RE: running command inside container

it's a one off thing, but preferrable within a script (so it should resolve the local container-id by hostname)

we want to use this in a script which runs locally on the cloudron server - what would be the preferred way here?

for an import script I want to run a bash command inside a (here: nextcloud..) container. This instruction to identify the container from the hostname doesn't seem to work anymore:

https://forum.cloudron.io/post/2011

what's the current approach?

@nebulon ok, not that many requests - any chance to do it anyway? I have no real clue how long something like this takes but it would open quite a lot of possibilities for my tiny hosting business as all our domains are at InternetX. For instance we have a DIY multi client nextcloud server based on docker which we would love to move to cloudron. And InternetX is quite big in Germany, may attract some business..

@nebulon I was maybe not clear enough, the feature request is for sending out an HTTP request when a backup is successful, not reacting to an API request.

We like to monitor our backups with healthchecks.io. The principle behind this is, that you not send an email when an email fails which leaves you in deep water, when, for whatever reason, the mail doesn't arrive/is not seen. Instead you send an email or ping a specific URL at https://healthchecks.io/ when a backup was successful. You then ask healthchecks.io to send you an email if there was no successful backup for X days (and you can manually check the panel there for failed backups).

It should be quite easy to implement.

@nebulon ok, I am an admin and wouldn't want to inject my limited hacking skills into your code - but, as the test just seems to access the nextcloud app URL it would help if you could add ../apps/mail/box/priority as a test to see that nothing crashes and we would risk to roll this out into production (I think as @WiseMetalhead that these featured apps are fairly stable and you don't do too much to the nextcloud code in your repo, do you?)

@nebulon ok and thanks for the clarifications. Everything was quite my understanding of the situation and the reason for the feature request. As email is such an important part of an integrated solution, mayby you can support (and test pre-release) the nextcloud mail app as you test the other mailapps integrated into cloudron itself?

Basically make it a "supported cloudron app".

@WiseMetalhead Says who?

The official cloudron demo warns here to not install nextcloud apps. https://docs.cloudron.io/apps/nextcloud/#email

This is kind of fine for Rainloop etc. which are integrated (with differing perfection) into cloudron itself anyway.

But.. the Nextcloud Mail App has the label "Featured" and I think cloudron should think about supporting these featured apps.

If it is too much hassle to suppurt all featured apps, I am most interested in the Nextcloud Mail app. The reason is, that not that many cloudron admins will host mail accounts on their cloudron servers and only in this configuration an almost seemless integration into cloudron is possible. All external mail needs to be manually configured in some ways before first use and my experience is, that most users are fine with this. For them it's more important, that the integration itself (after the first setup) is good, an as most users spend their time in nextcloud nowadays, it appears, it's much more natural for them to have the mailclient inside nextcloud as well (although the UI is, IMO, a crime).

hi,

any chance to get https://help.internetx.com/display/APIXMLDE/API-Grundlagen+JSON supported as DNS provider?

It's the backend for InternetX, AutoDNS, Schlund and maybe some other resellers.

Certifytheweb (letsencrypt frontend) supports it, so I think it should be doable.

@girish @nebulon
ok, I tried quite a lot and read stuff like this but no success. Any ideas?

@nebulon can you maybe have a look into the other thread, I am a bit stuck but it would be important to get this right for a porject of mine.

@girish thanks, tried it this way and it works now.

@girish done

There is a use case where a user of an app (say: nextcloud) needs to restore a file deleted within the retention period. This is quite dificult right now as the backup feature (or the restore feature thereof) is basically an all or nothing desaster recovery. which overwrites the current state of the app.

You would need to download the backup file from your backup server, decrypt it (optionally) and search for the file.

maybe get some inspiration from duplicacy/duplicati which solves this quite elegantly

coming from rainloop some things changed in regard to login to the ../?admin URL.

this

Admin panel
The admin panel is located at /?admin and is disabled by default.

To enable it, open a File manager and edit the file /app/data/_data_/_default_/configs/application.ini. Set the value of allow_admin_panel to On.

You can now login with the username admin. The password is located at /app/data/_data_/_default_/admin_password.txt.

Restart the app for the changes to take effect.

from here: https://docs.cloudron.io/apps/snappymail/ doesn't seem to work in my app.

I found that I have a line

admin_password =

in /app/data/data/default/configs/application.ini in addition to the file /app/data/data/default/admin_password.txt which seems redundant.

anyways, no combination of passwords in any of these files helped (app has been restarted)

that's not my point. there is a line

admin_password =

(not allow_admin_panel = ) AND the file admin_password.txt which seems redundant.

I will open a thread in the snappymail categorie, thanks @jdaviescoates

@necrevistonnezr ok, restarting the app was new to me, but so I did. no success.

I have the feeling something is messed up here. whe having /app/data/data/default/admin_password.txt

AND the

admin_password =

line in application.ini? which one is it? I followed the documentation to the letter, multiple times and tried some combinations of passwords in admin_password.txt and/or/not in application.ini - no dice.

@support ?

@girish ok, I see and understand the reasoning and for now I think we will be fine.

But I wonder why there shouldn't be a read-only facility to restore single files. On other systems we use duplicacy/duplicati and this works quite well there.

@robi it should work according to this: https://github.com/the-djmaze/snappymail/issues/407

I would look for myself, but I am not sure where to start..

@girish ok, setting the (objectclass=group) query works and verifying finds the correct amount of groups, but the association here:

is not mirrored inside nextcloud:

should this work at all?

@nebulon unfortunately, that's not really practical as this would loose the current state of the app.

we will maintain quite large nextcloud installations and requests for "can you please restore file A as I deleted it by mistake (and cleared the trashbin)" will happen. mh..

@nebulon ok, but as we have encrypted backups, is there a way to manually decrypt them for browsing?

also, are these backups incremental? (the app backups mainly)

@perler ok, snappymail does things different and you document this here: https://docs.cloudron.io/apps/snappymail/

but the applications.ini looks different and holds something that looks like a password hash to me:

anyways, I just don't get into the admin panel in snappymail.

@robi ok, reviving this old thread, is this simple filter supposed to be working in snappymail or not?

Am I right, that a collabora server as a backend for multiple nextcloud installations is not a security risk as there is no way, that a user from nextcloud A can see a document from nextcloud B? Opinions?

@girish thanks, good to know (maybe put it prominently into the rainloop installer..)

but.. having switched to snappymail I can't get into the ../?admin area, whatever I try.

• I tried with admin/12345
• I added admin_password = "12345"
• I added a cloudron admin as an operator and tried to login as such

what am I doing wrong here?

@perler ok, selfhelp at it's best:

I had some misconceptions. First, to add a domain you need to login with user "admin" not with a cloudron user/email who is an admin.

But, this didn't work with the default password "12345" as described in the documentation, I had to add the line

admin_password = "12345"

to the [security] section of application.ini, making it looking like this:

you should choose your own password and disable the admin access when done obviously.

thanks to listening to my ted talk.

(how can I change this topic to "solved"?)

ok, answering myself (in part), the login name to rainloop is not the username of the cloudron admin but the whole email address (which is quite obvious )

but.. after loggin in, the menu to add additional domains is missing:

Is there a way to mount/browse backups?

This would be helpful in a scenario where you delete a file and want to restore a backup from before deletion without re-installing a whole app.

we are planning on hosting servers at hetzner cloud. to avoid the cost of "floating IP" (their name for a static IP) we enabled dynamic IP and forced an IP change.

how long should we wait until this change distributes and is there a manuel update functionality?

DNS is hosted at clodflare.

I want to use rainloop for external domains. So I installed the app, added an internal email address (with the domain of the cloudron box) to being able to login to rainloop, changed the config to

allow_admin_panel = on

but I have trouble logging in to the cloudron admin panel ../?admin URL. I get

authentication failed

what's missing?

@jdaviescoates yes, but some apps are case aware, here: nextcloud. I think it's not quite the correct decision to force lowercase as if it is 1968 but as I said, we can work around this.

@jdaviescoates this is quite obviously not quite true, but thanks, we will manage

@jdaviescoates all right, this complicates things. Is there a reason for this?

We are importing users from a nextcloud installation into cloudron LDAP.

when we import this file:

Tester,tester@domain.com,,Tester Name,

we get this user:

The case of the username has changed from Tester to tester, which is a problem as we sync files from the old nextcloud installation and the data folder of user Tester is

../data/Tester

whereby in the cloudron installation it is

../tester

which gets created at first login instead of using the existing directory.

bug or feature?

@girish I did something slightly different (but maybe not SO uncommon). I created the server and put the clients domain into my own (developer) cloudflare account. After everything worked I created the domain in the client's cloudflare account and changed the NS entries (basically this: https://developers.cloudflare.com/fundamentals/get-started/basic-tasks/manage-domains/move-domain/).

the situation was now, that the API key was still valid but changed the wrong domain entries at cloudflare. so, I imagine cloudron creates the NS entry, checks if this works (which it doesn't) -> brain freeze. Something like this?

@murgero ok, I checked some logs but appearently the wrong ones. where should I have looked?

but I think an error message in the UI would be appropriate?

@fbartels ok, this makes sense, thanks!

we plan an infrastructure like this:

multiple cloudron servers:

server01.ourdomain.com
server02.ourdomain.com

etc.

on each server will run a couple of services.

nextcloud01.ourdomain.com on server01.ourdomain.com

wordpress01.ourdomain.com on server02.ourdomain.com

etc.

DNS provider is cloudflare.

can we just use the same API token on each server and the servers/subdomains will be created with the correct IP or is there something we miss here?

is the my.ourserver.com URL mandatory? because, this wouldn't work as there are multiple servers.

ok, we just remembered, that we moved the DNS entries from one cloudflare account to another, so we had to update the API key as well. Everything is working now. But there should be an error message I think.

@girish ok, this was my mistake, I changed the cloudron admin name here in the forum for privacy reasons and then tried to use this name back on the server

we cleaned up our test box for production, mainly deleting users and groups and just wanted to add another app (nextcloud), but the install button just spins and nothing happens. the same testwise with wordpress. no errors, just the spinning install button. where should we start looking?

@girish ok, the usual question, how long do you think until groups are exposed into nextcloud? (this decides if we are implementing a workaround or wait for you..)

@nebulon ok, I understand.

re the original question, is there a way to import groups and user/group association into LDAP?

@BrutalBirdie
ok, resetting the password is not the problem, this works

@girish
adding the LDAP user to the admin group in the nextcloud UI is working as well, but doing it with occ isn't working as described. is the LDAP username different from the one displayed in nextcloud?

@girish this sounds good.

what we kind of miss in the whole project is some kind of hierarchy in user management, so that we can use cloudron as a multi client server.

for instance, right now, when exposing the groups to nextcloud, the nextcloud group name must be unique within cloudron LDAP, so, another nextcloud instance can't have the same group name. or are we missing something?

ideally:

client 1
    randomgroup
client 2
    randomgroup

right now we are doing it like this by naming:

client1-randomgroup
client2-randomgroup

ok, I try to add an existing user from the cloudron LDAP but this fails:

sudo -u www-data php -f /app/code/occ group:adduser admin cloudronadmin -n

gives

user not found

the user exists in nextcloud (he can log in and a directory with this name exists on the data volume)

when leaving the nextcloud user management to cloudron, which user has admin rights within nextcloud?

we assigned a cloudron superadmin to a group which has operator rights in a nextcloud instance, but all we see is the user settings, not the settings for the whole system.

We try to do a semi-automated migration from nextcloud to cloudtron (with using cloudron for user management).

We now try to import users into the cloudron user management, which is documented (although btw this link is broken:

As far as I can see, we cannot import users into groups which then are mapped to nextcloud groups. Is this right? Is there any LDAP/SQL magic to make this happen or can you point us to where the cloudron user management backend is located, so that we can try it ourselves?

just an update, the syntax for the psql variables has changed, so the conversion script looks like this:

sudo -u www-data php occ db:convert-type \
--password ${CLOUDRON_POSTGRESQL_PASSWORD} \
--clear-schema --all-apps pgsql \
${CLOUDRON_POSTGRESQL_USERNAME} \
${CLOUDRON_POSTGRESQL_HOST} \
${CLOUDRON_POSTGRESQL_DATABASE}

you must run this from within the nextcloud container.

also, I had some dificulties with the mysql migration, the temp mariadb/mysql docker container should match the same type and version as the source. In my case src had mariadb 10.5, so the container from the code sample above (mariadb 10.1) throw some strange errors while importing the sql dump.

I am managing a server for a client and started with a temporary cloudron account associated to the server. The client bought a license with another cloudron account. How can we associate the server with this license without reinstalling? the instructions on the cloudron website only talk about:

wget https://cloudron.io/cloudron-setup
chmod +x ./cloudron-setup
./cloudron-setup --setup-token ****************

btw, I asked the same question to support@cloudron.io and didn't even get a confirmation mail back. is there something broken in the support system?

the collabora app mentioned here doesn't seem to exist: https://docs.cloudron.io/store/com.collaboraoffice.coudronapp.html

is this just a broken link? I can't find it in the appstore itself as well..