Cloudron won't update - No backup site for update

I was under impression I'm quite clear... I don't think the decision made by authors correct.

I'm forced to do the backup, even though there is no technical requirement for that. I'm forced to do the backup the way authors want, even though I have my remedies.

As a result, I've just found out one Cloudron instance seriously out of date with a Docker security vulnerability in it. Just because authors decided that I have to have a backup to have automatic backup - to have my systems up to date.

Not sure I follow that...

@robi like I’ve told - I do have where (few TBs served via S3).

It’s just that I do not need a backup for that.
Given that I can do update skipping the backup, an artificial limit on automatic backup is something I’m not clear about.

@joseph , thank you! It's not that I don't have space (I have a few TBs idle) - it's that I don't need it.

Local won't work - because the server has not enough space for the local. And Amazon is only cheap, unless you really start to use it

Ok... it's a pity thought...

apart from the fact that it's not needed - there is not enough space for that

but I don't need a backup for that site... any way to specify some kind of /dev/null for such a case?

ahm... there are no backup sites...

I'm still getting this error... =/

Thanks. Since missing backup blocks automatic updates, platform update get blocked as well...

Cloudron 9.1.5 - seems to have the patch in place?

@girish , thanks! Is there an estimate which version will fix that?
"Next one" is fine for me

Thank you!

Hey @james , it's not what I'm looking for - I need an already issued SSL certificate to be planted into Cloudron, automatically.

The command I've reverse-engineered and provided earlier works, so I stick with it for now. Hopefully, an official stable, documented API to appear soon.

Hey, I'm looking for API to specify a custom wildcard SSL certificate for the whole domain - something, I can currently do via dashboard only.

Cloudron currently offers per app APIs, but not for the domain.

Yeah, I know what that IP is

WAF -> nginx -> cloudron apps

So, if WAF manages the SSL, connection to nginx will fail

I did some reverse engineering - here is the bash, for anyone curious:

DOMAIN="mysuper-domain.com"
TOKEN="bla-bla" #cloudron's token
cd /var/db/acme/certs/*.${DOMAIN}_ecc

CERT=$(awk 'NF {printf "%s\\n", $0}' fullchain.cer)
KEY=$(awk 'NF {printf "%s\\n", $0}' "*.${DOMAIN}.key")

curl -X POST "https://my.${DOMAIN}/api/v1/domains/${DOMAIN}/config" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{
    \"zoneName\": \"${DOMAIN}\",
    \"provider\": \"manual\",
    \"config\": {},
    \"tlsConfig\": { \"provider\": \"fallback\" },
    \"fallbackCertificate\": { \"cert\": \"${CERT}\", \"key\": \"${KEY}\" }
  }"

verify with openssl s_client -showcerts -connect IP:443 -servername my.${DOMAIN}.net | less

I believe the API is actually there (as I can change the certificate via the Dashboard), but it's not documented? If so - could you possibly share the correct structure, please?

Cloudron currently allows to manage SSL certificates per app, but not per domain - could you please, implement that endpoint as well, please?

As Wildcard domains are now becoming a shorter period of life, manual management is quite troublesome.

or, could you just make it optional?

In my specific case I just commented out the string to let the apps running.

if (manifest.id !== 'com.adguard.home.cloudronapp') containerOptions.HostConfig.ExtraHosts.push(`${dashboardFqdn}:172.18.0.1`);

in docker.js:698 you have the code from below - I understand you are trying to work around the cases, when my.domain.com is defined via /etc/hosts to be something weird.

But why don't you push the public IP address?

In my specific case, Cloudron is behind a kind of WAF and that WAF is taking care on the SSL certificates, so any connections to 172.18.0.1 are just failing due to SSL issues (and Synapse, for example, can't start due to OIDC issue).

And a question/ask: can you change that to the Cloudron IP please? It shouldn't be difficult, as you it as a variable already.