authentik is an open-source Identity Provider focused on flexibility and versatility. You can use authentik in an existing environment to add support for new protocols, implement sign-up/recovery/etc. in your application so you don't have to deal with it, and many other things.
https://goauthentik.io/
https://github.com/goauthentik/authentik
https://goauthentik.io/docs/installation/docker-compose/
I have packaged Odoo successfully.
Please check out http://github.com/njsubedi/cloudron-odoo
I had to patch the default Database connection function to prevent Odoo from connecting to the database named “postgres” from different places.
Otherwise, everything is working as expected. Simply clone the repo, and then from inside the repo, run
cloudoron build
cloudron install -l <subdomain.yourcloudron.tld>
Please post any error logs or problems here so I can continue to improve it.
Update: somehow LDAP login is failing; need to look into it.
I will be attempting to package this app this weekend. I will post updates in this thread.
@ianhyzy I finally managed to run Keycloak on Cloudron after a few days of trying. Most of the code is from this repository. The author seemed to have used a heavily modified configuration file, tailored to fit their needs. Also they had a two-step build system, where they pushed a customized Keycloak image to the hub, then the actual Cloudron app made use of the previously pushed image. That didn't seem necessary.
So, I wrote a simple build script that would:
The app I put together is based on cloudron/base:3.2 and makes use of the freshly exported and customized configuration file, which IMO is more compatible with Keycloak updates.
I'll publish the code on Github this weekend. I'm planning to use this instance to install Outline because it now supports a custom OIDC auth provider.
Cheers!
@girish Please check this out. I previously packaged Keycloak but suddenly the Keycloak team decided to deprecate the Wildfly version and started supporting Quarkus runtime. So I had to re-package it again. Took a while during the weekdays.
I have also packaged Outline: https://github.com/njsubedi/cloudron-outline, thanks to the work @klawitterb started. Still no success with passport-ldapauth but since I've also packaged Keycloak, LDAP auth is no longer a blocker for Outline. I also added some more details on the manifest/POSTINSTALL.md file if anyone is interested. It would be awesome if minio was available as an addon.
I recommend someone with more knowledge of passport-ldapauth to try adding support for authenticating cloudron users.
@girish That worked. By the way, is there a plan to package Keycloak? I managed to run Keycloak and Outline on Cloudron. Keycloak needed some patching to make it work on the read-only system without mounting everything to /app/data. Outline wiki app can be easily set up to authenticate using Keycloak. Both apps seem to be working as they should. Do you think we can publish those apps to the Cloudron App Store? That would be my first experience publishing an app.
Currently, I am packaging the Outline app to directly authenticate with the Cloudron user directory without the need to install Keycloak. If anyone is interested, I published a little more details in my blog. I'm doing another write-up describing the issues I solved while packaging Keylcloak.
Re: Swagger Editor - define REST api
I have been using Postman with my team for developing and publishing APIs for our services, but the costs are adding up pretty quickly ($15/user/month), and still no support for SSO.
I am moving to Swagger Editor, Swagger Codegen & Swagger UI, but it would be great if I could install it inside my Cloudron instance instead of paying for another server.
I noticed that your documentation makes use of Swagger, so I am sure it would be fairly easy to add support for the same.
Please don't forget to upvote if you think it's a good idea.
I have packaged Odoo, and posted about it here.
https://forum.cloudron.io/topic/1256/odoo-distributed-business-apps/25?_=1647263459265
As our team is growing, people start moving out, and sometimes we need to add temporary staff, so there are 2x many users that are marked as not active. The "Users" list is quite hard to navigate. There's a pagination of 20-100 results per page, which is somewhat helpful, but still no way to only show active users.
If there was a way to only show Active users like the screenshot above, that would be much helpful.
Thank you!
@infogulch I think that's doable. I'll see if I can get it working.
Update available: Outline v0.63.0
@nebulon Thanks for the quick fix. I can confirm it works. No ipv6 on my cloudron yet.
If you look at the logs at /app-logs/users you'll see all logins seem to have originated from the docker network.
Please fix this. Thanks!
I would love it if Cloudron supported PowerDNS as a DNS backend. I want wildcard certificate from Let’s Encrypt but it required a programmable backend.
I like to run my own DNS server- a hidden primary that isn’t published (eg. no hostname) and multiple secondary servers across different geolocations. This gives a lot of freedom, and most importantly gives me as little TTL as I want.
Unfortunately, I’ve not been able to use it for my Cloudron.
@luckow did you try logging in for the second time? As I have mentioned, first-time login still fails. Also if you could raise an issue on Github with the contents of “/run/logs/odoo.log” as soon as you log in, I can look into it.
After updating to org.jitsi.cloudronapp@0.2.0 the app won't restart because of the error.
Mar 16 12:58:38 JVB 2022-03-16 07:13:38.869 INFO: [29] HealthChecker.run#171: Performed a successful health check in PT0.000002S. Sticky failure: false
Mar 16 12:58:45 2022-03-16 07:13:45,876 WARN received SIGTERM indicating exit request
Mar 16 12:58:45 2022-03-16 07:13:45,877 INFO waiting for jicofo, nginx, prosody, videobridge to die
Mar 16 12:58:46 2022-03-16 07:13:46,879 INFO stopped: videobridge (terminated by SIGTERM)
Mar 16 12:58:47 2022-03-16 07:13:47,174 INFO stopped: prosody (exit status 0)
Mar 16 12:58:47 2022-03-16 07:13:47,178 INFO stopped: nginx (exit status 0)
Mar 16 12:58:47 Jicofo 2022-03-16 07:13:47.178 WARNING: [236] org.jivesoftware.smack.AbstractXMPPConnection.callConnectionClosedOnErrorListener: Connection XMPPTCPConnection[focus@auth.meet.yarsa.org/focus] (0) closed with error
Mar 16 12:58:47 org.jivesoftware.smack.XMPPException$StreamErrorException: system-shutdown You can read more about the meaning of this stream error at http://xmpp.org/rfcs/rfc6120.html#streams-error-conditions
Mar 16 12:58:47 <stream:error><system-shutdown xmlns='urn:ietf:params:xml:ns:xmpp-streams'/><text>Received SIGTERM</text></stream:error>
Mar 16 12:58:47 at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:981)
Mar 16 12:58:47 at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$700(XMPPTCPConnection.java:913)
Mar 16 12:58:47 at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:936)
Mar 16 12:58:47 at java.base/java.lang.Thread.run(Thread.java:829)
Mar 16 12:58:47 2022-03-16 07:13:47,180 INFO stopped: jicofo (terminated by SIGTERM)
Mar 16 12:58:50 => Ensure directories
Mar 16 12:58:50 => Create configs
Mar 16 12:58:50 ==> Configuring static assets
Mar 16 12:58:50 ==> Configuring SASLauthd for LDAP
Mar 16 12:58:50 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
Mar 16 12:58:51 => Ensure directories
Mar 16 12:58:51 => Create configs
Mar 16 12:58:51 ==> Configuring static assets
Mar 16 12:58:51 ==> Configuring SASLauthd for LDAP
Mar 16 12:58:51 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
Mar 16 12:58:52 => Ensure directories
Mar 16 12:58:52 => Create configs
Mar 16 12:58:52 ==> Configuring static assets
Mar 16 12:58:52 ==> Configuring SASLauthd for LDAP
Mar 16 12:58:52 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
Mar 16 12:58:53 => Ensure directories
Mar 16 12:58:53 => Create configs
Mar 16 12:58:53 ==> Configuring static assets
Mar 16 12:58:53 ==> Configuring SASLauthd for LDAP
Mar 16 12:58:53 /app/code/start.sh: line 17: CLOUDRON_LDAP_URL: unbound variable
Previously I had enforced 2FA for all users. Today, I saw that the checkbox was turned off. I turned it on. Then clicked "Save". The following error is shown, without any network request.
Note: My account has 2FA enabled. I don't know why the message is shown when I have enabled 2FA in my admin account. I disabled and re-enabled 2FA to see if this error goes away, but it doesn't.
After refreshing the page, the "Require users to set up 2FA" is automatically turned off.
@girish I'd say it is ready to be released as an unstable app. I tried restarting, reinstalling, updating, etc, and everything is working fine. I'm still unsure whether to keep the IMAP settings or remove it, because recvmail is mostly deprecated.
As other members said, there will be missing out on a lot of community addons but sooner or later they will be updated to support the latest Odoo version.