Kirby - Content management system

@jayonrails If you haven't already, I suggest trying to install Kirby on a basic LAMP container in Cloudron. It is a file-based CMS so you need very little expertise to get it running, just a spot to paste their files. It's perhaps the easiest CMS I've ever used from an installation standpoint. I'm not sure the immutable nature of a Cloudron app is very compatible with this kind of CMS (Update: I forgot Grav is in the repo, which is file-based as well, so maybe I'm wrong here). You may actually prefer the simplicity of a LAMP install. Just my $0.02. Good luck!

@necrevistonnezr said in Why not make Cloudron fully open source again?:

Or they pull a Hashicorp.

Yeah. I guess this led to the OpenTofu (aka OpenTF) fork that is now under the stewardship of the Linux Foundation.

Directus made a similar move over to a BSL license a few months ago. I was really sympathetic to BSL licensing in principle, but soured when in the specific case of Directus the product went from open source to any business that makes more than $5M in revenue must now pay them $500~$700/mo. to self host Directus. They don't actually publish that information. I've got clients operating very low-margin businesses who would find themselves in serious trouble. I don't imagine most people installing Directus on Cloudron understand what licensing cliff they're eventually going to walk off of.

Still, I'll take an open source product that could go this direction any day over a proprietary commercial product that can make such arbitrary changes without accountability or recourse.

@marcusquinn I'm happy to.

• Nextcloud (managed hosting)
• WordPress (managed hosting, paid features)
• Krita (user donations, corporate sponsors)
• Blender (user donations, corporate sponsors)
• Godot (user donations, corporate sponsors)
• Red Hat (support services, curated builds)
• Gitlab (managed hosting)
• Strapi (paid features)
• 11ty (user donations, corporate sponsors)
• Astro (user donations, corporate sponsors)
• Dokku (user donations, paid features)
• LibreOffce (user donations, corporate sponsors)
• Plausible Analytics (managed hosting)
• Kaleidos/Taiga (managed hosting)

These are a few that come to mind. None are a one-for-one match to Cloudron, but to my knowledge they're all profitable companies/projects. I'm sure in the 100+ posts above this has been said, but just from the examples that come to mind one could monetize an openly licensed Cloudron with:

• Managed Hosting - A hosted Cloudron option was once available. A lot of these open source projects generate revenues that way. You're selling an additional level of convenience and security that is appealing to a lot of people.
• Paid Features - This could be a centralized Cloudron dashboard for managing multiple installs, commissioned sales of commercial software, backup hosting, domain management for in-home installs with non-static IP addresses, etc. The biggest opportunity would be to charge for access to those apps tested and hosted by Cloudron, which is a huge value and a reasonable service to charge for.
• Services - Businesses are highly motivated to keep things running, so anything from managed migrations to on-call support are something they'll pay for.
• Sponsorships - I regularly tell people Cloudron is the easiest way to host Nextcloud. There is a sponsorship opportunity from the application side. Cloudron is vastly superior to many NAS applications, and I could see hardware partnerships as another source of revenue. Cloud hosting providers would likewise benefit from builds tested and easily deployed on their infrastructure
• User Donations - This is the most obvious, but there are people who pay for free things. Where Cloudron is providing a service people rely upon to do a lot, a well communicated message that donations keep the Cloudron team able to roll out updates, add new features, and fix bugs can work.

I'm sure others have better ideas, and a couple of may have been attempted in a limited fashion, but I could see a combination of these closing the gap on the modest $15/mo/server rate being charged now.

I'll add a counter-argument to my own argument regarding VC-backing as a sign of commercial viability. Venture capital, in software especially, isn't always motivated by earnings in the way that a normal business would have to be. As I understanding it (I'm no venture capitalist), these folks don't generally recoup their investments through dividends on earnings but by selling their ownership shares to a bank or larger private equity fund or through an IPO. So they'll often run these companies at a loss for years to try to grow the user base as much as they can to get that big cash out at the end. That's not really compatible with a business operating by its own earnings.

Still, not all open-source software companies are VC-backed. Not all of them that are VC-backed are cash negative. The underlying point remains, that open-source grows adoption. Scaling at practically no cost is what makes software such a unique product to sell, and what makes it so enticing for investment in the first place. Open source as a means to scale and ultimately monetize should be taken seriously.

@marcusquinn said in Why not make Cloudron fully open source again?:

The operative word being them. I don't see Y-Combinator as a attractive path, quite the opposite — when independent creator-owned products retain freedom to put the user first, without investor overheads, or increasing support costs for the many, at the expense of the few.

I may not have communicated clearly. I'm not suggesting Cloudron should join an accelerator or seek venture backing (their product is good enough I think they could though). I'm calling attention to the erroneous assumption I've seen frequently repeated in this thread that switching to an open source license is commercially non-viable. Venture capitalists want to earn lots of make money, period. If it was not possible to monetize open source software, they would not invest in such companies. But they do, perhaps for the reasons I have mentioned or better reasons.

The only investment Cloudron needs is community, and that has steadily grown in all the year's since I've joined.

The apps packaging by the community are almost all offered as open-source.

There doesn't seem to be a problem to solve here, more a preference for some to bend others to their will.

The problems related to proprietary licensing have been expressed repeatedly here. The primary issue is not how we paying, committed customers feel. The issue is about how the 99.9999% of potential users who are not using Cloudron feel and more importantly whether they'll even have the chance to form an opinion at all. When was the last time you told someone about Cloudron and they were already using it? When was the last time they had even heard about Cloudron? If your experience is anything like mine, you'll come away feeling that Cloudron is being utilized far less than it could be for how incredibly powerful, affordable, and easy-to-use it is. That problem is of concern to both the Cloudron team and those of use who depend upon their software. One solution may be open source licensing.

Hours contributed to code contributions will have many times the influence over opinions.

Until there's community code contributions showing that the burdens of development and maintenance are in the main offered beyond the things asked of the founders, I don't see substance being committed beyond opinion — and everyone is still free to have those opinions.

Find me a single person who would not contribute to Cloudron should it once again be freely licensed. I can point to many I know personally who will not contribute with it licensed as is. How can you blame them? At any moment we could get an announcement that Cloudron has been purchased and will no longer be source available? There's no protection against that. I like the Cloudron developers, I think their hearts are in the right place, but who says their feelings won't change and they won't lock things up or sell the code to someone else who will? A developer who doesn't take this into account hasn't been around very long.

Still, logic should be the only basis for any action by the Cloudron developers, not opinions weighted by volume of code commits. I have no reason to believe you have anything but sincere motives, but brushing aside arguments you don't value as mere opinions and belittling the people who express them as just wanting to bend wills does no service to our shared interests here. I think we can agree Cloudron is an incredible tool and we'd love the people who made it to be successful and we want all our friends to use it. Can we keep that in focus?

Open source software is abandoned all the time, but so is a lot of commercial software. Abandoned open source software can be picked up and maintained by the community, especially if the community has been involved in writing code along the way. This happens frequently. It never happens with proprietary software.

Regarding commercial viability, this isn't a guaranteed win for proprietary licensing either. Yes, restrictive licenses give creators leverage. They don't automatically give creators a user base. Good open source software spreads (that's the point!). While that doesn't necessarily give creators revenue automatically, if their user base is 1000x larger, it does give them a lot of options. Reaching people is the most expensive part of marketing; open source makes that much easier and cheaper.

There are costs to open source, obviously. Maintaining a community of contributors is a different kind of work than writing code, and it can be challenging. Some people won't pay when they don't have to. These are factors @girish and @nebulon have to take into account. But software-focused incubators like Y-Combinator continue to churn truly open source companies. I'm pretty sure it's not because they want to be nice but because the benefits outweigh the costs. They believe it will make them money.

It does seem a bit ironic for anyone using Cloudron to cast doubt on the viability of open source software, considering we only use Cloudron to run open source software. Nothing is guaranteed to work, but open source works all the time.

@girish Yeah, I'm thinking the same thing. ubuntu is a sudo user, and if the default password Vultr was using was exploited, then I'd have to be looking or processes run by anything. I'll migrate. Thanks again.

@girish Oh, good. Maybe I got lucky. I'll keep investigating. Thanks to you (and @nebulon ) for teaching me a couple new command line tricks as well.

Thanks @girish , I'm seeing:
node /app/code/haraka/bin/haraka -c /run/haraka
node /app/code/service.js

These look familiar to you?

Thanks @nebulon , it does in fact look like password authentication via SSH was left enabled. Do you know if Cloudron could be the source of those Node processes running under the ubuntu user, even after I've stopped all apps?

Hey Cloudron Team,
I just got an email this evening that VMs and bare metal machines spun up since Oct 2022 with Vultr's Ubuntu image have had a vulnerability where the ubuntu user password was not random. They're being really vague about the whole thing and claiming it was patched before anyone exploited it, but I'm very concerned. Who knows what that password was.

I appear to have followed the instructions for securing a server found here, because I'm seeing the recommended ssh port change in sshd_config, however I'm worried that I didn't properly disable password authentication over SSH. I see PasswordAuthentication no but it is at the very bottom beneth Subsystem sftp internal-sftp, not up higher in the file. I assume this means password auth was enabled, correct?

I'm trying to see if there is anything suspicious visibly consuming resources. When I run top after stopping all apps in Cloudron I am still seeing two node processes running under the ubuntu user and spamd and spamd child. Are these normal Cloudron processes?

I appreciate the help.

@nebulon I can't speak for @jdaviescoates, but I would point out just 4 benefits:

• Greater Contributions. With a source available, but proprietary license, anyone who contributes a bug fix or feature immediately loses license to their own work, or at least would have to in order for Cloudron to be able to enforce its license and copyright. Aside from the potential legal mess, this is almost certainly a deterrent to substantial outside contributions. An open source license makes Cloudron much more enticing to contribute to.
• Benefits of Broad Adoption. Those willing to do the work to run their own Cloudron instance from the source code may have been loud, but they weren't likely customers to begin with. While not paying, these potential users do offer some benefits. They're more likely to provide good bug reports, patches, and answers to community questions. Even while promoting the free use of Cloudron, they are reaching an audience you would otherwise have to pay to reach. Even if the vast majority of users were to use Cloudron for free, as I suspect the majority of Nextcloud users do, in volume it really becomes a net benefit to Cloudron.
• Long-Term Assurance. The choice to self-host one's own infrastructure can be stressful. It becomes less stressful when you know that the software your using is open source and will be viable as long as there is a community willing to keep it going. This is one reason open source users become such loud advocates. They want that thriving community to live on forever, in a way they can't necessarily ensure a company will.
• Part of a Bigger Cause. I like you @nebulon and @girish. I like what you have made, and I hope you succeed, probably more so than most companies I buy products/services from. But at the end of the day you are a company. People like companies, they support causes. It's hard for me to express how when Cloudron went from open source to proprietary it changed my feelings. I still tell people about it and have tried to make important strategic introductions. But I don't donate my time to Cloudron like I do Inkscape. I don't extol the virtues of Cloudron over all other proprietary solutions, like I do Nextcloud. Supporting a company selling a proprietary solution is just not the same as supporting a company that is part of a bigger cause. Cloudron has the potential to be part of that cause. I want it to be open source.

Addendum: This is all said with full awareness that you need and deserve to get paid. Don't listen to anyone who expects anything otherwise. For the reasons stated above, and others, I think you can still make a living and perhaps even a better living releasing software with an open source license.

Thank you @girish!

I'm sorry to hear there were hurtful conversations about selling a service built on open source software. It takes a lot of courage to release the code at the core of one's business with a permissive license. It should always be applauded. If someone doesn't want to pay, then they should exercise the rights granted by the license and do their own work implementing the code, or stop whining and just pay the fee for someone else to do it. I see those attitudes changing, but not fast enough.

I think you've built something incredible. You and @nebulon have always been incredibly generous and responsive. I know you've explored many ways to monetize this, from hosted accounts to premium apps. I want you to succeed. I hope the door isn't shut forever to opening up some of these other bits again.

Dear Cloudron Team,
One of the things that really attracted me to Cloudron was that it was open source with an AGPL license. That was awesome and it meant a few things:

1. It aligned with my values.
2. It would be an inviting place for community contributions.
3. It wouldn't disappear if the company was acquired or the founders got bored, hired away, or abducted by aliens.

These are important. I have regularly promoted the service in public and private for these reasons, and because it is just a fantastic tool that I gladly pay for. However I recently stumbled upon a comparison table on a website indicating that Cloudron was not open source. That seemed wrong, so I started looking.

What I found was a blog post (https://cloudron.io/blog/2016-08-29-opensource.html) dated 29 August 2016 announcing that Cloudron was being distributed with an AGPL license. At the top was a notice added 28 March 2018 indicating that Cloudron was no longer advertising open source, but was still being developed in the open. It did not indicate any license change. Then I found that the license had in fact changed in GitLab on 26 February 2019.

As far as I can tell, this wasn't announced via social media, email, a blog post, or anywhere. This change is disappointing and I am embarrassed for having promoted it falsely. The manner in which it appears to have been changed, without any notice to those who would be impacted, leaves me unsettled.

I know my single subscription makes little difference in your business, but I doubt I'm the only one who chose Cloudron because of all the benefits of the AGPL. I suspect it matters to those who contributed patches believing this was AGPL software. Were they made aware that their contributions were now proprietary code? I wish you all the success in the world and hate to make a fuss, but I would really appreciate if this was addressed and explained openly.

Thank you!

Exciting stuff!

I'm personally relieved that you've stepped away from user limits. Even though my plan was grandfathered in, it made it a little harder for me to recommend the platform to organizations of a certain size that would probably just remain on Google Apps.

Requiring more per month to gain access to certain apps that are more burdensome to maintain is an easy sell to consumers. It could make sense to charge for premium apps in a more a la carte fashion too. As you have it is fine as well.

On a related note, no one wants to feel like they are being taxed for being business or for being misidentified as business. I would just call it a premium plan, because no one feels bad for paying a premium to get premium service.

Just my $0.02.

@uiharu Ah, thanks!

Is it possible to have the primary domain (i.e. the domain associated with the Cloudron admin panel) changed on an account?