P
I noticed that only my superadmin can change the role of other users. Is this correct? I would expect that also regular admins can demote/elevate other users up until their pay grade.
It also not reflected in the docs: https://docs.cloudron.io/user-management/#roles
Thanks!
Hey,
I recently started to give colleagues access to Cloudron apps. Did initial training on what Cloudron is, and how it relates to the actual apps. But more than once I got feedback like: "I dont know how log in to this app, I dont have credentials, or do I?"
In some login journeys (eg Penpot) its not immediately obvious that the users now need their Cloudron credentials.
I think it would be an easy UX win to make it more obvious that this is the Cloudron login form and an app managed login.
Cheers, Sebastian
Just packaged it for myself. In case anyone wants to do this:
Basically follow the packaging Tutorial: https://docs.cloudron.io/packaging/tutorial/
CloudronManifest.json
{
"title": "Postgrest",
"version": "0.0.1",
"healthCheckPath": "/",
"httpPort": 3000,
"manifestVersion": 2
}
install image directly from postgrest Docker Hub https://hub.docker.com/r/postgrest/postgrest
cloudron install --image postgrest/postgrest
And then configure by setting env vars on the app via Cloudron CLI
https://postgrest.org/en/stable/references/configuration.html
eg
cloudron env set --app YourAppName "PGRST_DB_URI=postgresql://user:pwd@host:port/db"
@hakunamatata For simple stuff Im always happy with United-Domains. But if you need IaC, automation and APIs Hetzner, etc might be the better bet.
Off-topic as well, but we shape our modern society partly with our wallets. Funding contexts that we want to strengthen and defunding ones we (for whatever reason) do not want to support is part of modern live as conscious buyers and participants of our economies. From a company point of view political/compliance/risk reasons can very well be drivers for technical decisions, even if they steer away from the subjectively "best" solution. So I understand your approach very well. My company will not immediately switch established vendors we are already using. Migration cost is not 0. But for new investments we will also evaluate the current geo political situation (and risk) and probably lean towards european vendors in the future.
@girish fair points. And I agree "Recommended/Popular" is difficult for all the reasons you mentioned. Something like GH stars imo just gives a datapoint for exploration to the users and still leaves the choice to them. (A bit like IMDB ratings on movies sites :)) In my experience they are a strong indicator of what to expect from a project in terms of maturity, usability and support.
Thx @nebulon ! This could be part of the First Time Usage hints or docs at https://docs.cloudron.io/apps/postiz/ - just not a very obvious behaviour by Postiz
@girish said in Add a"Staff Choice" badge/filter to App Store apps:
I don't want to be part of the decision-making of our end user.
First off: im new here. Just discovered Cloudron a few weeks ago. Super impressed! And quite a nice community. And here goes my point: You are already part of the decision making. Or at least together with the community that votes for packages to get included. The App Store is already a curated selection 
But I can see the direction you are coming from. I mean in the end a feature like GH Stars would safe me 2 clicks, so I would say its definitely a nice-to-have and nothing more.
Thanks for the good work!
I know the information is available when one knows where to look. Its just not obvious. Keywords being "tiny icon"
Also often users do not bookmark Cloudron itself, but the actual app url. Which I think is totally fine. Users should not need to think about Cloudron. Its just SSO for them.
And this only affects some login flows. Often apps have a "Login with Cloudron" button on their login page. Eg FreeScout
This does make it more obvious whats going on.
But some apps dont, which can lead to confusion for users. Eg Penpot has this login page:
Which leads directly to the Cloudron SSO page
A very short text addition like "Login with your Cloudron credentials" would already make things much clearer for users here.
@BrutalBirdie thanks for the effort. Please tell if you need some debuging infos from our side.
Ok, answered my own question by ... trying out Seems I can install multiple instances of apps with Cloudron. Nice!
Hi all!
Have not been able to find a concrete answer to the following:
I want to run another web server on the same VM as Claudron. So I can web proxy to some services in docker containers I want to run. What are my options?
What are the best practices here?
Thanks!
P.S. Using the LAMP stack Claudron app is not going to work for me.
Is this still talked about in 2025? I struggle myself to find "the best" or at least "the most popular" option in the App Store. @marcusquinn idea to use Github Stars mirrors my manual approach. Should be straight forward to implement with the github API given a known repo URL.
@andreasdueren Cool, thx! Will try that approach and report back.
@BrutalBirdie yes! I dont think it needs much more than this. In the end its an SSO login page. It should tell you what credentials to put in (eg Facebook, Microsoft, Twitter, Cloudron, etc).
Servus,
when trying to uninstall an app (in this case Komga) I get the following error in the console:
External Error: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable
Cloudron is running on a Hetzner VM with default settings. Any idea how to approach this?
Here are the latest logs from the box:
Mar 21 06:19:35 box:taskworker Starting task 110. Logs are at /home/yellowtent/platformdata/logs/2c7ed3c1-2ea3-4994-9fe9-2b833ea0765c/apptask.log
Mar 21 06:19:35 box:taskworker Running task of type app
Mar 21 06:19:35 box:apptask run: startTask installationState: pending_uninstall runState: running
Mar 21 06:19:35 box:tasks update 110: {"percent":20,"message":"Deleting container"}
Mar 21 06:19:35 box:shell reverseproxy /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
Mar 21 06:19:35 box:shell 2025/03/21 05:19:35 [notice] 1008907#1008907: signal process started
Mar 21 06:19:35 box:apptask deleteContainer: deleting app containers (app, scheduler)
Mar 21 06:19:35 box:shell apptask /usr/bin/sudo -S /home/yellowtent/box/src/scripts/configurelogrotate.sh remove 2c7ed3c1-2ea3-4994-9fe9-2b833ea0765c
Mar 21 06:19:35 box:tasks update 110: {"percent":30,"message":"Teardown addons"}
Mar 21 06:19:35 box:services teardownAddons: Tearing down ["localstorage","oidc"]
Mar 21 06:19:35 box:services teardownAddons: Tearing down addon localstorage with options {"sqlite":{"paths":["/app/data/komga/database.sqlite","/app/data/komga/tasks.sqlite"]},"ftp":{"uid":1000,"uname":"cloudron"}}
Mar 21 06:19:35 box:services teardownLocalStorage
Mar 21 06:19:35 box:shell services /usr/bin/sudo -S /home/yellowtent/box/src/scripts/clearvolume.sh rmdir /home/yellowtent/appsdata/2c7ed3c1-2ea3-4994-9fe9-2b833ea0765c/data
Mar 21 06:19:35 box:shell : No such file or directory
Mar 21 06:19:35 box:shell rmdir: failed to remove '/home/yellowtent/appsdata/2c7ed3c1-2ea3-4994-9fe9-2b833ea0765c/data'
Mar 21 06:19:35 box:services Tearing down OpenID connect
Mar 21 06:19:35 box:services teardownAddons: Tearing down addon oidc with options {"loginRedirectUri":"/login/oauth2/code/cloudron"}
Mar 21 06:19:35 box:tasks update 110: {"percent":40,"message":"Cleanup file manager"}
Mar 21 06:19:35 box:tasks update 110: {"percent":50,"message":"Deleting app data directory"}
Mar 21 06:19:35 box:tasks update 110: {"percent":60,"message":"Deleting image"}
Mar 21 06:19:35 box:docker deleteImage: removing cloudron/org.komga.cloudronapp:202503120856450000
Mar 21 06:19:35 box:tasks update 110: {"percent":70,"message":"Unregistering domains"}
Mar 21 06:19:35 box:network/generic getIPv4: querying ipv4.api.cloudron.io to get server IPv4
Mar 21 06:19:35 box:network/generic getIPv6: querying ipv6.api.cloudron.io to get server IPv6
Mar 21 06:21:06 box:network/generic getIPv6: Error getting IP. Error: Timeout of 30000ms exceeded at RequestBase._timeoutError (/home/yellowtent/box/node_modules/superagent/lib/request-base.js:712:17) at Timeout.<anonymous> (/home/yellowtent/box/node_modules/superagent/lib/request-base.js:727:12) at listOnTimeout (node:internal/timers:581:17) at process.processTimers (node:internal/timers:519:7) { timeout: 30000, code: 'ECONNABORTED', errno: 'ETIME', response: undefined, retries: 2 }
Mar 21 06:21:06 box:apptask run: app error for state pending_uninstall: BoxError: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable at Object.getIPv6 (/home/yellowtent/box/src/network/generic.js:74:15) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Object.getIPv6 (/home/yellowtent/box/src/network.js:162:20) at async Object.unregisterLocations (/home/yellowtent/box/src/dns.js:312:18) at async uninstall (/home/yellowtent/box/src/apptask.js:777:5) { reason: 'External Error', details: {} }
Mar 21 06:21:06 box:tasks setCompleted - 110: {"result":null,"error":{"stack":"BoxError: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable\n at Object.getIPv6 (/home/yellowtent/box/src/network/generic.js:74:15)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async Object.getIPv6 (/home/yellowtent/box/src/network.js:162:20)\n at async Object.unregisterLocations (/home/yellowtent/box/src/dns.js:312:18)\n at async uninstall (/home/yellowtent/box/src/apptask.js:777:5)","name":"BoxError","reason":"External Error","details":{},"message":"Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable"}}
Mar 21 06:21:06 box:taskworker Task took 90.895 seconds
Mar 21 06:21:06 box:tasks update 110: {"percent":100,"result":null,"error":{"stack":"BoxError: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable\n at Object.getIPv6 (/home/yellowtent/box/src/network/generic.js:74:15)\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\n at async Object.getIPv6 (/home/yellowtent/box/src/network.js:162:20)\n at async Object.unregisterLocations (/home/yellowtent/box/src/dns.js:312:18)\n at async uninstall (/home/yellowtent/box/src/apptask.js:777:5)","name":"BoxError","reason":"External Error","details":{},"message":"Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable"}}
Mar 21 06:21:06 BoxError: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable
Mar 21 06:21:06 BoxError: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable
Mar 21 06:21:06 BoxError: Unable to detect IPv6. API server (ipv6.api.cloudron.io) unreachable
I see it might have something to do with Cloudron unable to detect the public IP of the Hetzner server.
Hi,
Disk usage for me show have quite a lot of used space for "Everything else" 75GB+ - seems implausible big to for my actual usage.
Does this also count files on mounted network drives?
Thx
Just recheck... and I can do this. Was 100% it was not possible. Might have been an "between my ears" problem, sry
Hi,
Im trying to connect to a CIFS drive (Hetzner StorageBox) but didnt succeed. After some debugging it seems that the CIFS ports (139,445) are not allowed in the Cloudron iptables config.
I already ran sudo systemctl restart cloudron-firewall and rebooted the machine.
I followed this Hetzner guide to mount from CLI: https://docs.hetzner.com/storage/storage-box/access/access-samba-cifs
$ sudo mount.cifs -o user=uxxxxx,pass=xxxxx,iocharset=utf8 //uxxxxxx.your-storagebox.de/backup /mnt/cifs-test
mount error(115): Operation now in progress
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
CLOUDRON_RATELIMIT all -- anywhere anywhere
CLOUDRON all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
CLOUDRON_RATELIMIT all -- anywhere anywhere
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain CLOUDRON (1 references)
target prot opt source destination
DROP all -- anywhere anywhere match-set cloudron_blocklist src
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp multiport dports ssh,http,202,https
ACCEPT tcp -- anywhere anywhere multiport dports 3478,5349
ACCEPT udp -- anywhere anywhere multiport dports 3478,5349
ACCEPT udp -- anywhere anywhere multiport dports 50000:51000
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- 172.18.0.0/16 p2-main-htz multiport dports 3002,3003
ACCEPT udp -- 172.18.0.0/16 anywhere udp dpt:domain
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level debug prefix "Packet dropped: "
DROP all -- anywhere anywhere
Chain CLOUDRON_RATELIMIT (2 references)
target prot opt source destination
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:http flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:https flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: SET name: public-22 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:ssh state NEW recent: UPDATE seconds: 10 hit_count: 5 name: public-22 side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:202 state NEW recent: SET name: public-202 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:202 state NEW recent: UPDATE seconds: 10 hit_count: 5 name: public-202 side: source mask: 255.255.255.255
tcp -- anywhere anywhere tcp dpt:222 state NEW recent: SET name: public-222 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:222 state NEW recent: UPDATE seconds: 10 hit_count: 5 name: public-222 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:ldaps flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG tcp -- anywhere anywhere tcp dpt:3004 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG tcp -- !172.18.0.0/16 172.18.0.0/16 tcp dpt:2525 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 50
CLOUDRON_RATELIMIT_LOG tcp -- !172.18.0.0/16 172.18.0.0/16 tcp dpt:sieve flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 50
CLOUDRON_RATELIMIT_LOG tcp -- !172.18.0.0/16 172.18.0.0/16 tcp dpt:9993 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 50
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:2525 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:3002 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:sieve flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:9993 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:9995 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:postgresql flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:redis flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG tcp -- 172.18.0.0/16 172.18.0.0/16 tcp dpt:27017 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
Chain CLOUDRON_RATELIMIT_LOG (19 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 2/min burst 5 LOG level debug prefix "IPTables RateLimit: "
DROP all -- anywhere anywhere
Chain DOCKER (3 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:postgresql
ACCEPT tcp -- anywhere 172.18.0.3 tcp dpt:2003
ACCEPT udp -- anywhere 172.18.19.208 udp dpt:8443
ACCEPT tcp -- anywhere 172.18.0.5 tcp dpt:ssh
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
DROP all -- anywhere anywhere match-set cloudron_blocklist src
RETURN all -- anywhere anywhere
Any ideas what to do here? thx!