andreas/ente-cloudron
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Route Museum GET endpoints

Browse Source
This commit is contained in:
Andreas Dueren
2025-11-04 17:10:32 -06:00
parent 98b26537a1
commit 5549f03f6e
6 changed files with 242 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BUILD-INSTRUCTIONS.md
View File

@@ -9,21 +9,21 @@ cloudron build \
--set-build-service builder.docker.due.ren \ --set-build-service builder.docker.due.ren \
--build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e \ --build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e \
--set-repository andreasdueren/ente-cloudron \ --set-repository andreasdueren/ente-cloudron \
--tag 0.4.5 --tag 0.5.0
``` ```
## Install ## Install
```bash ```bash
cloudron install \ cloudron install \
--location ente.due.ren \ --location ente.due.ren \
--image andreasdueren/ente-cloudron:0.4.5 --image andreasdueren/ente-cloudron:0.5.0
``` ```
## After Install ## After Install
1. **S3** In Cloudron File Manager open `/app/data/config/s3.env`, fill in your endpoint/region/bucket/access/secret, then restart the app from the dashboard. 1. **S3** In Cloudron File Manager open `/app/data/config/s3.env`, fill in your endpoint/region/bucket/access/secret, then restart the app from the dashboard.
2. **Subdomains** In the Cloudron *Domains* tab add aliases for `auth.<app-domain>`, `accounts.<app-domain>`, `cast.<app-domain>`, `albums.<app-domain>` and `family.<app-domain>`. Create matching DNS records pointing at the primary domain (for example, if the app is `ente.cloudron.io`, add `auth.ente.cloudron.io`, `accounts.ente.cloudron.io`, etc. → `ente.cloudron.io`). 2. **Secondary hostnames** During installation Cloudron now prompts for hostnames for the Accounts/Auth/Cast/Albums/Family web apps (powered by `httpPorts`). Ensure matching DNS records exist that point to the primary app domain. If you use Cloudron-managed DNS, those records are created automatically; otherwise create CNAME/A records such as `accounts.<app-domain> → <app-domain>`.
Once DNS propagates, use the dedicated hosts: Once DNS propagates, use the dedicated hosts (defaults shown below — substitute the names you selected during install):
- `https://<app-host>` (the hostname you chose during install, main UI & uploads) - `https://<app-host>` (the hostname you chose during install, main UI & uploads)
- `https://accounts.<app-domain>` - `https://accounts.<app-domain>`
- `https://auth.<app-domain>` - `https://auth.<app-domain>`

38
CHANGELOG.md
View File

@@ -1,5 +1,43 @@
# Changelog # Changelog
## 0.5.0 (2025-11-04)
* Proxy Museum GET/HEAD routes (e.g. `/collections`, `/files`, `/remote-store`) so clients that talk to the primary host without `/api` still hit the backend
## 0.4.13 (2025-11-04)
* Forward all non-GET requests to the Museum backend so uploads and other write operations reach the API
## 0.4.12 (2025-11-04)
* Ensure dedicated hosts serve static `.html` exports and SPA fallbacks (`/gallery`, etc.) without 404s
## 0.4.11 (2025-11-04)
* Serve static `.html` exports for all dedicated hosts so routes like `/gallery` refresh and upload flows work again
## 0.4.10 (2025-11-04)
* Fix SPA fallbacks on dedicated hosts so `/gallery` and other client routes refresh correctly
## 0.4.9 (2025-11-04)
* Raise default memory allocation to 3 GiB for smoother media processing workloads
## 0.4.8 (2025-11-04)
* Allow persistent Museum overrides via `/app/data/config/museum.override.yaml` while keeping generated defaults intact
## 0.4.7 (2025-11-04)
* Proxy `/users` API endpoints through Caddy so mobile SRP/OTT flows reach the backend
## 0.4.6 (2025-11-04)
* Switch to Cloudron `httpPorts` so secondary web apps get provisioned domains automatically
* Teach the startup script to honour Cloudron-provided secondary domain variables (no manual aliasing required)
* Refresh post-install docs and build instructions to reflect the new installation flow
## 0.4.5 (2025-10-30) ## 0.4.5 (2025-10-30)
* Serve photos UI on the primary hostname and mount other apps on `accounts/auth/cast/albums/family.<app-domain>` * Serve photos UI on the primary hostname and mount other apps on `accounts/auth/cast/albums/family.<app-domain>`

45
CloudronManifest.json
View File

@@ -7,13 +7,49 @@
"contactEmail": "contact@ente.io", "contactEmail": "contact@ente.io",
"website": "https://ente.io", "website": "https://ente.io",
"tagline": "Open source, end-to-end encrypted photo backup", "tagline": "Open source, end-to-end encrypted photo backup",
"version": "0.4.5", "version": "0.5.0",
"upstreamVersion": "git-main", "upstreamVersion": "git-main",
"healthCheckPath": "/health", "healthCheckPath": "/health",
"httpPort": 3080, "httpPort": 3080,
"memoryLimit": 1610612736, "httpPorts": {
"ACCOUNTS_DOMAIN": {
"title": "Accounts hostname",
"description": "Hostname for the Ente accounts web app (e.g. accounts)",
"containerPort": 3080,
"defaultValue": "accounts",
"aliasableDomain": true
},
"AUTH_DOMAIN": {
"title": "Auth hostname",
"description": "Hostname for the Ente authentication frontend (e.g. auth)",
"containerPort": 3080,
"defaultValue": "auth",
"aliasableDomain": true
},
"CAST_DOMAIN": {
"title": "Cast hostname",
"description": "Hostname for the Ente casting web app (e.g. cast)",
"containerPort": 3080,
"defaultValue": "cast",
"aliasableDomain": true
},
"ALBUMS_DOMAIN": {
"title": "Public albums hostname",
"description": "Hostname for the Ente public albums frontend (e.g. albums)",
"containerPort": 3080,
"defaultValue": "albums",
"aliasableDomain": true
},
"FAMILY_DOMAIN": {
"title": "Family hostname",
"description": "Hostname for the Ente family web app (e.g. family)",
"containerPort": 3080,
"defaultValue": "family",
"aliasableDomain": true
}
},
"memoryLimit": 3221225472,
"postInstallMessage": "file://POSTINSTALL.md", "postInstallMessage": "file://POSTINSTALL.md",
"multiDomain": true,
"addons": { "addons": {
"localstorage": {}, "localstorage": {},
"postgresql": {}, "postgresql": {},
@@ -25,9 +61,6 @@
"checklist": { "checklist": {
"configure-object-storage": { "configure-object-storage": {
"message": "Configure your S3-compatible storage in /app/data/config/s3.env before first use." "message": "Configure your S3-compatible storage in /app/data/config/s3.env before first use."
},
"configure-subdomains": {
"message": "Create DNS records and add Cloudron aliases for accounts., auth., cast., albums. and family. (using the base domain of this app)."
} }
}, },
"icon": "file://logo.png", "icon": "file://logo.png",

38
POSTINSTALL.md
View File

@@ -5,11 +5,8 @@ Your Ente installation is almost ready!
Before using Ente, configure an S3-compatible object storage provider: Before using Ente, configure an S3-compatible object storage provider:
1. Open the Cloudron dashboard and select your Ente app. 1. Open the Cloudron dashboard and select your Ente app.
2. Launch the web terminal. 2. Launch the file explorer.
3. Edit `/app/data/config/s3.env` and provide values for **all** required keys: 3. Open `/app/data/config/s3.env` and provide values for **all** required keys.
```bash
nano /app/data/config/s3.env
```
4. Save the file and restart the app from the Cloudron dashboard. 4. Save the file and restart the app from the Cloudron dashboard.
Supported variables: Supported variables:
@@ -20,33 +17,24 @@ Supported variables:
- `S3_SECRET_KEY` - `S3_SECRET_KEY`
- `S3_PREFIX` (optional path prefix) - `S3_PREFIX` (optional path prefix)
## Required: DNS Subdomains ## Required: Secondary Hostnames
Ente now serves supporting apps on dedicated hosts. Create DNS records (CNAME or A) and add matching alias domains in Cloudron for: The installer now asks for dedicated hostnames for the Auth/Accounts/Cast/Albums/Family web apps (via Cloudron `httpPorts`). If you manage DNS outside of Cloudron, create CNAME/A records such as `accounts.<app-domain>`, `auth.<app-domain>`, etc., pointing at the primary app domain. With Cloudron-managed DNS the records are created automatically.
- `auth.<app-domain>`
- `accounts.<app-domain>`
- `cast.<app-domain>`
- `albums.<app-domain>`
- `family.<app-domain>`
For example, if you installed the app at `ente.cloudron.io`, create records for `auth.ente.cloudron.io`, `accounts.ente.cloudron.io`, etc., all pointing to `ente.cloudron.io`, then add each hostname as an alias in the Cloudron dashboard.
## Administration ## Administration
- Use the bundled CLI from the Cloudron web terminal (CLI state lives in `/app/data/cli-data`): - Use the bundled CLI from the Cloudron web terminal (CLI state lives in `/app/data/cli-data`):
```bash ```bash
cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente --help ente --help
# Whitelist an administrator # List users (requires an existing admin account)
cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user whitelist --email admin@example.com ente admin list-users --admin-user admin@example.com
# Increase a users storage allocation (in GB)
cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user quota set --email user@example.com --storage-gb 500
``` ```
See the upstream admin guides for further context: [user administration](https://ente.io/help/self-hosting/administration/users) and [CLI reference](https://ente.io/help/self-hosting/administration/cli). See the upstream admin guides for further context: [user administration](https://ente.io/help/self-hosting/administration/users) and [CLI reference](https://ente.io/help/self-hosting/administration/cli).
Logs are streamed to the Cloudron dashboard. For deeper inspection use: - To persist custom Museum settings (for example, seeding super-admin email addresses), create `/app/data/config/museum.override.yaml`. The file is appended to `museum/configurations/local.yaml` on each startup.
```bash ```yaml
cloudron logs --app <location> -f internal:
``` super-admins:
- admin@example.com
```

19
README.md
View File

@@ -56,14 +56,17 @@ The app is configured automatically using Cloudron's environment variables for:
After installing on Cloudron remember to: After installing on Cloudron remember to:
1. Open the File Manager for the app, edit `/app/data/config/s3.env` with your object storage endpoint/keys, and restart the app. 1. Open the File Manager for the app, edit `/app/data/config/s3.env` with your object storage endpoint/keys, and restart the app.
2. Add alias domains for `auth.<app-domain>`, `accounts.<app-domain>`, `cast.<app-domain>`, `albums.<app-domain>` and `family.<app-domain>` in the Cloudron **Domains** tab. Create matching DNS records pointing to the primary hostname (for example, if you installed at `ente.cloudron.io`, add `auth.ente.cloudron.io`, `accounts.ente.cloudron.io`, etc.). 2. When prompted during installation, pick hostnames for the Accounts/Auth/Cast/Albums/Family web apps (they are exposed via Cloudron `httpPorts`). Ensure matching DNS records exist; Cloudron-managed DNS creates them automatically, otherwise point CNAME/A records such as `accounts.<app-domain>` at the primary hostname.
3. Use the bundled Ente CLI for admin tasks via `cloudron exec --app <location> -- sudo -u cloudron ente --help`. The CLI stores its state in `/app/data/cli-data` (exposed inside the container at `/cli-data`) and already trusts your apps API endpoint. Typical workflows: 3. To persist tweaks to Museum (for example, seeding super-admin or whitelist entries), create `/app/data/config/museum.override.yaml`. Its contents are appended to the generated `museum/configurations/local.yaml` on every start, so you only need to declare the keys you want to override.
```yaml
# /app/data/config/museum.override.yaml
internal:
super-admins:
- admin@example.com
```
4. Use the bundled Ente CLI for admin tasks via `cloudron exec --app <location> -- sudo -u cloudron ente --help`. The CLI stores its state in `/app/data/cli-data` (exposed inside the container at `/cli-data`) and already trusts your apps API endpoint. Typical workflow:
```bash ```bash
# Whitelist an administrator (see https://ente.io/help/self-hosting/administration/users ) cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin list-users --admin-user admin@example.com
cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user whitelist --email admin@example.com
# Increase a users storage quota (see https://ente.io/help/self-hosting/administration/cli )
cloudron exec --app ente.cloudron.io -- sudo -u cloudron ente admin user quota set --email user@example.com --storage-gb 500
``` ```
The main photos UI continues to live on the hostname you selected during installation. The main photos UI continues to live on the hostname you selected during installation.
@@ -72,7 +75,7 @@ The main photos UI continues to live on the hostname you selected during install
### Web Client ### Web Client
After installation, you can access the Ente web client at your app's URL. Create the first user and whitelist them as an administrator using the CLI if desired. After installation, you can access the Ente web client at your app's URL. Create the first user and promote them to an administrator using the override file or upstream admin tooling as documented by Ente.
### Mobile Apps ### Mobile Apps

156
start.sh
View File

@@ -10,6 +10,48 @@ log() {
echo "[$timestamp] [$level] $message" echo "[$timestamp] [$level] $message"
} }
resolve_http_hostname() {
local env_key="$1"
local fallback="$2"
local value=""
local varname="CLOUDRON_${env_key}"
value="$(printenv "$varname" 2>/dev/null || true)"
if [ -z "$value" ]; then
local alt_varname="CLOUDRON_HTTP_PORT_${env_key}"
value="$(printenv "$alt_varname" 2>/dev/null || true)"
fi
if [ -z "$value" ]; then
if [ "$APP_FQDN" = "localhost" ]; then
printf '%s\n' "$APP_FQDN"
else
printf '%s\n' "$fallback"
fi
return
fi
value="${value%.}"
case "$value" in
"@" )
printf '%s\n' "$APP_FQDN"
;;
*@ )
printf '%s.%s\n' "${value%@}" "$APP_FQDN"
;;
*.* )
printf '%s\n' "$value"
;;
* )
if [ "$APP_FQDN" = "localhost" ]; then
printf '%s\n' "$APP_FQDN"
else
printf '%s.%s\n' "$value" "$APP_FQDN"
fi
;;
esac
}
APP_DIR="/app/code" APP_DIR="/app/code"
DATA_DIR="/app/data" DATA_DIR="/app/data"
LOG_DIR="$DATA_DIR/logs" LOG_DIR="$DATA_DIR/logs"
@@ -54,21 +96,18 @@ APP_FQDN="${CLOUDRON_APP_DOMAIN:-${CLOUDRON_APP_FQDN:-localhost}}"
BASE_URL="${CLOUDRON_APP_ORIGIN:-https://$APP_FQDN}" BASE_URL="${CLOUDRON_APP_ORIGIN:-https://$APP_FQDN}"
BASE_URL="${BASE_URL%/}" BASE_URL="${BASE_URL%/}"
PHOTOS_HOST="$APP_FQDN" PHOTOS_HOST="$(resolve_http_hostname "PHOTOS_DOMAIN" "$APP_FQDN")"
ACCOUNTS_HOST="$APP_FQDN" ACCOUNTS_HOST="$(resolve_http_hostname "ACCOUNTS_DOMAIN" "accounts.${APP_FQDN}")"
AUTH_HOST="$APP_FQDN" AUTH_HOST="$(resolve_http_hostname "AUTH_DOMAIN" "auth.${APP_FQDN}")"
CAST_HOST="$APP_FQDN" CAST_HOST="$(resolve_http_hostname "CAST_DOMAIN" "cast.${APP_FQDN}")"
ALBUMS_HOST="$APP_FQDN" ALBUMS_HOST="$(resolve_http_hostname "ALBUMS_DOMAIN" "albums.${APP_FQDN}")"
FAMILY_HOST="$APP_FQDN" FAMILY_HOST="$(resolve_http_hostname "FAMILY_DOMAIN" "family.${APP_FQDN}")"
USE_SUBDOMAIN_ROUTING=false USE_SUBDOMAIN_ROUTING=false
if [ "$APP_FQDN" != "localhost" ]; then if [ "$APP_FQDN" != "localhost" ]; then
ACCOUNTS_HOST="accounts.${APP_FQDN}" if [ "$PHOTOS_HOST" != "$APP_FQDN" ] || [ "$ACCOUNTS_HOST" != "$APP_FQDN" ] || [ "$AUTH_HOST" != "$APP_FQDN" ] || [ "$CAST_HOST" != "$APP_FQDN" ] || [ "$ALBUMS_HOST" != "$APP_FQDN" ] || [ "$FAMILY_HOST" != "$APP_FQDN" ]; then
AUTH_HOST="auth.${APP_FQDN}" USE_SUBDOMAIN_ROUTING=true
CAST_HOST="cast.${APP_FQDN}" fi
ALBUMS_HOST="albums.${APP_FQDN}"
FAMILY_HOST="family.${APP_FQDN}"
USE_SUBDOMAIN_ROUTING=true
fi fi
PHOTOS_URL="https://${PHOTOS_HOST}" PHOTOS_URL="https://${PHOTOS_HOST}"
@@ -87,7 +126,7 @@ else
fi fi
if [ "$APP_FQDN" != "localhost" ]; then if [ "$APP_FQDN" != "localhost" ]; then
API_BASE="https://${APP_FQDN}" API_BASE="https://${PHOTOS_HOST}"
else else
API_BASE="$BASE_URL" API_BASE="$BASE_URL"
fi fi
@@ -423,6 +462,13 @@ oidc:
EOF_CFG EOF_CFG
fi fi
MUSEUM_OVERRIDE="$CONFIG_DIR/museum.override.yaml"
if [ -f "$MUSEUM_OVERRIDE" ]; then
log INFO "Applying museum override from $MUSEUM_OVERRIDE"
printf '\n# --- Cloudron override (user-provided) ---\n' >> "$MUSEUM_CONFIG"
cat "$MUSEUM_OVERRIDE" >> "$MUSEUM_CONFIG"
fi
chown cloudron:cloudron "$MUSEUM_CONFIG" chown cloudron:cloudron "$MUSEUM_CONFIG"
chmod 600 "$MUSEUM_CONFIG" chmod 600 "$MUSEUM_CONFIG"
@@ -608,45 +654,81 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
reverse_proxy localhost:8080 reverse_proxy localhost:8080
} }
@user_api path_regexp user_api ^/users($|/.*)
handle @user_api {
reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
@museum_api_get {
method GET HEAD
path_regexp museum_api_get ^/(admin|authenticator|billing|cast|collections|custom-domain|diff|discount|email-hash|emails-from-hashes|emergency-contacts|family|file|file-link|files|fire|info|job|mail|metrics|multipart-upload-urls|offers|options|pass-info|passkeys|public-collection|push|queue|remote-store|storage-bonus|thumbnail|trash|unknown-api|upload-urls|user|user-entity|verify-password)(/|$)
}
handle @museum_api_get {
reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
@write_methods {
not method GET
not method HEAD
}
handle @write_methods {
reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
@photos_host host ${PHOTOS_HOST} @photos_host host ${PHOTOS_HOST}
handle @photos_host { handle @photos_host {
root * $WEB_RUNTIME_DIR/photos root * $WEB_RUNTIME_DIR/photos
try_files {path} {path}/index.html /photos/index.html try_files {path} {path}/index.html {path}.html index.html
file_server file_server
} }
@accounts_host host ${ACCOUNTS_HOST} @accounts_host host ${ACCOUNTS_HOST}
handle @accounts_host { handle @accounts_host {
root * $WEB_RUNTIME_DIR/accounts root * $WEB_RUNTIME_DIR/accounts
try_files {path} {path}/index.html /accounts/index.html try_files {path} {path}/index.html {path}.html index.html
file_server file_server
} }
@auth_host host ${AUTH_HOST} @auth_host host ${AUTH_HOST}
handle @auth_host { handle @auth_host {
root * $WEB_RUNTIME_DIR/auth root * $WEB_RUNTIME_DIR/auth
try_files {path} {path}/index.html /auth/index.html try_files {path} {path}/index.html {path}.html index.html
file_server file_server
} }
@cast_host host ${CAST_HOST} @cast_host host ${CAST_HOST}
handle @cast_host { handle @cast_host {
root * $WEB_RUNTIME_DIR/cast root * $WEB_RUNTIME_DIR/cast
try_files {path} {path}/index.html /cast/index.html try_files {path} {path}/index.html {path}.html index.html
file_server file_server
} }
@albums_host host ${ALBUMS_HOST} @albums_host host ${ALBUMS_HOST}
handle @albums_host { handle @albums_host {
root * $WEB_RUNTIME_DIR/albums root * $WEB_RUNTIME_DIR/albums
try_files {path} {path}/index.html /albums/index.html try_files {path} {path}/index.html {path}.html index.html
file_server file_server
} }
@family_host host ${FAMILY_HOST} @family_host host ${FAMILY_HOST}
handle @family_host { handle @family_host {
root * $WEB_RUNTIME_DIR/family root * $WEB_RUNTIME_DIR/family
try_files {path} {path}/index.html /family/index.html try_files {path} {path}/index.html {path}.html index.html
file_server file_server
} }
@@ -733,6 +815,42 @@ cat > "$CADDY_CONFIG" <<EOF_CADDY
reverse_proxy localhost:8080 reverse_proxy localhost:8080
} }
@user_api_path path_regexp user_api_path ^/users($|/.*)
handle @user_api_path {
reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
@museum_api_get_path {
method GET HEAD
path_regexp museum_api_get_path ^/(admin|authenticator|billing|cast|collections|custom-domain|diff|discount|email-hash|emails-from-hashes|emergency-contacts|family|file|file-link|files|fire|info|job|mail|metrics|multipart-upload-urls|offers|options|pass-info|passkeys|public-collection|push|queue|remote-store|storage-bonus|thumbnail|trash|unknown-api|upload-urls|user|user-entity|verify-password)(/|$)
}
handle @museum_api_get_path {
reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
@write_methods_path {
not method GET
not method HEAD
}
handle @write_methods_path {
reverse_proxy localhost:8080 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.header.X-Forwarded-For}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
}
handle /_next/* { handle /_next/* {
root * $WEB_RUNTIME_DIR root * $WEB_RUNTIME_DIR
try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path} try_files {path} auth{path} accounts{path} photos{path} cast{path} albums{path} family{path}