How to proctect instances from Bot, Crawlers, Requests, & Co?

Interesting questions. I shall be watching hing for answers - wished I had them.

@firmansi yes, it’s in “in production” for me.
Have not used everything because there’s so much that can be done. Currently for me it is :

• one of my Telegram bot handlers, providing some basic tasks
• handing invoice downloading from a couple of suppliers who require login and fetch
  Planning to extend its functionality.

Only “issue” is that Searx is too slow for it so I use Brave API for search - cost is pennies.

@firmansi for my app I need to build new image, announce it here, then your Cloudron should pick it up available but often quicker to press Check Update in the app dashboard.

On a train now, will see if anything recent, if not just go to app dashboard, Updates, Check Updates.

What an excellent project !

@subven I defer to you. I recall some other posts that all it did was toggle visibility, not actually control access. It’s a bad field name. But I haven’t tested (on the road) and it may have changed, or I might just be plain and simple wrong.

Can you not just use “access control” to hide the app in the user’s dashboard and use the link you mentioned ?

Mermaid

Detail	Link / Info
Wishlist topic	Mermaid
Author	@timconsidine
Repository	Repository
Install	CloudronVersions.json

If you have questions or issues about this community app, please open a separate topic in the @community-apps category and link to this reply.

I would love to be able to something like :

cloudron access --app app.domain.tld --users user1, user2
-OR-
cloudron access --app app.domain.tld --group group1

I didn't see that this is currently supported.
I didn't see another forum topic about this but maybe search let me down.

AI told me to do some complicated 'curl' command, but to my mind, the CLI should do it.

Is there a way ?

@robi not possible at the moment. You could maybe grab and send when I am back.

@nostrdev thank you for getting this done. Appreciate the time applied. Will test it out shortly.

@LoudLemur thank you, will do, always safe secluded handover points, 1000kms from hunter drones, and my van & trailer is not a high value target for Ivan’s AWACS. There again, Ivan’s aim is awful, so I guess it’s possible he could get close while aiming at something else.
Mission #37 - 75 tonnes total, no incidents.

I'm not very comfortable that the answer to the problem is to use a proprietary service Cloudflare. Too much of the internet is dependent on it.Maybe technically effective, but just got bad vibes about this.

@robi I have another Ukraine mission, so going to be mostly offline for a week.

Can look at it on return.

@robi : I kinda lost interest in picoclaw, felt more comfortable with nanobot.

I have another Ukraine mission, so going to be mostly offline for a week.

Can look at it on return.

@foliovision said:

If somebody at Cloudron has some better ideas on how to share contacts in a SMB please let the world know.

did you look at the contacts app here ?
or explore Baikal CardDav ?
I have not yet - I don't generally use contacts app.

@jorrg you have not set a value for medialinks ! Or one that is accessible. In CloudronManufest,json.

CloudronVersions.json needs to be publicly accessible also the Docker image

Pushed 1.1.2 with some privacy choices

See https://forum.cloudron.io/post/122190

In https://forum.cloudron.io/post/118908 @girish rightly questioned how private bundling stock Excalidraw is, and as a result whether it is not just easier to use the hosted version.

But I like Excalidraw ! And I want it on my Cloudron ! And I want it to be as private as possible (completely private maybe not possible).

And I liked @chmod777 suggestion in https://forum.cloudron.io/post/120436.

So I have made package changes and pushed 1.1.2.
There is now a file /app/data/user/json where you can set 2 options.
{"privacyBundle":true,"useCSP":true}

• the first removes some stuff from the image (actually technically, builds a stock repo bundle, and a bundle with stuff removed)
• the second injects headers in your browser to stop the browser calling certain remote sites.

Restart container after editing, of course.

There is then also a new script in container /app/code/verify-runtime.sh which outputs diagnosis, with a summary at the end :

== summary ==
settings: privacyBundle=true, useCSP=true
servedIndex: /app/data/www/index.html
bundleMatch: privacy
cspMeta: YES
cspConnectSrc: 'self' blob:
privacyEndpoints: YES
externalStringsInBundle: firebasestorage.googleapis.com, libraries.excalidraw.com, scripts.simpleanalyticscdn.com, excalidraw.nyc3.cdn.digitaloceanspaces.com
externalStringsMeaning: present in static files, not proof of requests

Is it private? I think so, as much as it can be. The glaring violations have been dealt with. If you're in paranoia mode, use browser Dev Tools to check network activity.

So, now, it's def worth having this modified Excalidraw on Cloudron

---

EDIT : surprisingly having 2 app versions in the same app does not increase dockermimage size much. I guess because of sharing of layers. But nonetheless

@cloudron_jf this is going to sound silly but I have had issues with Scaleway relating to time of day.
Backups fail at “busy times” but go through at quiet times.
I hesitated to raise this but as your other steps haven’t produced a solution, I thought maybe now I should throw it in the mix.
My primary backups are to Hetzner but I still use Scaleway backups for some things.

@charlesnw

you should invite some friends !