Openid-configuration url timeout

Hi @girish
Thanks for the fix, /.well-known/openid-configuration is now working well.

However, troubleshooting tool still report some random issue (ran 4 times, worked only the first time):

# cloudron-support --troubleshoot
Vendor: netcup Product: KVM Server
Linux: 6.8.0-110-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: AMD EPYC 9645 96-Core Processor
BIOS pc-i440fx-9.2  CPU @ 2.0GHz x 10
RAM: 24602244KB
Disk: /dev/vda3       789G
[OK]	node version is correct
[OK]	IPv6 is enabled and public IPv6 address is working
[OK]	docker is running
[OK]	docker version is correct
[OK]	MySQL is running
[OK]	netplan is good
[OK]	DNS is resolving via systemd-resolved
[OK]	unbound is running
[OK]	nginx is running
[OK]	dashboard cert is valid
[FAIL]	Could not load dashboard website with loopback check

Hi @nebulon ,
Thanks for investigation, but I'm sorry i don't think it's the explanation.
On friday we were able to reproduce the behavior just by going to the "/.well-known/openid-configuration" from our browsers but also from the server itself with wget, excluding any external network issue.
Your troubleshooting report tool also report same issue with some other path, the openid path is only the best one to see the issue.
The explanation of occasional timeouts is probably because the server has not many users and many apps do not require re-login or other path that has issue.

Finally, even if heavy load is the explanation, we do not change our habits, so were does it come from ? How to avoid that ? All the server load statistics are very good, and i made some test few minutes ago the url just always timeout even locally with wget.

edit: # wget http://127.0.0.1/ is timeouting too

There are multiple restart here:

Apr 17 15:24:56 v2202511123714403001 nginx[95120]: 2026/04/17 15:24:56 [error] 95120#95120: *20887 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"
Apr 17 15:24:56 v2202511123714403001 nginx[95120]: 2026/04/17 15:24:56 [error] 95120#95120: *20887 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/cloudron/status HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/cloudron/status", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"
Apr 17 15:26:37 v2202511123714403001 nginx[97591]: 2026/04/17 15:26:37 [error] 97591#97591: *21376 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/apps?access_token=t3-AwZD9PcPP8maoMtd-M9NsXkI920wppSYuXzK6qfc", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"
Apr 17 15:26:37 v2202511123714403001 nginx[97591]: 2026/04/17 15:26:37 [error] 97591#97591: *21376 connect() failed (111: Connection refused) while connecting to upstream, client: 82.64.140.175, server: my.mydomain.fr, request: "GET /api/v1/cloudron/status HTTP/2.0", upstream: "http://127.0.0.1:3000/api/v1/cloudron/status", host: "my.mydomain.fr", referrer: "https://my.mydomain.fr/"

box.log after the command:

2026-04-17T15:11:17.390Z box: Received SIGTERM. Shutting down.
2026-04-17T15:11:17.390Z platform: uninitializing platform
2026-04-17T15:11:17.391Z platform: onDeactivated: stopping post activation services
2026-04-17T15:11:17.392Z tasks: stopAllTasks: 0 tasks are running. sending abort signal
2026-04-17T15:11:17.392Z shell: tasks: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/stoptask.sh all
2026-04-17T15:11:17.424Z database: pool closed
2026-04-17T15:11:19.425Z box: Shutdown complete
2026-04-17T15:11:20.804Z server: ==========================================
2026-04-17T15:11:20.804Z server:            Cloudron 9.1.6  
2026-04-17T15:11:20.804Z server: ==========================================
2026-04-17T15:11:20.804Z platform: initialize: start platform
2026-04-17T15:11:20.805Z tasks: stopAllTasks: 0 tasks are running. sending abort signal
2026-04-17T15:11:20.806Z shell: tasks: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/stoptask.sh all
2026-04-17T15:11:20.850Z locks: releaseAll: all locks released
2026-04-17T15:11:20.853Z reverseproxy: writeDashboardConfig: writing dashboard config for mydomain.fr
2026-04-17T15:11:20.857Z shell: reverseproxy: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/restartservice.sh nginx
2026-04-17T15:11:20.993Z oidcserver: Using existing OIDC EdDSA key
2026-04-17T15:11:20.994Z oidcserver: Using existing OIDC RS256 key
2026-04-17T15:11:20.996Z oidcserver: start: create provider for my.mydomain.fr at /openid
2026-04-17T15:11:21.013Z platform: onActivated: starting post activation services
2026-04-17T15:11:21.013Z platform: startInfra: checking infrastructure
2026-04-17T15:11:21.013Z platform: startInfra: infra is uptodate at version 49.9.0
2026-04-17T15:11:21.013Z platform: onInfraReady: platform is ready. infra changed: false
2026-04-17T15:11:21.014Z apps: schedulePendingTasks: scheduling app tasks
2026-04-17T15:11:21.048Z services: applyMemoryLimit: turn {"memoryLimit":536870912,"recoveryMode":false}
2026-04-17T15:11:21.048Z shell: docker: docker update --memory 536870912 --memory-swap -1 turn
2026-04-17T15:11:21.054Z services: applyMemoryLimit: mysql {"memoryLimit":3221225472,"recoveryMode":false}
2026-04-17T15:11:21.055Z shell: docker: docker update --memory 3221225472 --memory-swap -1 mysql
2026-04-17T15:11:21.060Z services: applyMemoryLimit: sftp {"requireAdmin":true}
2026-04-17T15:11:21.060Z shell: docker: docker update --memory 268435456 --memory-swap -1 sftp
2026-04-17T15:11:21.064Z services: applyMemoryLimit: mail {"memoryLimit":3355443200,"recoveryMode":false}
2026-04-17T15:11:21.064Z shell: docker: docker update --memory 3355443200 --memory-swap -1 mail
2026-04-17T15:11:21.067Z services: applyMemoryLimit: postgresql {"memoryLimit":2684354560,"recoveryMode":false}
2026-04-17T15:11:21.067Z shell: docker: docker update --memory 2684354560 --memory-swap -1 postgresql
2026-04-17T15:11:21.073Z services: applyMemoryLimit: graphite {"memoryLimit":671088640}
2026-04-17T15:11:21.073Z shell: docker: docker update --memory 671088640 --memory-swap -1 graphite
2026-04-17T15:11:21.078Z shell: services: grep -q avx /proc/cpuinfo
2026-04-17T15:11:21.094Z apptaskmanager: started
2026-04-17T15:11:21.095Z cron: startJobs: starting cron jobs with hour 3 and minute 39
2026-04-17T15:11:21.148Z services: applyMemoryLimit: skipping mongodb (not running)
2026-04-17T15:11:21.150Z cron: handleBackupScheduleChanged: schedule never (Europe/Paris)
2026-04-17T15:11:21.150Z services: applyMemoryLimit: redis-0660801c-9af3-46d6-8413-045f0d0c9e7a {}
2026-04-17T15:11:21.150Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-0660801c-9af3-46d6-8413-045f0d0c9e7a
2026-04-17T15:11:21.154Z services: applyMemoryLimit: redis-6f68b28b-6d66-42ce-9616-39d7287cfdf7 {}
2026-04-17T15:11:21.154Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-6f68b28b-6d66-42ce-9616-39d7287cfdf7
2026-04-17T15:11:21.158Z services: applyMemoryLimit: redis-90baa052-9e87-4a2e-aade-02fd268255a5 {}
2026-04-17T15:11:21.158Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-90baa052-9e87-4a2e-aade-02fd268255a5
2026-04-17T15:11:21.161Z services: applyMemoryLimit: redis-9965a071-8f10-40a6-9d29-3bb08dd372f9 {}
2026-04-17T15:11:21.161Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-9965a071-8f10-40a6-9d29-3bb08dd372f9
2026-04-17T15:11:21.164Z services: applyMemoryLimit: redis-9cbe1195-9546-486b-aa23-45cbd746360c {}
2026-04-17T15:11:21.164Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-9cbe1195-9546-486b-aa23-45cbd746360c
2026-04-17T15:11:21.168Z services: applyMemoryLimit: redis-65145113-575e-4c78-9a19-749c7b51b597 {}
2026-04-17T15:11:21.168Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-65145113-575e-4c78-9a19-749c7b51b597
2026-04-17T15:11:21.171Z services: applyMemoryLimit: redis-65474843-0d88-42c0-8150-0f179cb76a7b {}
2026-04-17T15:11:21.171Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-65474843-0d88-42c0-8150-0f179cb76a7b
2026-04-17T15:11:21.174Z services: applyMemoryLimit: redis-a688f4ed-bc6e-4c62-86d7-d306eb44bf95 {}
2026-04-17T15:11:21.174Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-a688f4ed-bc6e-4c62-86d7-d306eb44bf95
2026-04-17T15:11:21.180Z services: applyMemoryLimit: redis-f950f135-f861-4fe3-87a3-5bf1805837ff {}
2026-04-17T15:11:21.180Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-f950f135-f861-4fe3-87a3-5bf1805837ff
2026-04-17T15:11:21.183Z services: applyMemoryLimit: redis-bf98bcba-ecff-47a5-bc71-238f557dd0ab {}
2026-04-17T15:11:21.183Z shell: docker: docker update --memory 268435456 --memory-swap -1 redis-bf98bcba-ecff-47a5-bc71-238f557dd0ab
2026-04-17T15:11:21.187Z cron: handleBackupScheduleChanged: schedule 00 00 13 * * * (Europe/Paris)
2026-04-17T15:11:21.198Z cron: handleBackupScheduleChanged: schedule 00 00 3 * * * (Europe/Paris)
2026-04-17T15:11:21.209Z cron: handleAutoupdateConfigChanged: schedule - 00 00 2 * * */Europe/Paris, policy - platform_and_apps
2026-04-17T15:11:21.212Z cron: Dynamic DNS setting changed to false
2026-04-17T15:11:21.213Z dockerproxy: start: listening on 172.18.0.1:3003
2026-04-17T15:11:21.213Z authserver: start: listening on 172.18.0.1:3006
2026-04-17T15:11:30.664Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:11:40.073Z shell: metrics: lsblk -ndo PKNAME /dev/vda3
2026-04-17T15:11:40.080Z shell: metrics: lsblk -ndo PKNAME /dev/vda
2026-04-17T15:11:40.646Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:11:50.695Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:11:51.216Z reverseproxy: writeDefaultConfig: writing configs for endpoint "ip"
2026-04-17T15:11:51.216Z shell: reverseproxy: /usr/bin/sudo --non-interactive /home/yellowtent/box/src/scripts/restartservice.sh nginx
2026-04-17T15:11:51.358Z platform: onActivated: finished
2026-04-17T15:12:00.042Z scheduler: sync: clearing jobs of 04f4e451-155e-48be-a19f-54e17fc0bf32 (monica.mydomain2.net)
2026-04-17T15:12:00.044Z docker: deleteContainer: deleting 04f4e451-155e-48be-a19f-54e17fc0bf32-moncron
2026-04-17T15:12:00.138Z scheduler: createJobs: moncron (monica.mydomain2.net) will run in container 04f4e451-155e-48be-a19f-54e17fc0bf32-moncron
2026-04-17T15:12:00.667Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:10.699Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:20.651Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:30.654Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:40.652Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:12:50.651Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
2026-04-17T15:13:00.654Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive
{
  path: '/well-known-handler/openid-configuration',
  status: 500,
  error: ServerError [ServiceUnavailableError]: Response timeout
      at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/connect-timeout/index.js:84:8)
      at IncomingMessage.emit (node:events:508:28)
      at Timeout._onTimeout (/home/yellowtent/box/node_modules/connect-timeout/index.js:49:11)
      at listOnTimeout (node:internal/timers:605:17)
      at process.processTimers (node:internal/timers:541:7) {
    code: 'ETIMEDOUT',
    timeout: 60000
  }
}
2026-04-17T15:13:10.642Z apphealthmonitor: app health: 53 running / 3 stopped / 0 unresponsive

Hi,

As seen in the log, openid-configuration is not working and sending timeout (/.well-known/openid-configuration):

{
  "status": "Internal Server Error",
  "message": "Response timeout"
}

On some lucky try the page reply correctly.

Also, restarting Docker services in the cloudron front panel unlock the page for few seconds but still re-crash after that.
Rebooting the server doesn't fix the issue.

# cloudron-support --troubleshoot
Vendor: netcup Product: KVM Server
Linux: 6.8.0-110-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: AMD EPYC 9645 96-Core Processor
BIOS pc-i440fx-9.2  CPU @ 2.0GHz x 10
RAM: 24602244KB
Disk: /dev/vda3       796G
[OK]	node version is correct
[OK]	IPv6 is enabled and public IPv6 address is working
[OK]	docker is running
[OK]	docker version is correct
[OK]	MySQL is running
[OK]	netplan is good
[OK]	DNS is resolving via systemd-resolved
[OK]	unbound is running
[OK]	nginx is running
[OK]	dashboard cert is valid
[FAIL]	Could not load dashboard website with loopback check

and sometimes:

# cloudron-support --troubleshoot
Vendor: netcup Product: KVM Server
Linux: 6.8.0-110-generic
Ubuntu: noble 24.04
Execution environment: kvm
Processor: AMD EPYC 9645 96-Core Processor
BIOS pc-i440fx-9.2  CPU @ 2.0GHz x 10
RAM: 24602244KB
Disk: /dev/vda3       796G
[OK] node version is correct
[OK] IPv6 is enabled and public IPv6 address is working
[OK] docker is running
[OK] docker version is correct
[OK] MySQL is running
[OK] netplan is good
[OK] DNS is resolving via systemd-resolved
[OK] unbound is running
[OK] nginx is running
[OK] dashboard cert is valid
[OK] dashboard is reachable via loopback
[OK] No pending database migrations
[OK] Service 'mysql' is running and healthy
[OK] Service 'postgresql' is running and healthy
[WARN] Service 'mongodb' is not running (may be lazy-stopped)
[OK] Service 'mail' is running and healthy
[OK] Service 'graphite' is running and healthy
[OK] Service 'sftp' is running and healthy
[OK] box v9.1.6 is running
[FAIL] Could not load dashboard domain.

Error /home/yellowtent/platformdata/logs/box.log:

2026-04-17T09:55:16.954Z oidcserver: find: error getting client null

{
  path: '/well-known-handler/openid-configuration',
  status: 500,
  error: ServerError [ServiceUnavailableError]: Response timeout
      at IncomingMessage.<anonymous> (/home/yellowtent/box/node_modules/connect-timeout/index.js:84:8)
      at IncomingMessage.emit (node:events:508:28)
      at Timeout._onTimeout (/home/yellowtent/box/node_modules/connect-timeout/index.js:49:11)
      at listOnTimeout (node:internal/timers:605:17)
      at process.processTimers (node:internal/timers:541:7) {
--
  }
}

Hi,
I discover that there are official OIDC plugin for CryptPad:
https://github.com/cryptpad/sso

Is it possible to have it installed on cloudron bundle ?
Or, at least, have the lib/plugins/ directory available ?

It could be great, mainly to be able to have a private instance that automatically allow SSO user to register.

Thanks !

Description

Cloudron common redis image is vulnerable to critical vulnerability (CVE-2025-49844 - 10 CVSS)

Logs

Logs says it's version 7.4.2, fixed version is 7.4.6

Gitlab

Oct 08 12:06:24 13:C 08 Oct 2025 10:06:24.722 * oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
Oct 08 12:06:24 13:C 08 Oct 2025 10:06:24.722 * Redis version=7.4.2, bits=64, commit=00000000, modified=0, pid=13, just started
Oct 08 12:06:24 13:C 08 Oct 2025 10:06:24.722 * Configuration loaded
Oct 08 12:06:24 13:M 08 Oct 2025 10:06:24.722 * monotonic clock: POSIX clock_gettime
Oct 08 12:06:24 13:M 08 Oct 2025 10:06:24.724 # Failed to write PID file: Permission denied
Oct 08 12:06:24 13:M 08 Oct 2025 10:06:24.724 * Running mode=standalone, port=6379.
Oct 08 12:06:24 13:M 08 Oct 2025 10:06:24.725 * Server initialized
Oct 08 12:06:24 13:M 08 Oct 2025 10:06:24.725 * Loading RDB produced by version 7.4.2

Same with N8n:

Oct 08 12:19:46 13:C 08 Oct 2025 10:19:46.483 * oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
Oct 08 12:19:46 13:C 08 Oct 2025 10:19:46.483 * Redis version=7.4.2, bits=64, commit=00000000, modified=0, pid=13, just started
Oct 08 12:19:46 13:C 08 Oct 2025 10:19:46.483 * Configuration loaded
Oct 08 12:19:46 13:M 08 Oct 2025 10:19:46.483 * monotonic clock: POSIX clock_gettime
Oct 08 12:19:46 13:M 08 Oct 2025 10:19:46.485 # Failed to write PID file: Permission denied
Oct 08 12:19:46 13:M 08 Oct 2025 10:19:46.485 * Running mode=standalone, port=6379.
Oct 08 12:19:46 13:M 08 Oct 2025 10:19:46.485 * Server initialized
Oct 08 12:19:46 13:M 08 Oct 2025 10:19:46.486 * Loading RDB produced by version 7.4.2

And all other apps using redis, probably the same redis image is used

System Details

Cloudron Version

{
  "version": "8.3.2"
}

Ubuntu Version

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 24.04.2 LTS
Release:	24.04
Codename:	noble

Cloudron installation method

Manual with ./cloudron-setup

Thanks, it's working !

Thanks. This is the commands results:

$ cat /etc/netplan/50-cloud-init.yaml
network:
    version: 2
    renderer: networkd
    ethernets:
        eth0:
            addresses:
            - 45.83.105.92/22
            - 2a03:4000:46:463:880b:33ff:fe29:8d7c/64
            gateway4: 45.83.104.1
            gateway6: fe80::1
            match:
                macaddress: 8a:0b:33:29:8d:7c

$ cat /etc/resolv.conf
# This is /run/systemd/resolve/stub-resolv.conf managed by man:systemd-resolved(8).
# Do not edit.
#
# This file might be symlinked as /etc/resolv.conf. If you're looking at
# /etc/resolv.conf and seeing this text, you have followed the symlink.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search .

$ systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
     Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2024-08-10 09:56:51 UTC; 3 days ago
       Docs: man:systemd-resolved.service(8)
             man:org.freedesktop.resolve1(5)
             https://www.freedesktop.org/wiki/Software/systemd/writing-network-configuration-managers
             https://www.freedesktop.org/wiki/Software/systemd/writing-resolver-clients
   Main PID: 14835 (systemd-resolve)
     Status: "Processing requests..."
      Tasks: 1 (limit: 19050)
     Memory: 4.9M
        CPU: 1min 33.372s
     CGroup: /system.slice/systemd-resolved.service
             └─14835 /lib/systemd/systemd-resolved

Notice: journal has been rotated since unit was started, output may be incomplete.

@girish this is a public VPS (this one)
This is the command result:

resolvectl |cat
Global
       Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub

Link 2 (eth0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 4 (br-3d41c8b84b0d)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 6 (veth80c01b5)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 8 (vethe16e1d4)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 10 (vethed7b139)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 12 (vethe67b486)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 14 (vethd4ef98c)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 16 (vethe6749b8)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 20 (veth9b5beb5)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 22 (vethe3dfaa9)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 24 (veth109052f)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 26 (veth093bad2)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 28 (vethe6fe0f0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 30 (veth4c250c4)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 32 (veth9612c7c)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 34 (veth32f80d0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 38 (veth362eae4)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 42 (veth4c8efe9)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 44 (veth75c6814)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 46 (vethf18555a)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 48 (vetha0fbec1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 52 (vethd427026)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 54 (veth2b70d82)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 56 (vetha7b4ccb)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 58 (veth1894ed4)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 60 (vetheadf5c5)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 62 (veth69ed68b)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 64 (veth6b6f42a)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 66 (vethc2e2a32)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 70 (vetha39cf1d)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 72 (veth3493a4d)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 74 (veth79e2f75)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 76 (vethc6fa10b)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 98 (veth40adda1)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 104 (vethb251de5)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 128 (veth2a70946)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 130 (vethc338380)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 132 (veth34771c4)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 134 (vethd1f944b)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Hi,

An automatic upgrade happened this night on our server and all DNS queries result in empty response from systemd-resolved.

Here a part of the box.log where we saw the first error:

2024-08-10T01:33:35.165Z box:apphealthmonitor app health: 24 running / 2 stopped / 0 unresponsive
2024-08-10T01:33:36.851Z box:box Received SIGTERM. Shutting down.
2024-08-10T01:33:36.858Z box:platform uninitializing platform
2024-08-10T01:33:36.859Z box:shell startTask: /usr/bin/sudo -S -E /home/yellowtent/box/src/scripts/starttask.sh 12905 /home/yellowtent/platformdata/logs/tasks/12905.log 15 1024 errored BoxError: startTask exited with code null signal SIGTERM
    at ChildProcess.<anonymous> (/home/yellowtent/box/src/shell.js:110:19)
    at ChildProcess.emit (node:events:513:28)
    at ChildProcess._handle.onexit (node:internal/child_process:291:12) {
  reason: 'Shell Error',
  details: {},
  code: null,
  signal: 'SIGTERM'
}
2024-08-10T01:33:36.934Z box:tasks startTask: 12905 completed with code null
2024-08-10T01:33:36.937Z box:tasks setCompleted - 12905: {"error":{"message":"Task 12905 crashed with code null","code":"crashed"}}
2024-08-10T01:33:36.937Z box:tasks update 12905: {"percent":100,"error":{"message":"Task 12905 crashed with code null","code":"crashed"}}
2024-08-10T01:33:36.938Z box:platform onDeactivated: stopping post activation services
2024-08-10T01:33:36.939Z box:tasks stopAllTasks: stopping all tasks
2024-08-10T01:33:36.940Z box:shell stopTask /usr/bin/sudo -S /home/yellowtent/box/src/scripts/stoptask.sh all
2024-08-10T01:33:36.952Z box:locker Released : box_update
2024-08-10T01:33:36.952Z box:updater Update failed with error. { message: 'Task 12905 crashed with code null', code: 'crashed' }
2024-08-10T01:33:36.953Z box:tasks startTask: 12905 done. error: { message: 'Task 12905 crashed with code null', code: 'crashed' }
2024-08-10T01:35:10.561Z box:server ==========================================
2024-08-10T01:35:10.562Z box:server            Cloudron 8.0.3  
2024-08-10T01:35:10.562Z box:server ==========================================
2024-08-10T01:35:10.562Z box:platform initialize: start platform
2024-08-10T01:35:10.902Z box:tasks stopAllTasks: stopping all tasks
2024-08-10T01:35:10.902Z box:shell stopTask /usr/bin/sudo -S /home/yellowtent/box/src/scripts/stoptask.sh all
sudo: unable to resolve host my: Temporary failure in name resolution
All tasks stopped
2024-08-10T01:35:11.141Z box:reverseproxy writeDashboardConfig: writing dashboard config for a38.fr
2024-08-10T01:35:11.158Z box:shell isOscpEnabled execArgs: openssl ["x509","-in","/home/yellowtent/platformdata/nginx/cert/_.a38.fr.cert","-noout","-ocsp_uri"]
2024-08-10T01:35:11.179Z box:shell reload /usr/bin/sudo -S /home/yellowtent/box/src/scripts/restartservice.sh nginx
sudo: unable to resolve host my: Temporary failure in name resolution
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e5.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.a38.fr.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e5.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/a38.fr.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e5.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.a38.fr.cert"
nginx: [warn] "ssl_stapling" ignored, host not found in OCSP responder "e5.o.lencr.org" in the certificate "/home/yellowtent/platformdata/nginx/cert/_.a38.fr.cert"

dig response:

$ dig api.cloudron.io

; <<>> DiG 9.18.28-0ubuntu0.22.04.1-Ubuntu <<>> api.cloudron.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 12668
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;api.cloudron.io.		IN	A

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Sat Aug 10 15:56:07 UTC 2024
;; MSG SIZE  rcvd: 44

All apps were in error state and i successfully started them all with write api.cloudron.io in host file and retry configure task in cloudron panel.

Unfortunately, this is only temporary fix as dns issue is still there and app store for example is still unavailable (so i commented out this fix).

I think i have some crash with the new release.
Update from 1.16.5.

I have the full log if you need it

2022-05-08T01:22:51.000Z at processTimers (internal/timers.js:497:7) [ /app/code/node_modules/express/lib/application.js:630:43 ]
2022-05-08T01:22:51.000Z ERROR ServiceUnavailableError: Response timeout
2022-05-08T01:22:51.000Z at IncomingMessage.<anonymous> (/app/code/node_modules/connect-timeout/index.js:84:8)
2022-05-08T01:22:51.000Z at IncomingMessage.emit (events.js:315:20)
2022-05-08T01:22:51.000Z at Timeout.<anonymous> (/app/code/node_modules/connect-timeout/index.js:49:11)
2022-05-08T01:22:51.000Z at listOnTimeout (internal/timers.js:554:17)
2022-05-08T01:22:51.000Z at processTimers (internal/timers.js:497:7) [ /app/code/node_modules/express/lib/application.js:630:43 ]
2022-05-08T01:24:38.000Z ERROR LDAP error connect ETIMEDOUT 172.18.0.1:3002 [ /app/code/backend/routes.js:75:21 ]
2022-05-08T01:24:38.000Z connect ETIMEDOUT 172.18.0.1:3002 Error: connect ETIMEDOUT 172.18.0.1:3002
2022-05-08T01:24:38.000Z at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)
2022-05-08T01:24:50.000Z ERROR LDAP error connect ETIMEDOUT 172.18.0.1:3002 [ /app/code/backend/routes.js:75:21 ]
2022-05-08T01:24:50.000Z connect ETIMEDOUT 172.18.0.1:3002 Error: connect ETIMEDOUT 172.18.0.1:3002
2022-05-08T01:24:50.000Z at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)
2022-05-08T01:24:50.000Z ERROR LDAP error connect ETIMEDOUT 172.18.0.1:3002 [ /app/code/backend/routes.js:75:21 ]
2022-05-08T01:24:50.000Z connect ETIMEDOUT 172.18.0.1:3002 Error: connect ETIMEDOUT 172.18.0.1:3002
2022-05-08T01:24:50.000Z at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1146:16)
2022-05-08T18:25:11.000Z [18:25:11] [Server thread/INFO] [ne.mi.co.AdvancementLoadFix/]: Using new advancement loading for net.minecraft.advancements.PlayerAdvancements@6122d325
2022-05-08T18:25:11.000Z [18:25:11] [Server thread/INFO] [minecraft/PlayerList]: User3[/3.4.5.6:56382] logged in with entity id 139 at (20.849399336919795, 73.0, -53.43918182426666)
2022-05-08T18:25:11.000Z [18:25:11] [Server thread/INFO] [minecraft/DedicatedServer]: User3 joined the game
2022-05-08T18:30:05.000Z [18:30:05] [Server thread/INFO] [minecraft/DedicatedServer]: User3 has made the advancement [Sweet Dreams]
2022-05-08T20:23:40.000Z [20:23:40] [Server thread/INFO] [minecraft/ServerPlayNetHandler]: User3 lost connection: Disconnected
2022-05-08T20:23:40.000Z [20:23:40] [Server thread/INFO] [minecraft/DedicatedServer]: User3 left the game
2022-05-09T08:38:56.000Z => Ensure directories
2022-05-09T08:38:56.000Z => Accept EULA
2022-05-09T08:38:56.000Z => Update server port
2022-05-09T08:38:56.000Z => Update query port
2022-05-09T08:38:56.000Z => Disable rcon port
2022-05-09T08:38:56.000Z => Ensure permissions
2022-05-09T08:38:56.000Z => Starting management server
2022-05-09T08:38:56.000Z Use ldap auth
2022-05-09T08:38:56.000Z Server is up and running on port 3000
2022-05-09T08:38:56.000Z start minecraft server with memory limit 1638 M
2022-05-09T08:38:56.000Z Error: could not open `libraries/net/minecraftforge/forge/1.18.2-40.1.0/unix_args.txt'
2022-05-09T08:39:39.000Z => Ensure directories
2022-05-09T08:39:39.000Z => Accept EULA
2022-05-09T08:39:39.000Z => Update server port
2022-05-09T08:39:39.000Z => Update query port
2022-05-09T08:39:39.000Z => Disable rcon port
2022-05-09T08:39:39.000Z => Ensure permissions
2022-05-09T08:39:39.000Z => Starting management server
2022-05-09T08:39:40.000Z Use ldap auth
2022-05-09T08:39:41.000Z Server is up and running on port 3000
2022-05-09T08:39:41.000Z start minecraft server with memory limit 1638 M
2022-05-09T08:39:41.000Z Error: could not open `libraries/net/minecraftforge/forge/1.18.2-40.1.0/unix_args.txt'

Hi everyone, same issue happen here.

Application reboot temporarily fix the issue, but it always come back.

Is there any workaround other than app reboot, as this solution disconnect players and i need to connect myself to the game only to know/tell that i will reboot only for that...

I 'm open to any workaround or quick fix that allow to use the minecraft server console while the admin panel (LDAP it seems) crashed or allow to reboot the admin panel without rebooting the game.
At least a solution to see the game log without connecting to the game ?

Currently it seems the that it's the admin panel that start the game so i think it's needed to change the code.

Thank you all !