From 5549f03f6eb9351c066c9e272e94611134785160 Mon Sep 17 00:00:00 2001
From: Andreas Dueren <contact@due.ren>
Date: Tue, 4 Nov 2025 17:10:32 -0600
Subject: [PATCH] Route Museum GET endpoints

---
 BUILD-INSTRUCTIONS.md |   8 +--
 CHANGELOG.md          |  38 ++++++++++
 CloudronManifest.json |  45 ++++++++++--
 POSTINSTALL.md        |  38 ++++------
 README.md             |  19 ++---
 start.sh              | 156 +++++++++++++++++++++++++++++++++++++-----
 6 files changed, 242 insertions(+), 62 deletions(-)

diff --git a/BUILD-INSTRUCTIONS.md b/BUILD-INSTRUCTIONS.md
index 95f2f3a..414fffc 100644
--- a/BUILD-INSTRUCTIONS.md
+++ b/BUILD-INSTRUCTIONS.md
@@ -9,21 +9,21 @@ cloudron build \
   --set-build-service builder.docker.due.ren \
   --build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e \
   --set-repository andreasdueren/ente-cloudron \
-  --tag 0.4.5
+  --tag 0.5.0
 ```
 
 ## Install
 ```bash
 cloudron install \
   --location ente.due.ren \
-  --image andreasdueren/ente-cloudron:0.4.5
+  --image andreasdueren/ente-cloudron:0.5.0
 ```
 
 ## After Install
 1. **S3** – In Cloudron File Manager open `/app/data/config/s3.env`, fill in your endpoint/region/bucket/access/secret, then restart the app from the dashboard.
-2. **Subdomains** – In the Cloudron *Domains* tab add aliases for `auth.<app-domain>`, `accounts.<app-domain>`, `cast.<app-domain>`, `albums.<app-domain>` and `family.<app-domain>`. Create matching DNS records pointing at the primary domain (for example, if the app is `ente.cloudron.io`, add `auth.ente.cloudron.io`, `accounts.ente.cloudron.io`, etc. → `ente.cloudron.io`).
+2. **Secondary hostnames** – During installation Cloudron now prompts for hostnames for the Accounts/Auth/Cast/Albums/Family web apps (powered by `httpPorts`). Ensure matching DNS records exist that point to the primary app domain. If you use Cloudron-managed DNS, those records are created automatically; otherwise create CNAME/A records such as `accounts.<app-domain> → <app-domain>`.
 
-Once DNS propagates, use the dedicated hosts:
+Once DNS propagates, use the dedicated hosts (defaults shown below — substitute the names you selected during install):
 - `https://<app-host>` (the hostname you chose during install, main UI & uploads)
 - `https://accounts.<app-domain>`
 - `https://auth.<app-domain>`
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 27bdf11..21ccfce 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,43 @@
 # Changelog
 
+## 0.5.0 (2025-11-04)
+
+* Proxy Museum GET/HEAD routes (e.g. `/collections`, `/files`, `/remote-store`) so clients that talk to the primary host without `/api` still hit the backend
+
+## 0.4.13 (2025-11-04)
+
+* Forward all non-GET requests to the Museum backend so uploads and other write operations reach the API
+
+## 0.4.12 (2025-11-04)
+
+* Ensure dedicated hosts serve static `.html` exports and SPA fallbacks (`/gallery`, etc.) without 404s
+
+## 0.4.11 (2025-11-04)
+
+* Serve static `.html` exports for all dedicated hosts so routes like `/gallery` refresh and upload flows work again
+
+## 0.4.10 (2025-11-04)
+
+* Fix SPA fallbacks on dedicated hosts so `/gallery` and other client routes refresh correctly
+
+## 0.4.9 (2025-11-04)
+
+* Raise default memory allocation to 3 GiB for smoother media processing workloads
+
+## 0.4.8 (2025-11-04)
+
+* Allow persistent Museum overrides via `/app/data/config/museum.override.yaml` while keeping generated defaults intact
+
+## 0.4.7 (2025-11-04)
+
+* Proxy `/users` API endpoints through Caddy so mobile SRP/OTT flows reach the backend
+
+## 0.4.6 (2025-11-04)
+
+* Switch to Cloudron `httpPorts` so secondary web apps get provisioned domains automatically
+* Teach the startup script to honour Cloudron-provided secondary domain variables (no manual aliasing required)
+* Refresh post-install docs and build instructions to reflect the new installation flow
+
 ## 0.4.5 (2025-10-30)
 
 * Serve photos UI on the primary hostname and mount other apps on `accounts/auth/cast/albums/family.<app-domain>`
diff --git a/CloudronManifest.json b/CloudronManifest.json
index 9c89999..ceed31c 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -7,13 +7,49 @@
   "contactEmail": "contact@ente.io",
   "website": "https://ente.io",
   "tagline": "Open source, end-to-end encrypted photo backup",
-  "version": "0.4.5",
+  "version": "0.5.0",
   "upstreamVersion": "git-main",
   "healthCheckPath": "/health",
   "httpPort": 3080,
-  "memoryLimit": 1610612736,
+  "httpPorts": {
+    "ACCOUNTS_DOMAIN": {
+      "title": "Accounts hostname",
+      "description": "Hostname for the Ente accounts web app (e.g. accounts)",
+      "containerPort": 3080,
+      "defaultValue": "accounts",
+      "aliasableDomain": true
+    },
+    "AUTH_DOMAIN": {
+      "title": "Auth hostname",
+      "description": "Hostname for the Ente authentication frontend (e.g. auth)",
+      "containerPort": 3080,
+      "defaultValue": "auth",
+      "aliasableDomain": true
+    },
+    "CAST_DOMAIN": {
+      "title": "Cast hostname",
+      "description": "Hostname for the Ente casting web app (e.g. cast)",
+      "containerPort": 3080,
+      "defaultValue": "cast",
+      "aliasableDomain": true
+    },
+    "ALBUMS_DOMAIN": {
+      "title": "Public albums hostname",
+      "description": "Hostname for the Ente public albums frontend (e.g. albums)",
+      "containerPort": 3080,
+      "defaultValue": "albums",
+      "aliasableDomain": true
+    },
+    "FAMILY_DOMAIN": {
+      "title": "Family hostname",
+      "description": "Hostname for the Ente family web app (e.g. family)",
+      "containerPort": 3080,
+      "defaultValue": "family",
+      "aliasableDomain": true
+    }
+  },
+  "memoryLimit": 3221225472,
   "postInstallMessage": "file://POSTINSTALL.md",
-  "multiDomain": true,
   "addons": {
     "localstorage": {},
     "postgresql": {},
@@ -25,9 +61,6 @@
   "checklist": {
     "configure-object-storage": {
       "message": "Configure your S3-compatible storage in /app/data/config/s3.env before first use."
-    },
-    "configure-subdomains": {
-      "message": "Create DNS records and add Cloudron aliases for accounts., auth., cast., albums. and family. (using the base domain of this app)."
     }
   },
   "icon": "file://logo.png",
diff --git a/POSTINSTALL.md b/POSTINSTALL.md
index d570147..6d7c362 100644
--- a/POSTINSTALL.md
+++ b/POSTINSTALL.md
@@ -5,11 +5,8 @@ Your Ente installation is almost ready!
 Before using Ente, configure an S3-compatible object storage provider:
 
 1. Open the Cloudron dashboard and select your Ente app.
-2. Launch the web terminal.
-3. Edit `/app/data/config/s3.env` and provide values for **all** required keys:
-   ```bash
-   nano /app/data/config/s3.env
-   ```
+2. Launch the file explorer.
+3. Open `/app/data/config/s3.env` and provide values for **all** required keys.
 4. Save the file and restart the app from the Cloudron dashboard.
 
 Supported variables:
@@ -20,33 +17,24 @@ Supported variables:
 - `S3_SECRET_KEY`
 - `S3_PREFIX` (optional path prefix)
 
-## Required: DNS Subdomains
+## Required: Secondary Hostnames
 
-Ente now serves supporting apps on dedicated hosts. Create DNS records (CNAME or A) and add matching alias domains in Cloudron for:
-
-- `auth.<app-domain>`
-- `accounts.<app-domain>`
-- `cast.<app-domain>`
-- `albums.<app-domain>`
-- `family.<app-domain>`
-
-For example, if you installed the app at `ente.cloudron.io`, create records for `auth.ente.cloudron.io`, `accounts.ente.cloudron.io`, etc., all pointing to `ente.cloudron.io`, then add each hostname as an alias in the Cloudron dashboard.
+The installer now asks for dedicated hostnames for the Auth/Accounts/Cast/Albums/Family web apps (via Cloudron `httpPorts`). If you manage DNS outside of Cloudron, create CNAME/A records such as `accounts.<app-domain>`, `auth.<app-domain>`, etc., pointing at the primary app domain. With Cloudron-managed DNS the records are created automatically.
 
 ## Administration
 
 - Use the bundled CLI from the Cloudron web terminal (CLI state lives in `/app/data/cli-data`):
   ```bash
-  cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente --help
+  ente --help
 
-  # Whitelist an administrator
-  cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user whitelist --email admin@example.com
-
-  # Increase a user’s storage allocation (in GB)
-  cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user quota set --email user@example.com --storage-gb 500
+  # List users (requires an existing admin account)
+  ente admin list-users --admin-user admin@example.com
   ```
   See the upstream admin guides for further context: [user administration](https://ente.io/help/self-hosting/administration/users) and [CLI reference](https://ente.io/help/self-hosting/administration/cli).
 
-Logs are streamed to the Cloudron dashboard. For deeper inspection use:
-```bash
-cloudron logs --app <location> -f
-```
+- To persist custom Museum settings (for example, seeding super-admin email addresses), create `/app/data/config/museum.override.yaml`. The file is appended to `museum/configurations/local.yaml` on each startup.
+  ```yaml
+  internal:
+    super-admins:
+      - admin@example.com
+  ```
diff --git a/README.md b/README.md
index 27ea1e8..5bbd620 100644
--- a/README.md
+++ b/README.md
@@ -56,14 +56,17 @@ The app is configured automatically using Cloudron's environment variables for:
 After installing on Cloudron remember to:
 
 1. Open the File Manager for the app, edit `/app/data/config/s3.env` with your object storage endpoint/keys, and restart the app.
-2. Add alias domains for `auth.<app-domain>`, `accounts.<app-domain>`, `cast.<app-domain>`, `albums.<app-domain>` and `family.<app-domain>` in the Cloudron **Domains** tab. Create matching DNS records pointing to the primary hostname (for example, if you installed at `ente.cloudron.io`, add `auth.ente.cloudron.io`, `accounts.ente.cloudron.io`, etc.).
-3. Use the bundled Ente CLI for admin tasks via `cloudron exec --app <location> -- sudo -u cloudron ente --help`. The CLI stores its state in `/app/data/cli-data` (exposed inside the container at `/cli-data`) and already trusts your app’s API endpoint. Typical workflows:
+2. When prompted during installation, pick hostnames for the Accounts/Auth/Cast/Albums/Family web apps (they are exposed via Cloudron `httpPorts`). Ensure matching DNS records exist; Cloudron-managed DNS creates them automatically, otherwise point CNAME/A records such as `accounts.<app-domain>` at the primary hostname.
+3. To persist tweaks to Museum (for example, seeding super-admin or whitelist entries), create `/app/data/config/museum.override.yaml`. Its contents are appended to the generated `museum/configurations/local.yaml` on every start, so you only need to declare the keys you want to override.
+   ```yaml
+   # /app/data/config/museum.override.yaml
+   internal:
+     super-admins:
+       - admin@example.com
+   ```
+4. Use the bundled Ente CLI for admin tasks via `cloudron exec --app <location> -- sudo -u cloudron ente --help`. The CLI stores its state in `/app/data/cli-data` (exposed inside the container at `/cli-data`) and already trusts your app’s API endpoint. Typical workflow:
    ```bash
-   # Whitelist an administrator (see https://ente.io/help/self-hosting/administration/users )
-   cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user whitelist --email admin@example.com
-
-   # Increase a user’s storage quota (see https://ente.io/help/self-hosting/administration/cli )
-   cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user quota set --email user@example.com --storage-gb 500
+   cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin list-users --admin-user admin@example.com
    ```
 
 The main photos UI continues to live on the hostname you selected during installation.
@@ -72,7 +75,7 @@ The main photos UI continues to live on the hostname you selected during install
 
 ### Web Client
 
-After installation, you can access the Ente web client at your app's URL. Create the first user and whitelist them as an administrator using the CLI if desired.
+After installation, you can access the Ente web client at your app's URL. Create the first user and promote them to an administrator using the override file or upstream admin tooling as documented by Ente.
 
 ### Mobile Apps
 
diff --git a/start.sh b/start.sh
index 76d514a..c98eb9c 100755
--- a/start.sh
+++ b/start.sh
@@ -10,6 +10,48 @@ log() {
   echo "[$timestamp] [$level] $message"
 }
 
+resolve_http_hostname() {
+  local env_key="$1"
+  local fallback="$2"
+  local value=""
+  local varname="CLOUDRON_${env_key}"
+
+  value="$(printenv "$varname" 2>/dev/null || true)"
+  if [ -z "$value" ]; then
+    local alt_varname="CLOUDRON_HTTP_PORT_${env_key}"
+    value="$(printenv "$alt_varname" 2>/dev/null || true)"
+  fi
+
+  if [ -z "$value" ]; then
+    if [ "$APP_FQDN" = "localhost" ]; then
+      printf '%s\n' "$APP_FQDN"
+    else
+      printf '%s\n' "$fallback"
+    fi
+    return
+  fi
+
+  value="${value%.}"
+  case "$value" in
+    "@" )
+      printf '%s\n' "$APP_FQDN"
+      ;;
+    *@ )
+      printf '%s.%s\n' "${value%@}" "$APP_FQDN"
+      ;;
+    *.* )
+      printf '%s\n' "$value"
+      ;;
+    * )
+      if [ "$APP_FQDN" = "localhost" ]; then
+        printf '%s\n' "$APP_FQDN"
+      else
+        printf '%s.%s\n' "$value" "$APP_FQDN"
+      fi
+      ;;
+  esac
+}
+
 APP_DIR="/app/code"
 DATA_DIR="/app/data"
 LOG_DIR="$DATA_DIR/logs"
@@ -54,21 +96,18 @@ APP_FQDN="${CLOUDRON_APP_DOMAIN:-${CLOUDRON_APP_FQDN:-localhost}}"
 BASE_URL="${CLOUDRON_APP_ORIGIN:-https://$APP_FQDN}"
 BASE_URL="${BASE_URL%/}"
 
-PHOTOS_HOST="$APP_FQDN"
-ACCOUNTS_HOST="$APP_FQDN"
-AUTH_HOST="$APP_FQDN"
-CAST_HOST="$APP_FQDN"
-ALBUMS_HOST="$APP_FQDN"
-FAMILY_HOST="$APP_FQDN"
+PHOTOS_HOST="$(resolve_http_hostname "PHOTOS_DOMAIN" "$APP_FQDN")"
+ACCOUNTS_HOST="$(resolve_http_hostname "ACCOUNTS_DOMAIN" "accounts.${APP_FQDN}")"
+AUTH_HOST="$(resolve_http_hostname "AUTH_DOMAIN" "auth.${APP_FQDN}")"
+CAST_HOST="$(resolve_http_hostname "CAST_DOMAIN" "cast.${APP_FQDN}")"
+ALBUMS_HOST="$(resolve_http_hostname "ALBUMS_DOMAIN" "albums.${APP_FQDN}")"
+FAMILY_HOST="$(resolve_http_hostname "FAMILY_DOMAIN" "family.${APP_FQDN}")"
 
 USE_SUBDOMAIN_ROUTING=false
 if [ "$APP_FQDN" != "localhost" ]; then
-  ACCOUNTS_HOST="accounts.${APP_FQDN}"
-  AUTH_HOST="auth.${APP_FQDN}"
-  CAST_HOST="cast.${APP_FQDN}"
-  ALBUMS_HOST="albums.${APP_FQDN}"
-  FAMILY_HOST="family.${APP_FQDN}"
-  USE_SUBDOMAIN_ROUTING=true
+  if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ]; then
+    USE_SUBDOMAIN_ROUTING=true
+  fi
 fi
 
 PHOTOS_URL="https://${PHOTOS_HOST}"
@@ -87,7 +126,7 @@ else
 fi
 
 if [ "$APP_FQDN" != "localhost" ]; then
-  API_BASE="https://${APP_FQDN}"
+  API_BASE="https://${PHOTOS_HOST}"
 else
   API_BASE="$BASE_URL"
 fi
@@ -423,6 +462,13 @@ oidc:
 EOF_CFG
   fi
 
+MUSEUM_OVERRIDE="$CONFIG_DIR/museum.override.yaml"
+if [ -f "$MUSEUM_OVERRIDE" ]; then
+  log INFO "Applying museum override from $MUSEUM_OVERRIDE"
+  printf '\n# --- Cloudron override (user-provided) ---\n' >> "$MUSEUM_CONFIG"
+  cat "$MUSEUM_OVERRIDE" >> "$MUSEUM_CONFIG"
+fi
+
 chown cloudron:cloudron "$MUSEUM_CONFIG"
 chmod 600 "$MUSEUM_CONFIG"
 
@@ -608,45 +654,81 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
         reverse_proxy localhost:8080
     }
 
+    @user_api path_regexp user_api ^/users($|/.*)
+    handle @user_api {
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
+    }
+
+    @museum_api_get {
+        method GET HEAD
+        path_regexp museum_api_get ^/(admin|authenticator|billing|cast|collections|custom-domain|diff|discount|email-hash|emails-from-hashes|emergency-contacts|family|file|file-link|files|fire|info|job|mail|metrics|multipart-upload-urls|offers|options|pass-info|passkeys|public-collection|push|queue|remote-store|storage-bonus|thumbnail|trash|unknown-api|upload-urls|user|user-entity|verify-password)(/|$)
+    }
+    handle @museum_api_get {
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
+    }
+
+    @write_methods {
+        not method GET
+        not method HEAD
+    }
+    handle @write_methods {
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
+    }
+
     @photos_host host ${PHOTOS_HOST}
     handle @photos_host {
         root * $WEB_RUNTIME_DIR/photos
-        try_files {path} {path}/index.html /photos/index.html
+        try_files {path} {path}/index.html {path}.html index.html
         file_server
     }
 
     @accounts_host host ${ACCOUNTS_HOST}
     handle @accounts_host {
         root * $WEB_RUNTIME_DIR/accounts
-        try_files {path} {path}/index.html /accounts/index.html
+        try_files {path} {path}/index.html {path}.html index.html
         file_server
     }
 
     @auth_host host ${AUTH_HOST}
     handle @auth_host {
         root * $WEB_RUNTIME_DIR/auth
-        try_files {path} {path}/index.html /auth/index.html
+        try_files {path} {path}/index.html {path}.html index.html
         file_server
     }
 
     @cast_host host ${CAST_HOST}
     handle @cast_host {
         root * $WEB_RUNTIME_DIR/cast
-        try_files {path} {path}/index.html /cast/index.html
+        try_files {path} {path}/index.html {path}.html index.html
         file_server
     }
 
     @albums_host host ${ALBUMS_HOST}
     handle @albums_host {
         root * $WEB_RUNTIME_DIR/albums
-        try_files {path} {path}/index.html /albums/index.html
+        try_files {path} {path}/index.html {path}.html index.html
         file_server
     }
 
     @family_host host ${FAMILY_HOST}
     handle @family_host {
         root * $WEB_RUNTIME_DIR/family
-        try_files {path} {path}/index.html /family/index.html
+        try_files {path} {path}/index.html {path}.html index.html
         file_server
     }
 
@@ -733,6 +815,42 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
         reverse_proxy localhost:8080
     }
 
+    @user_api_path path_regexp user_api_path ^/users($|/.*)
+    handle @user_api_path {
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
+    }
+
+    @museum_api_get_path {
+        method GET HEAD
+        path_regexp museum_api_get_path ^/(admin|authenticator|billing|cast|collections|custom-domain|diff|discount|email-hash|emails-from-hashes|emergency-contacts|family|file|file-link|files|fire|info|job|mail|metrics|multipart-upload-urls|offers|options|pass-info|passkeys|public-collection|push|queue|remote-store|storage-bonus|thumbnail|trash|unknown-api|upload-urls|user|user-entity|verify-password)(/|$)
+    }
+    handle @museum_api_get_path {
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
+    }
+
+    @write_methods_path {
+        not method GET
+        not method HEAD
+    }
+    handle @write_methods_path {
+        reverse_proxy localhost:8080 {
+            header_up Host {http.request.host}
+            header_up X-Real-IP {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+            header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
+        }
+    }
+
     handle /_next/* {
         root * $WEB_RUNTIME_DIR
         try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path}