see how far this leads, while learning?
Or find a someone (contractor dev or "co founder" or else) with whom you convince to share your idea and hope to be able to rely on a long cooperation?
Something else?

What's is your best advice/experience with this?

**

There is such a compelling community of Cloudronians that I though it would be interesting to ask.
Thanks in advance for your thoughts!