Impossible to log in any SM account on Postiz

@BrutalBirdie thanks for the effort. Please tell if you need some debuging infos from our side.

Same issue with Instagram. Credentials are set in the .env file as descibed in the docs.

@BrutalBirdie yes! I dont think it needs much more than this. In the end its an SSO login page. It should tell you what credentials to put in (eg Facebook, Microsoft, Twitter, Cloudron, etc).

I know the information is available when one knows where to look. Its just not obvious. Keywords being "tiny icon"

Also often users do not bookmark Cloudron itself, but the actual app url. Which I think is totally fine. Users should not need to think about Cloudron. Its just SSO for them.

And this only affects some login flows. Often apps have a "Login with Cloudron" button on their login page. Eg FreeScout

This does make it more obvious whats going on.

But some apps dont, which can lead to confusion for users. Eg Penpot has this login page:

Which leads directly to the Cloudron SSO page

A very short text addition like "Login with your Cloudron credentials" would already make things much clearer for users here.

Hey,

I recently started to give colleagues access to Cloudron apps. Did initial training on what Cloudron is, and how it relates to the actual apps. But more than once I got feedback like: "I dont know how log in to this app, I dont have credentials, or do I?"

In some login journeys (eg Penpot) its not immediately obvious that the users now need their Cloudron credentials.

I think it would be an easy UX win to make it more obvious that this is the Cloudron login form and an app managed login.

Cheers, Sebastian

Thx @nebulon ! This could be part of the First Time Usage hints or docs at https://docs.cloudron.io/apps/postiz/ - just not a very obvious behaviour by Postiz

@hakunamatata For simple stuff Im always happy with United-Domains. But if you need IaC, automation and APIs Hetzner, etc might be the better bet.

Off-topic as well, but we shape our modern society partly with our wallets. Funding contexts that we want to strengthen and defunding ones we (for whatever reason) do not want to support is part of modern live as conscious buyers and participants of our economies. From a company point of view political/compliance/risk reasons can very well be drivers for technical decisions, even if they steer away from the subjectively "best" solution. So I understand your approach very well. My company will not immediately switch established vendors we are already using. Migration cost is not 0. But for new investments we will also evaluate the current geo political situation (and risk) and probably lean towards european vendors in the future.

Yup, its up again. Took 1 day. Maybe cron/automating the deletion of the .db.db file is something that I will try.

Also just run into this issue. Deleted the .db.db file which fixed it (for now) com.paperlessng.cloudronapp@1.35.0

Just packaged it for myself. In case anyone wants to do this:

Basically follow the packaging Tutorial: https://docs.cloudron.io/packaging/tutorial/

CloudronManifest.json

{
    "title": "Postgrest",
    "version": "0.0.1",
    "healthCheckPath": "/",
    "httpPort": 3000,
    "manifestVersion": 2
}

install image directly from postgrest Docker Hub https://hub.docker.com/r/postgrest/postgrest

cloudron install --image postgrest/postgrest

And then configure by setting env vars on the app via Cloudron CLI
https://postgrest.org/en/stable/references/configuration.html

eg

cloudron env set --app YourAppName "PGRST_DB_URI=postgresql://user:pwd@host:port/db"

Thx for the hint. Will see what Hetzner support has to say.

Just recheck... and I can do this. Was 100% it was not possible. Might have been an "between my ears" problem, sry

Hi,

Im trying to connect to a CIFS drive (Hetzner StorageBox) but didnt succeed. After some debugging it seems that the CIFS ports (139,445) are not allowed in the Cloudron iptables config.

I already ran sudo systemctl restart cloudron-firewall and rebooted the machine.

I followed this Hetzner guide to mount from CLI: https://docs.hetzner.com/storage/storage-box/access/access-samba-cifs

$ sudo mount.cifs -o user=uxxxxx,pass=xxxxx,iocharset=utf8 //uxxxxxx.your-storagebox.de/backup /mnt/cifs-test
mount error(115): Operation now in progress
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
CLOUDRON_RATELIMIT  all  --  anywhere             anywhere            
CLOUDRON   all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
CLOUDRON_RATELIMIT  all  --  anywhere             anywhere            
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain CLOUDRON (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             match-set cloudron_blocklist src
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp multiport dports ssh,http,202,https
ACCEPT     tcp  --  anywhere             anywhere             multiport dports 3478,5349
ACCEPT     udp  --  anywhere             anywhere             multiport dports 3478,5349
ACCEPT     udp  --  anywhere             anywhere             multiport dports 50000:51000
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain
ACCEPT     tcp  --  172.18.0.0/16        p2-main-htz          multiport dports 3002,3003
ACCEPT     udp  --  172.18.0.0/16        anywhere             udp dpt:domain
ACCEPT     all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             limit: avg 2/min burst 5 LOG level debug prefix "Packet dropped: "
DROP       all  --  anywhere             anywhere            

Chain CLOUDRON_RATELIMIT (2 references)
target     prot opt source               destination         
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:http flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:https flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: public-22 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 10 hit_count: 5 name: public-22 side: source mask: 255.255.255.255
           tcp  --  anywhere             anywhere             tcp dpt:202 state NEW recent: SET name: public-202 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:202 state NEW recent: UPDATE seconds: 10 hit_count: 5 name: public-202 side: source mask: 255.255.255.255
           tcp  --  anywhere             anywhere             tcp dpt:222 state NEW recent: SET name: public-222 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:222 state NEW recent: UPDATE seconds: 10 hit_count: 5 name: public-222 side: source mask: 255.255.255.255
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:ldaps flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG  tcp  --  anywhere             anywhere             tcp dpt:3004 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG  tcp  -- !172.18.0.0/16        172.18.0.0/16        tcp dpt:2525 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 50
CLOUDRON_RATELIMIT_LOG  tcp  -- !172.18.0.0/16        172.18.0.0/16        tcp dpt:sieve flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 50
CLOUDRON_RATELIMIT_LOG  tcp  -- !172.18.0.0/16        172.18.0.0/16        tcp dpt:9993 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 50
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:2525 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:3002 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:sieve flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:9993 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:9995 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 500
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:mysql flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:postgresql flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:redis flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000
CLOUDRON_RATELIMIT_LOG  tcp  --  172.18.0.0/16        172.18.0.0/16        tcp dpt:27017 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 5000

Chain CLOUDRON_RATELIMIT_LOG (19 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere             limit: avg 2/min burst 5 LOG level debug prefix "IPTables RateLimit: "
DROP       all  --  anywhere             anywhere            

Chain DOCKER (3 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:postgresql
ACCEPT     tcp  --  anywhere             172.18.0.3           tcp dpt:2003
ACCEPT     udp  --  anywhere             172.18.19.208        udp dpt:8443
ACCEPT     tcp  --  anywhere             172.18.0.5           tcp dpt:ssh

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             match-set cloudron_blocklist src
RETURN     all  --  anywhere             anywhere

Any ideas what to do here? thx!

I noticed that only my superadmin can change the role of other users. Is this correct? I would expect that also regular admins can demote/elevate other users up until their pay grade.

It also not reflected in the docs: https://docs.cloudron.io/user-management/#roles

Thanks!

Hi @joseph thx for checking in.

It looks like Docker is using up more than Cloudron realizes. Is that possible?

Hi,

Disk usage for me show have quite a lot of used space for "Everything else" 75GB+ - seems implausible big to for my actual usage.

Does this also count files on mounted network drives?

Thx

Ok, answered my own question by ... trying out Seems I can install multiple instances of apps with Cloudron. Nice!

Just exploring Pocket Base.

Do I understand correctly that the Pocket Base Package is meant for 1 application running under 1 URL? Is it possible to manage multiple Pocket Base apps with Cloudron?

@girish said in Add a"Staff Choice" badge/filter to App Store apps:

I don't want to be part of the decision-making of our end user.

First off: im new here. Just discovered Cloudron a few weeks ago. Super impressed! And quite a nice community. And here goes my point: You are already part of the decision making. Or at least together with the community that votes for packages to get included. The App Store is already a curated selection But I can see the direction you are coming from. I mean in the end a feature like GH Stars would safe me 2 clicks, so I would say its definitely a nice-to-have and nothing more.

Thanks for the good work!

@girish fair points. And I agree "Recommended/Popular" is difficult for all the reasons you mentioned. Something like GH stars imo just gives a datapoint for exploration to the users and still leaves the choice to them. (A bit like IMDB ratings on movies sites :)) In my experience they are a strong indicator of what to expect from a project in terms of maturity, usability and support.