cloudron cli 7.1.0 / instance 9.1.3 login

@james said:

We had to make this switch to also support passkeys and other future webauthn validations.

cool
understood

Thanks -@James and @girish
I held off manual creation of ~/.cloudron.json so as to test 7.1.1

% sudo npm install -g cloudron
Password:

changed 60 packages in 3s

17 packages are looking for funding
  run `npm fund` for details
% cloudron -V
7.1.1
% rm ~/.cloudron.json 
% cloudron login
Cloudron Domain (e.g. my.example.com): my.example.uk
Press ENTER to authenticate using the browser...

Browser (Safari) says :

Safari Can’t Open the Page

Safari can’t open the page “http://localhost:1312/callback?code=TG_GsgNBsyfaY66pc4HsIj7135uFiuY7xvNM896Qwwl&state=24225191912c03d1feae234a7335894e&iss=https%3A%2F%2Fmy.example.uk%2Fopenid”. The error is: “Navigation failed because the request was for an HTTP URL with HTTPS-Only enabled” (WebKitErrorDomain:305)

specifically : Navigation failed because the request was for an HTTP URL with HTTPS-Only enabled” (WebKitErrorDomain:305)

I don't see anything else in browser dev view console or network.

Laptop terminal times out with this :

file:///Users/username/.nvm/versions/node/v25.2.1/lib/node_modules/cloudron/src/helper.js:157
            reject(new Error('Login timed out after 2 minutes'));
                   ^

Error: Login timed out after 2 minutes
    at Timeout._onTimeout (file:///Users/username/.nvm/versions/node/v25.2.1/lib/node_modules/cloudron/src/helper.js:157:20)
    at listOnTimeout (node:internal/timers:605:17)
    at process.processTimers (node:internal/timers:541:7)

Node.js v25.2.1

Would it not be easier to support use of a token for cloudron login ?

% cloudron login --token ffb1bc87d9ef8127f41aae7a7f950xxxxxxxxxxxxxxxxxxxxx --server my.example.uk
Cloudron Domain (e.g. my.example.com): my.example.uk
Opening browser for authentication...

Browser involvement seems bit retrograde to me ...

I am using a CHANGELOG.md
But it needs content in style of :

[1.1.4]
* registry update on instance

Weird.
I upgraded my CLI installation to 7.1.0.
Cannot login from laptop terminal to my.example.com
Constantly throws me to browser localhost address which fails with a message .

Safari can’t open the page
“http://localhost:1312/callback?code=IkBfP7hAchXf7CuoLvZsd1SVOiAAVm7b17j1pY35no0&state=4aa18a1e97cac91cc1391b53a03d4f95&iss=https%3A%2F%2Fmy.example.uk%2Fopenid”.

some HTTP vs HTTPS issue

• on 9.1.3
• Switched the docker registry in my Cloudron dashboard
• Changed my cloudron instance user password (general rotation)
• uninstalled CLI
• deleted ~/.cloudron.json
• reinstalled CLI

I'm losing the plot.
Is this related to login change (see below) ?
Or to my Safari installation (other problems faced) ?

% cloudron login --help
Usage: cloudron login [options] [cloudron]

Login to cloudron

Options:
  -u, --username <username>  Username [will be removed after Cloudron 9.1]
  -p, --password <password>  Password [will be removed after Cloudron 9.1]
  -h, --help                 display help for command

@ekevu123 congratulations and thank you for doing this.
Will look further into it when back to a desk(top).

Stubborn dog-with-a-bone that I am, I did more research, and hopefully this can put to bed my diversion of the thread (sorry), and maybe help others with a similar use case / workflow objective to mine :

• Forgejo (official Cloudron AppStore) provides standard git source code functionality AND it has a built-in container registry functionality
• so no need to consider changes to the official docker registry app for public pulls
• forgejo supports private and public repos (which git.cloudron.io does not)
• forgejo supports public image pulls (like hub.docker.com) but also multiple private containers (hub.docker.com only allows 1)
• I can uninstall docker registry app and gitea/gitlab apps, multiple used for segregating cloudron community work from closed app dev, using Forgejo organization instead.

So the answer for my bandwidth-limited brain of 1 app for (almost) everything seems to be Forgejo (available today, no dev work).

However, @girish made valuable comment that hosting container images is a disk/network usage risk. Even for a small dev footprint like mine, this could be critical (let alone Cloudron scale).

I need to think & test out, but maybe Forgejo actions can automate container push to hub.docker.com, and do automated cleanup in the instance. So from dev point of view it's a single answer (Forgejo) with CI/CD offloading disk/network risks to hub.docker.com (or whatever).

@girish you're right.
I'll have to rethink strategy.
I was focussed on simplicity, single git platform and single image registry.
But I guess it's gonna have to be separate streams :

• A: community apps : git A plus Dockerhub
• B: other dev : git B plus private image registry
  Apologies if my ambitions for combining have confused the picture/discussion.

@girish does sharing creds / creating users gives full registry access ? Or a user (virtual or real) can be limited to certain repos?

—-
EDIT : the support for Community Apps is awesome.
Thank you again for doing this “non-priority” enhancement.
Totally ok with CloudronVersions.json living in source repo such as git.cloudron.io

But plan seems to break down without easy public docker image (2 registries is good for segregating but cumbersome in practice)

You already got it, but often proxyAuth is the simplest.

Through my CCAI --> CCAI-P --> CAG journey, I've used Docker Hub for public pulls, and my private registry for dev and non-community projects.

Maybe my bad, but I desperately hoped that Community apps would allow me one registry for minimum workflow / publish discrepancies. But seems not possible.

Not without dev work.

[made with cloudron custom mermaid app]

There's a conundrum rattling in my head.

• cloudron build prompts for a registry.
  so supplied a Cloudron-hosted registry
  and all works fine : builds, pushes, shown in registry list
• cloudron versions add does its work
• but cloudron-hosted registries do not support public pulls

So test of installing community app fails.

• am I doing something wrong ?
• or effectively cloudron versions does not support cloudron-hosted registries ?
• if so, this should be surfaced in docs
• if so, is it time to consider support for public pulls in cloudron-hosted registry package ?

Docs should also be clear that community app repo link should be open (publicly accessible), if it does not already do so.

@girish
Ah, looking at output of 'cloudron versions add' in CloudronVersions.json, I see !

There is background processing/expectations, pulling only the changlog content for that version.

Neat ! But opaque pending docs clarification.

Still not sure how it will work in practice with long changelog entries, but good discipline and neat handling.

@James

% cloudron versions add
Error: Bad changelog format or missing changelog for this version

'CHANGELOG' is present :

* 1.0.0
- Initial release

But I don't see any mention in cloudron docs what format is expected.

Maybe error is because this test community app has a CloudronManifest.json entry of :

"changelog": "file://CHANGELOG",

Does 'cloudron versions add' not recognise/support this way of doing it ?

---

EDIT : I changed CloudronManifest.json to read :

  "changelog": "v1.0.0 - Initial release",

Then 'cloudron versions add' worked

Not suggesting anything needs fixing as such. But potential mismatch of usage. Simple text string is easier - but it won't be practical for complex changelog descriptions.

And this cheat works :

 "changelog": "see CHANGELOG",

Not sure I should be cheating, but ...

'cloudron versions add' seems to handle 'file://POSTINSTALL.md' but not 'file://CHANGELOG'

Being creative, I tried this, thinking POSTINSTALL.md worked with file name extension.

"changelog": "file://CHANGELOG.md",

But it does not.
Seems like 'cloudron versions' treats the entries differently.

@james said:

If you find something unclear of lacking in the documentation ...

Just getting my head around the workflow, and I like to "spell things out" :

---

• build the Community App (previously known as a Custom App)
  (my 'old fashioned' approach : docker build, docker push, cloudron install, probably keep doing that because my build script does it, don't fix what ain't broke)

---

• make a CloudronVersions.json file
  
  same folder as project dev folder (Dockerfile, start.sh, CloudronManifest.json, README.md, POSTINSTALL.md etc.)
  • cloudron versions init
  • cloudron versions add
  • maybe add to my build script

---

• why "CloudronVersions" in the plural ?
  
  I guess Cloudron thinking is that a Community App might have v1.0.0, v1.0.1, v2.0.0
  Very complete approach, lovely
  but with cloudron versions revoke I wonder if this will ever be in true in practice (I would likely revoke every old version).

---

• upload CloudronVersions.json to static hosting
  gotcha
  but if I have 10 Custom oops Community Apps, what is Cloudron team envisioning :

  • that I will have 10 Surfer apps (app1.tim.uk, app2.tim.uk, etc) ?

  • Or 1 sectioned Surfer app (communityapps.tim.uk) ?

  • Or no Surfer apps and just stick CloudronVersions.json in the relevant git repo (urls to files from git are not always clear) ?

  • I guess you probably don't care, but I'm intrigued what your expectations are

---

Cloudron CLI help typo ?

% cloudron versions --help 
Usage: cloudron-versions [options] [command]

Hyphenated ?

---

@james

Spread the word

Post about new packages in the App Packaging & Development category of the forum.

Personally I think that category should remain more technical, devs needing assistance / having questions.

You published a different category : https://forum.cloudron.io/category/220/community-apps

I think that is where the word should be spread.

Just my 2p.

So, feeling stupid (more than normal) for starting with ZNC (Zeronet Conservancy), ZNX (ZeronetX) is now packaged.

Ignoring the vagaries of P2P and Tor, this does seem to be viable.

Git repo : https://git.cloudron.io/timconsidine/cloudron-zeronet (same) has been refactored into 2 folders, ZNC just in case someone feels they want to take it over / use as a base, and ZNX.

Docker image: tcmbp132021/cloudron-zeronet:v3.0.0

ZNX actually allows an ID to be created and ZNX-leaning sites seem to be alive.

I absolutely see the value of Zeronet for different uses, including hiding in plain sight (for legitimate reasons), and it seems usable enough. Old/abandoned/un-peered sites can be ignored. Set up active sites.

Haven't yet found a site to promote relocation of No.10 / Millbank PHQ to central Tehran, but I will keep looking.

I've come to the conclusion that, (my bad) out of ignorance of the history and status of Zeronet, packaging 'Zeronet Conservancy' was a huge mistake. I thought 'Conservancy' was a good concept. Seems it should have been called "preserve in aspic and never update it". Too much old history, broken/dead sites, embedded dependencies on defunct ZeroID (unless you're an old timer lucky to have one). So I am abandoning it, but work to date will be preserved in a separate folder in the git repo.

Instead, I will have a time-limited bash at packaging ZeroNetX ZNX.

Zeronet is a great concept, but it needs to work viably and realistically in 2026 and onwards.

@luckow well seems to me it is docker hub access issue, not an app issue.
My ping was via cloudflare and IPV4
Yours seem ipv6 and direct.
No idea why either difference would be a blocker.

I’ll try some diagnosis

What are the Four of Us Still Doing Here on Zeronet?

I am visiting a dead network every couple of weeks just to see if anyone is still using it and post a couple of posts to ZeroTalk Tech and The All-Night Bookstore and Cafe. Despite the fact that ZeroNet still works beautifully and governments around the world are cracking down on free speech with new "child protection" laws that don't protect children in any way, no one is using ZeroNet. Zite owners can't protect their zites from spam or even keep them up consistently, even when spam is not a factor. We are told ZeroNet is insecure. And no developer is willing to fix these problems. I know of no other decentralized network that I can actually put a website on it and have it perform half as well as ZeroNet, so I really have no better option right now than the Web.

I am currently running a small social media site on the Web, and I recently had to announce that I would be blocking several US states due to their new child safety laws. I am afraid the situation will only be getting worse from here on, but there is no network to move to. None! The future looks bleak for free speech, social media, and peer-to-peer networks. How did we allow ourselves to get here?