Caprover... mysterious fails - Cloudron just works!

Caprover is a big name in the self-hosting domain, but I personally do not recommend it for 3 reasons:

1. It does not work well with Cloudflare which is an important tool for managing DNS and security.
2. It does not have a good community forum. I tried its slack forum, but the experience is not good.
3. Its documentation is okay but not detailed and comprehensive as Cloudron's documentation.

I also tried Yunohost today, but it doesn't even allow saving backups to S3 storage. You can only save backups on the same server as your app. Putting all eggs in the same busket is simply not a smart idea. Also, it does not specify how to upgrade apps. If you cannot safely upgrade apps, your self-hosting business (or hobby) is not sustainable.

So far as I discovered, Cloudron has the best backup approach, the best upgrade approach, the best forum, and the best documentation. I just started using Cloudron this week. The speed at which Cloudron staff replies to emails and forum posts is mind blowing. And they iterate their product based on feedback at lightening speed.

For folks who need to self host this app, I created a comprehensive tutorial.

Create a fresh server, update and upgrade the system, install docker and docker compose with this one command.

sudo apt-get update -y &&
sudo apt-get upgrade -y &&
sudo apt-get install -y apt-transport-https ca-certificates curl software-properties-common gnupg lsb-release &&
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null &&
sudo apt-get update -y &&
sudo apt-get install -y docker-ce &&
sudo usermod -aG docker $USER &&
sudo curl -L https://github.com/docker/compose/releases/download/v2.26.1/docker-compose-`uname -s-uname -m` -o /usr/local/bin/docker-compose &&
sudo chmod +x /usr/local/bin/docker-compose && \

Clone the Repo

git clone https://github.com/langgenius/dify.git

Customize the .env file

cd dify/docker
cp .env.example .env

I only customized the following variables.
APP_WEB_URL=your_domain_name
NGINX_HTTPS_ENABLED=true
NGINX_SSL_CERT_FILENAME=cert.pem
NGINX_SSL_CERT_KEY_FILENAME=key.pem

Ctrl S to save, Ctrl X to exit the nano editor.
cd -

Create SSL Certificate

Create ssl certificate at Cloudflare (open SSL/TSL tab and open Original Server)

nano dify/docker/nginx/ssl/cert.pem
Copy and paste the Cloudflare certificate, then Ctrl S, Ctrl X

nano dify/docker/nginx/ssl/key.pem
Copy and paste the Cloudflare SSL key, then Ctrl S, Ctrl X

Deploy

cd dify/docker
docker compose up -d

Upgrade

cd dify/docker
docker compose down
git pull origin main
docker compose pull
docker compose up -d

Setting Up Automated Backups for Dify Using Restic and Cloudflare R2

Step 1: Install Restic

1. Connect to your server via SSH.
2. Update your package list and install Restic:

   sudo apt update
   sudo apt install restic
   

Step 2: Prepare Your Cloudflare R2 Bucket

1. Create a new R2 bucket in your Cloudflare account if you haven't already.
2. Note down the following information from your Cloudflare R2 setup:
   • Bucket name
   • Access Key ID
   • Secret Access Key
   • R2 Endpoint URL

Step 3: Create the Backup Script

1. Create a new directory for the Restic script:

   mkdir -p /root/restic
   

2. Create and open the backup script using nano:

   nano /root/restic/backup.sh
   

3. Copy and paste the following content into the file:

   #!/bin/bash
   
   # Set environment variables for Restic
   export RESTIC_REPOSITORY="s3:YOUR_R2_ENDPOINT_URL/YOUR_BUCKET_NAME"
   export AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY_ID"
   export AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY"
   
   # Set the backup source
   BACKUP_SOURCE="/root/dify/docker/volumes"
   
   # Perform the backup
   restic backup $BACKUP_SOURCE
   
   # Prune old snapshots (keep last 7 daily, last 4 weekly, and last 12 monthly backups)
   restic forget --keep-daily 7 --keep-weekly 4 --keep-monthly 12 --prune
   
   # Check the repository for errors
   restic check
   

4. Replace the following placeholders with your actual Cloudflare R2 information:

   • YOUR_R2_ENDPOINT_URL: Your Cloudflare R2 endpoint URL
   • YOUR_BUCKET_NAME: Your R2 bucket name
   • YOUR_ACCESS_KEY_ID: Your R2 Access Key ID
   • YOUR_SECRET_ACCESS_KEY: Your R2 Secret Access Key

5. Save the file and exit nano:

   • Press Ctrl + X
   • When prompted to save, press Y
   • Press Enter to confirm the file name

6. Make the script executable:

   chmod +x /root/restic/backup.sh
   

7. Secure the script (as it contains sensitive information):

   chmod 700 /root/restic/backup.sh
   

Step 4: Initialize the Restic Repository

1. Set the environment variables (replace with your actual R2 information):

   export RESTIC_REPOSITORY="s3:YOUR_R2_ENDPOINT_URL/YOUR_BUCKET_NAME"
   export AWS_ACCESS_KEY_ID="YOUR_ACCESS_KEY_ID"
   export AWS_SECRET_ACCESS_KEY="YOUR_SECRET_ACCESS_KEY"
   

2. Initialize the Restic repository:

   restic init
   

Step 5: Set Up Daily Backups

1. Open the crontab file:

   crontab -e
   

2. If prompted to select an editor, choose nano by entering the corresponding number.

3. Add the following line at the end of the file to run the backup daily at 3 AM:

   0 3 * * * /root/restic/backup.sh > /root/restic/backup.log 2>&1
   

4. Save the file and exit nano:

   • Press Ctrl + X
   • When prompted to save, press Y
   • Press Enter to confirm

Verifying the Setup

To ensure everything is set up correctly:

1. Run the backup script manually:

   /root/restic/backup.sh
   

2. Check the Restic repository for snapshots:

   restic snapshots
   

Restoring from a Backup

To restore your data:

1. List available snapshots:

   restic snapshots
   

2. Restore the latest snapshot:

   restic restore latest --target /path/to/restore
   

   Replace /path/to/restore with the directory where you want to restore the data.

Done.

I just watched a Youtube tutorial on Pocketbase.

This is awesome. Thank you!

@marcusquinn bitnami images are hard to upgrade. For instance, their Moodle image. You are basically stuck with the first version installed. Bitnami does not support "pull latest image"

@umnz with the community self-hosted version, you can't modify their branding ("powered by dify" and logo) unless you obtain a license from them. If you just use dify as backend, you don't need to purchase license.

Here is a summary of what I would need to learn if not using Cloudron.
I think it is also a good way to introduce Cloudron to the version of myself 3 months ago. At that time, I was completely a non-techie person who just got into the field of self hosting.

Simplify Your Self-Hosting Journey with Cloudron

Cloudron is a tool to help you self-host apps so you don't have to learn all of these:

1. Web Traffic Directors (like Caddy or Nginx)

   • What they do: Guide visitors to the right place on your website
   • Why it's tricky: Requires understanding web protocols and server configuration

2. App Containers (like Docker)

   • What they do: Package apps so they play nice with your system
   • Why it's tricky: Involves learning container concepts and command-line tools

3. Code Keepers (like Git)

   • What they do: Keep track of changes in your app's code
   • Why it's tricky: Requires understanding version control concepts

4. Backup Buddies (like Restic)

   • What they do: Save copies of your stuff in case something goes wrong
   • Why it's tricky: Needs knowledge of backup strategies and command-line use

5. System Watchers (like Prometheus or Grafana)

   • What they do: Keep an eye on your system's health
   • Why it's tricky: Involves setting up and configuring monitoring tools

6. Setup Helpers (like Ansible)

   • What they do: Automate setting up and changing your system
   • Why it's tricky: Requires learning a new language for writing automation scripts

7. Update Assistants (like GitLab CI/CD or Jenkins)

   • What they do: Automatically update your apps when there are changes
   • Why it's tricky: Involves understanding continuous integration concepts

8. Digital Bouncers (like Fail2ban)

   • What they do: Keep the bad guys out of your system
   • Why it's tricky: Requires knowledge of security concepts and log analysis

9. Data Managers (like pgAdmin)

   • What they do: Help you organize and manage your app's data
   • Why it's tricky: Needs understanding of databases and SQL

10. Internet Safety Guards (like Certbot)

    • What they do: Keep your connection to the internet secure
    • Why it's tricky: Involves understanding SSL/TLS certificates and renewal processes

11. System Updaters (like Unattended Upgrades)

    • What they do: Keep your system safe by installing the latest security updates
    • Why it's tricky: Requires knowledge of package management and update strategies

With Cloudron, you get all of these features in one easy-to-use package. No need to become an expert in a dozen different tools - just point, click, and get your apps up and running securely. Perfect for beginners who want to self-host without the headache!

For those of you who wish to deploy FlowiseAI, here are 3 cost-effective approaches I have tested:

Approach 1: Huggingface

Just follow this tutorial: link text
Huggingface is much cheaper than render, railway and replit.
It is free to deploy the app on Huggingface. You get 2 vCPU and 16GB for free!!
But you need to pay for the persistant storage ($5 per month for 20GB).
Note: This approach does not have backup and restore feature.

Approach 2: Easypanel

Flowise is available on Easypanel as a one-click app.
The free version of Easypanel does not have backup and restore feature.
But I figured a workarrount (see the end).

Approach 3: Coolify

Flowise is not available as a one-click app on Coolify, but you can install it with Dockerfile.
It is very similar to deploying on Huggingface: link text
Step1: Copy the Dockerfile (from the link above) to Coolify.
Step2: Add Environment Variables. I compiled a list of environment variables, so you can just copy and edit it based on your use cases.

FLOWISE_USERNAME=
FLOWISE_PASSWORD=
CORS_ORIGINS=
IFRAME_ORIGINS=

LANGCHAIN_TRACING_V2=true
LANGCHAIN_ENDPOINT=
LANGCHAIN_API_KEY=
LANGCHAIN_PROJECT=

TOOL_FUNCTION_BUILTIN_DEP=*
TOOL_FUNCTION_EXTERNAL_DEP=axios,moment

STORAGE_TYPE=s3
S3_STORAGE_BUCKET_NAME=
S3_STORAGE_ACCESS_KEY_ID=
S3_STORAGE_SECRET_ACCESS_KEY=
S3_STORAGE_REGION=

OVERRIDE_DATABASE=false

NUMBER_OF_PROXIES=1
FLOWISE_SECRETKEY_OVERWRITE=

DATABASE_PATH=/app/storage
APIKEY_PATH=/app/storage
LOG_PATH=/app/storage
SECRETKEY_PATH=/app/storage
BLOB_STORAGE_PATH=/app/storage

Step3: Set the Persistent Storage (destination path) as /app/storage
Step4: Enable health checks

FlowiseAI uses SQlite as its database by default, but Coolify currently does not have backup method for SQLite.

Backup and restore workarround for Coolify and Easypanel

Step1: Install a SFTP tool (cyberduck or filezilla) on your PC.
Step2: Use SFTP to log into your server.
Step3: Create a folder under the root folder, and name it as flowise.
Step4: Go to your Coolify or Easypanel dashboard, and create a bind mount (do not use volume mount).
Step5: Create a folder (named flowise) on your local PC.
Step6: Use cyberduck or filezilla to sync the bind mount database (.sqlite file) to your local folder.
Step7: If you want to backup to S3 compatible storage, use Cyberduck to connect to your bucket.

Here is a spreadsheet (comparing infrastructure providers) I found on Reddit.
link text

IMO (my current and near future infrastructure decision):

• Best VPS Provider: Hetzner Cloud (Shared & Dedicated)
• Best Bare Metal Provider: Hetzner Dedicated (Server Auction > Root Server)
• Best DNS Provider: Cloudflare (and Porkbun)
• Best CDN Provider: Cloudflare (and Bunny)
• Best PaaS Provider: Cloudron (and Coolify)
• Best S3 Compatible Storage Provider: Backblaze B2 (and Cloudflare R2, iDrive E2)
• Best non-S3 Storage Provider: Hetzner Storage Box

Thank you all for sharing. I also read some comments on Reddit. Nobody likes Contabo.
To be fair, Contabo should probably add "No" to their marketing claims, like "No Germany Quality, Always".

This is very easy to solve! You don't need any S3 storage just to serve images. That's like using nuke to bomb an ant. Here is the solution:

Step1: Create a repository on your github account.
Step2: Upload an image (e.g. bot avatar) to your repository.
Step3: Copy the link of your image, then paste to jsdelivr (select "convert from Github").

Step4: Copy the JSdelivr link to your Typebot.

Now, you have a world-class CDN provider serving your image FOR FREE!!!
This link is permanent unless you purge it!

How to use Open WebUI with Searxng instance?

https://docs.openwebui.com/tutorial/web_search

Is it possible to connect Open WebUI and Searxng on Cloudron?

Shoud I just add these env variables to the env.sh file via file manager?

  ENABLE_RAG_WEB_SEARCH: True
  RAG_WEB_SEARCH_ENGINE: "searxng"
  RAG_WEB_SEARCH_RESULT_COUNT: 3
  RAG_WEB_SEARCH_CONCURRENT_REQUESTS: 10
  SEARXNG_QUERY_URL: "http://searxng:8080/search?q=<query>"

And I tried to change the favicon of open webui, but it did not work.

I added STATIC_DIR=/app/data/images
And I replaced the default favicon with my logo.
But after restarting the app, the default favicon came back, and my logo disappeared.

Based on what Joseph said, you can try specify the SEARXNG_QUERY_URL=http://searxng/search?q=<query>
https://forum.cloudron.io/topic/12117/web-search-with-searxng/2?_=1722501184516

So, it should be without :8080. I think it is because Cloudron is using Nginex to route traffic from the Main Gate 443 to each docker container.

So, should look like this:

Export ENABLE_RAG_WEB_SEARCH: True
Export RAG_WEB_SEARCH_ENGINE: "searxng"
Export RAG_WEB_SEARCH_RESULT_COUNT: 3
Export RAG_WEB_SEARCH_CONCURRENT_REQUESTS: 10
Export SEARXNG_QUERY_URL: "http://searxng/search?q=<query>"

You can add these to your env.sh file. And add the Searxng folder and config file in the same directory of env.sh

Then restart your apps.

I really hope FlowiseAI will available on Cloudron, as Cloudron is by far the best PaaS I have tried.
And there are other AI-related apps that could add to Cloudron. For example, vector store for building RAG apps.
Here is a list of them with detailed comparison:

PGvector is supported by Supabase which is another great open-source app.

There is a error in the doc in the Email section. The user name should be full email address. The email id (content before @) does not work.

POP3
Use the following settings to receive email via POP3:

Server Name - Use the mail server location of your Cloudron (default: my subdomain of the primary domain)
Port - 995
Connection Security - TLS
Username/password - Use the email id as the username and the Cloudron account password
POP3 access is disabled by default and must be enabled per-mailbox.

Just tried out Caddy today! It is extremely easy!!!

I deployed Flowise with only two lines of caddyfile code.

flowise.riverhill.ai {
    # Use Cloudflare SSL certificates
    tls /etc/caddy/certs/cert.pem /etc/caddy/certs/key.pem

    # Reverse proxy to Flowise
    reverse_proxy localhost:3000
}

This really opened a whole new world for me!
I also tried Traefik, but I had to ask ChatGPT to add labels for me.
I don't really understand how those lables work...

This is a great tutorial. Worth checking out.

@joseph

I found the root cause already. There is a script in the config.py file that downloads the logo and favicon from openwebui.com to override the png files in the static folder.

I need to edit config.py and /src/app.html in order to use custom site name, logo and favicon. I uploaded the png files to jsdelivr and changed the code of my local instance.

So on cloudron, you might need to put these 2 files in the /app/data folder so that users can customize the png URLs and site name.

@girish oh I throught It means the content before @.

The Email Client Configuration part uses different terminology.

• IMAP: email id
• SMTP: full email
• Sieve: full email
• POP3: email id

I saw Appflowy on github and tried it for a bit. The UI is very beautiful.
Just wondering if notion has a good data security?
I have all my doc stored on notion right now.
If it is not secure, I will switch to self-hosting note-taking app.

I built a Moodle education website, but its SEO is very limited.

Now I need to build a blogging website to attract traffic to my Moodle website.

I know Wordpress might be the most popular one, but I also heard it has serious security issues (easy to be hacked?).

So I am looking for alternatives to Wordpress.

• It must have really good SEO.
• It must be very secure (at least more secure than Wordpress)
• It must support markdown.
• It must allow my users to sign up with emails or google oauth.
• It would be better if it has stripe integration.
• It would be nice if I do not need to install many plugins.

With these prerequisites considered, is Ghost my best option?

I am trying to redirect www to non-www domain but cannot get it to work.

I am using Cloudflare. Did I do something wrong here?