ente-cloudron/POSTINSTALL.md

Your Ente installation is almost ready!

## Required: External Object Storage

Before using Ente, configure an S3-compatible object storage provider:

1. Open the Cloudron dashboard and select your Ente app.
2. Launch the file explorer.
3. Open `/app/data/config/s3.env` and provide values for **all** required keys.
4. Save the file and restart the app from the Cloudron dashboard.
5. (Required for cast/slideshow) Configure your S3 bucket’s CORS policy to allow the Ente domains you serve from Cloudron (e.g. `https://ente.cloudron.io`, `https://accounts.cloudron.io`, `https://cast.cloudron.io`, etc.). Without CORS, browsers will block the signed URLs that power the cast slideshow.
   - **Backblaze B2 tip:** B2 ships with “native” CORS rules that block S3-style updates. Install the Backblaze CLI `pip install 'b2<4'`, then:
     ```bash
     # Authorise once (replace with your key ID/secret)
     b2 authorize-account <KEY_ID> <APP_KEY>

     # Clear any native rules
     b2 bucket update --cors-rules '[]' ente-due-ren allPublic

     # Apply the S3-compatible rule (adjust origins as needed)
     cat >cors.json <<'EOF'
     [
       {
         "corsRuleName": "ente-web",
         "allowedOrigins": [
           "https://ente.due.ren",
           "https://accounts.due.ren",
           "https://auth.due.ren",
           "https://albums.due.ren",
           "https://cast.due.ren",
           "https://family.due.ren"
         ],
         "allowedHeaders": ["*"],
         "allowedOperations": [
           "s3_get_object",
           "s3_head_object",
           "b2_download_file_by_name",
           "b2_download_file_by_id"
         ],
         "exposeHeaders": ["ETag","Content-Length","Content-Type"],
         "maxAgeSeconds": 86400
       }
     ]
     EOF
     b2 bucket update --cors-rules "$(<cors.json)" ente-due-ren allPublic
     ```
     Verify with `curl -I -H 'Origin: https://ente.due.ren' <signed-url>`; you should see `Access-Control-Allow-Origin`.

Supported variables:
- `S3_ENDPOINT` (e.g. `https://<account>.r2.cloudflarestorage.com`)
- `S3_REGION`
- `S3_BUCKET`
- `S3_ACCESS_KEY`
- `S3_SECRET_KEY`
- `S3_PREFIX` (optional path prefix)

## Required: Secondary Hostnames

The installer now asks for dedicated hostnames for the Auth/Accounts/Cast/Albums/Family web apps (via Cloudron `httpPorts`). If you manage DNS outside of Cloudron, create CNAME/A records such as `accounts.<app-domain>`, `auth.<app-domain>`, etc., pointing at the primary app domain. With Cloudron-managed DNS the records are created automatically.

## Administration

- **Grant yourself admin privileges**
  1. Create an Ente account in the UI
  2. Open the Cloudron dashboard → your Ente app → **Terminal**.
  3. Click the Postgres button and hit enter
  4. Get the user ID of the first user by running the following SQL query: ```SELECT * from users;```
  5. Copy the value in ```user_id```
  6. Open the Cloudron dashboard → your Ente app → **File Manager**.
  7. Navigate to `/app/data/config/` and open (or create) `museum.override.yaml`.
  8. Add your ```user_id``` to the admin list:
     ```yaml
     internal:
       admins:
         - 1580559962386438
     ```
  9. Save the file and restart the app. The override is appended to Museum’s configuration on every start.

- **Sign in to the bundled CLI**
  From the Cloudron **Terminal** run:
  ```bash
  # authenticate once (enter the OTP you receive by email)
  ente account add

  # inspect available commands
  ente --help

  # increase storage quota for account
  ente admin update-subscription -a <admin-user-mail> -u <user-email-to-update> --no-limit true
  ```
  After you’re signed in you can follow the upstream docs for tasks like increasing storage: see [user administration](https://ente.io/help/self-hosting/administration/users) and the [CLI reference](https://ente.io/help/self-hosting/administration/cli).