WriteFreely - Blogging Platform

Has anyone successfully installed it DIY on Cloudron?

I am also interestedin using WriteFreely via Cloudron.

I stumbled upon OpenTrashMail since it is able to convert newsletter mails into subscribable RSS feeds. I would really like to separate newsletters from my mail inbox. OpenTrashMail seems to do the job. Any new considerations?

@girish Just contacted you.

In case I try migrating the users, does this also migrate all user settings, passwords and so on? Or do the user directories only contain data?

Users are managed by the app on this instance, not by Cloudron.

Running the app in recovery mode gives me the following:

Jan 07 20:51:02 Command "upgrade" is not defined.
Jan 07 20:51:02Nextcloud is not installed - only a limited number of commands are available
Jan 07 20:51:05[GET] /healthcheck
Jan 07 20:51:05box:tasks update 4766: {"percent":30,"message":"Setting up addons"}
Jan 07 20:51:05box:services setupAddons: Setting up ["postgresql","sendmail","ldap","redis","localstorage","scheduler","turn"]
Jan 07 20:51:05box:services setupAddons: setting up addon postgresql with options {}
Jan 07 20:51:05box:services Setting up postgresql
Jan 07 20:51:05box:services Setting postgresql addon config to [{"name":"CLOUDRON_POSTGRESQL_URL","value":"postgres://user1af67d47f12d4d8b9890304a9c7e915b:30234061fc3bfa5e3c9c8f6d760fee506c9d6cb66069523f6c00ea7bb4addd9c4fb5f942c853d832967cee25d5b42d08eb3e2c766bc13954f0bd54459685c9d9@postgresql/db1af67d47f12d4d8b9890304a9c7e915b"},{"name":"CLOUDRON_POSTGRESQL_USERNAME","value":"user1af67d47f12d4d8b9890304a9c7e915b"},{"name":"CLOUDRON_POSTGRESQL_PASSWORD","value":"30234061fc3bfa5e3c9c8f6d760fee506c9d6cb66069523f6c00ea7bb4addd9c4fb5f942c853d832967cee25d5b42d08eb3e2c766bc13954f0bd54459685c9d9"},{"name":"CLOUDRON_POSTGRESQL_HOST","value":"postgresql"},{"name":"CLOUDRON_POSTGRESQL_PORT","value":"5432"},{"name":"CLOUDRON_POSTGRESQL_DATABASE","value":"db1af67d47f12d4d8b9890304a9c7e915b"}]
Jan 07 20:51:05box:services setupAddons: setting up addon sendmail with options {"supportsDisplayName":false}
Jan 07 20:51:05box:services Setting up SendMail
Jan 07 20:51:05box:services Setting sendmail addon config to [{"name":"CLOUDRON_MAIL_SMTP_SERVER","value":"mail"},{"name":"CLOUDRON_MAIL_SMTP_PORT","value":"2525"},{"name":"CLOUDRON_MAIL_SMTPS_PORT","value":"2465"},{"name":"CLOUDRON_MAIL_STARTTLS_PORT","value":"2587"},{"name":"CLOUDRON_MAIL_SMTP_USERNAME","value":"wolke@tee-server.de"},{"name":"CLOUDRON_MAIL_SMTP_PASSWORD","value":"6257492a4e30247b589fefb907b9e8b4d5bdf3396d2c5914"},{"name":"CLOUDRON_MAIL_FROM","value":"wolke@tee-server.de"},{"name":"CLOUDRON_MAIL_DOMAIN","value":"tee-server.de"}]
Jan 07 20:51:05box:services setupAddons: setting up addon ldap with options {}
Jan 07 20:51:05box:services setupAddons: setting up addon redis with options {}
Jan 07 20:51:05box:services Re-using existing redis container with state: {"Status":"running","Running":true,"Paused":false,"Restarting":false,"OOMKilled":false,"Dead":false,"Pid":42957,"ExitCode":0,"Error":"","StartedAt":"2024-01-07T11:40:56.222621687Z","FinishedAt":"2024-01-07T11:40:55.251426628Z"}
Jan 07 20:51:05box:services Waiting for redis-1af67d47-f12d-4d8b-9890-304a9c7e915b
Jan 07 20:51:05box:services setupAddons: setting up addon localstorage with options {}
Jan 07 20:51:05box:services setupLocalStorage
Jan 07 20:51:05box:shell createVolume spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/mkdirvolume.sh /home/yellowtent/appsdata/1af67d47-f12d-4d8b-9890-304a9c7e915b/data
Jan 07 20:51:05box:shell createVolume (stderr): sudo: unable to resolve host 1001415-406: Name or service not known
Jan 07 20:51:05box:services setupAddons: setting up addon scheduler with options {"housekeeping":{"schedule":"*/5 * * * *","command":"/app/pkg/cron.sh"}}
Jan 07 20:51:05box:services setupAddons: setting up addon turn with options {"optional":true}
Jan 07 20:51:05box:services Setting up TURN
Jan 07 20:51:05box:tasks update 4766: {"percent":60,"message":"Creating container"}
Jan 07 20:51:05box:apptask createContainer: creating container
Jan 07 20:51:06Repair mode. Use the webterminal or cloudron exec to repair. Sleeping
Jan 07 20:51:06box:shell addLogrotateConfig spawn: /usr/bin/sudo -S /home/yellowtent/box/src/scripts/configurelogrotate.sh add 1af67d47-f12d-4d8b-9890-304a9c7e915b /tmp/1af67d47-f12d-4d8b-9890-304a9c7e915b.logrotate
Jan 07 20:51:06box:shell addLogrotateConfig (stderr): sudo: unable to resolve host 1001415-406: Name or service not known
Jan 07 20:51:06box:apptask startApp: starting container
Jan 07 20:51:06box:tasks update 4766: {"percent":100,"message":"Done"}
Jan 07 20:51:06box:tasks setCompleted - 4766: {"result":null,"error":null}
Jan 07 20:51:06box:taskworker Task took 9.183 seconds
Jan 07 20:51:06box:tasks update 4766: {"percent":100,"result":null,"error":null}
Jan 07 20:51:10=> Healtheck error: Error: connect ECONNREFUSED 172.18.19.126:80```

The backups got accidentally dropped as they were on the same volume as the system. Dumb situation. Nothing else got removed though. The disk full issue has been resolved. I will try and install a second instance to compare the config files.

I am wondering why the config.php does not contain a datadirectory parameter at all.

Update: The old config differs significantly compared to the new one. I suppose the "update config" and "run migration" steps in the log are trying to migrate the config.php to the new standard. This seems to fail for some reason. The application loops through the follwing again and again:

==> Copying htaccess
Jan 07 19:36:49==> update config
Jan 07 19:36:49==> run migration
Jan 07 19:36:49Nextcloud is not installed - only a limited number of commands are available
Jan 07 19:36:49
Jan 07 19:36:49
Jan 07 19:36:49 Command "upgrade" is not defined.
Jan 07 19:36:49
Jan 07 19:36:49
Jan 07 19:36:54=> Healtheck error: Error: connect EHOSTUNREACH 172.18.19.126:80

I have searched the forum for a similar case and found this one. Link to the solution:

https://forum.cloudron.io/post/70404

I have the exact same log errors. The problem is that I have no backup to restore a working config.php file from.

What to do in this case? Will it help to make a backup of the current non-responding Nextcloud, install a fresh one and recover from the former backup?

I am out of ideas. Help appreciated.

@jfrere As I am facing the same issue. Has this not been resolved yet?

I found it. The log entries listed by Bitninja Security are found on the log of a WordPress instance that has been left with default values. Wasn´t me.

I am ditching the WP instance.

Jesus Christ.

I understand the log entry as what the infected server does to other servers as part of a bot net. In this case it looks for Wordpress instances? In fact it seems to try and populate the sites with what seems to be pretty generic login data. I am not sure this is an indication that it has to do with WP. Right now all WP instances are turned off.

value><string>lotadmin</string></value><value><string>12345</string>

News.

My server provider got an email from Bitninja Security. They have more than hundred logs.

Here some examples:

Deleted code for privacy reasons and since issue is solved. 

Is there any concrete indication of anything?

@necrevistonnezr None other than what the stack comes with. I use the LAMP stacks solely for static site delivery by populating the public directory.

@girish Nope. Just a clean Ubuntu and a cloudron install on top. Nothing else. The only installations are cloudron applications. Nextcloud, Uptime Kuma, a few LAMP stacks, three WP instances, a FreshRSS instance, an unused Mastodon instance, Joplin. No custom docker repo or anything alike.

In the meantime I was able to delist from Spamhaus. I generally hope for a false negative but can´t rely solely on hope. So the question still holds up. How to detect potential bot-contacting malware on a Cloudron server?

Today trying to write mails Spamhaus responds with:

Diagnostic-Code: smtp;550 IP 128.0.XX.XX (my server´s IP) is blacklisted (xbl.spamhaus.org). Help at/Hilfe unter www.mfaq.info

More Details from Spamhaus say this:

A machine using 128.0.xx.xx is infected with malware associated with the avalanche/andromeda family.

128.0.xx.xx initiated contact with a nymaim command and control server, using contents unique to nymaim C&C command protocols.

Technical details of the nymaim detection
128.0.XX.XX initiated a tcp connection from 128.0.XX.XX using source port 35658, to the sinkhole IP address 216.218.185.162 on destination port 80.

The most recent detection was on: July 18 2023, 16:37:35 UTC.

---

What I have done already?

1. Updated all applications
2. double-checked two WP-instances and temporarily turned them off.
3. Checked box logs and all app logs for connections to said 216.218.185.162 IP address. Nothing.
4. Used net-tools to check for active connections to 216.218.185.162. Still nothing.

Do you recommend to scan with something like ClamAV?

@girish Uptime is normalizing again. No problems in the last 23 hours. In addition we are upgrading the server from 1 vCPU to a 4 vCPUs since more clients are using it than before. Thank you so much for the care!

@whitespace @girish @necrevistonnezr

So it happened again.

at 15:45 the log says

Jun 21 15:45:09 => Run cron job

At the exact same time my online monitor shows the Nextcloud as being offline.

So I looked into the scheduled cron job which contains

exec /usr/local/bin/gosu www-data:www-data php -f /app/code/cron.php

Now I'd be at the point of restarting the app manually.
Does this give any clue?

---

EDIT:

It happened again independently from the scheduled cron task. The last log entries were regular stuff of loading the activity page in a browser via GET requests.

@necrevistonnezr This was my first thought too. I was able to log-in and specifically deactivated all nextcloud applications not needed. The only active apps are Files, Activity and Calendar.

I looked into the thread and gave the Nextcloud more Memory and ramped up max-request workers. Testing right now.

@girish The nextcloud is not behind a proxy or Cloudflare. Just a domain mapped via DNS API. Nothing extraordinary. I renewed certs and synched DNS already. In the meantime I have asked my VPS host if there are any known networking issues. Waiting for a response there.

The concrete things that are not running as soon as the problem occurs are 1. the Nextcloud frontend and 2. the Nextcloud sync via desktop clients. As far as I have tested, this does not go away automatically. Only a restart via dashboard fixes it.

@girish ps aux gives me this. I have a hard time interpreting all values admittedly but in my interpretation there is nothing extraordinary.