Initial OpenObserve Cloudron package

BUILD.md

@@ -0,0 +1,153 @@
+# OpenObserve Cloudron Package Build Instructions
+
+## Prerequisites
+
+1. Cloudron CLI installed and configured
+2. Docker access (for build service)
+3. Access to the Cloudron build service at builder.docker.due.ren
+
+## Build Process
+
+### 1. Build the Package
+
+Use the Cloudron build service to create the Docker image:
+
+```bash
+cloudron build \
+  --set-build-service builder.docker.due.ren \
+  --build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e \
+  --set-repository andreasdueren/openobserve-cloudron \
+  --tag 0.1.0
+```
+
+### 2. Install the Application
+
+Install the built image to your Cloudron instance:
+
+```bash
+cloudron install \
+  --location openobserve.due.ren \
+  --image andreasdueren/openobserve-cloudron:0.1.0
+```
+
+**Important**: Wait no more than 30 seconds for installation feedback. If there are errors, the installation may hang indefinitely.
+
+### 3. Development Workflow
+
+For development and testing:
+
+1. **Always uninstall before reinstalling** (never update during development):
+   ```bash
+   cloudron uninstall --app openobserve.due.ren
+   ```
+
+2. Make your changes to the package files
+
+3. Rebuild and reinstall:
+   ```bash
+   # Build
+   cloudron build --set-build-service builder.docker.due.ren --build-service-token e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e --set-repository andreasdueren/openobserve-cloudron --tag 0.1.0
+   
+   # Install
+   cloudron install --location openobserve.due.ren --image andreasdueren/openobserve-cloudron:0.1.0
+   ```
+
+## Verification
+
+### 1. Check Application Status
+
+```bash
+cloudron status --app openobserve.due.ren
+```
+
+### 2. View Logs
+
+```bash
+# Follow logs
+cloudron logs --app openobserve.due.ren -f
+
+# View specific logs
+cloudron exec --app openobserve.due.ren
+# tail -f /var/log/nginx/error.log
+```
+
+### 3. Access the Application
+
+1. Navigate to your configured domain (e.g., https://openobserve.due.ren)
+2. Login with default credentials:
+   - Email: admin@openobserve.due.ren
+   - Password: openobserve123
+3. **Immediately change the default password**
+
+## Troubleshooting
+
+### Common Issues
+
+1. **Build Failures**
+   - Check Docker image availability
+   - Verify binary download URLs
+   - Ensure proper file permissions
+
+2. **Installation Hangs**
+   - Cancel after 30 seconds
+   - Check build service status
+   - Review application logs
+
+3. **Authentication Issues**
+   - Verify OIDC configuration in start.sh
+   - Check Cloudron OIDC environment variables
+   - Review nginx proxy settings
+
+### Debugging Commands
+
+```bash
+# Shell into the application
+cloudron exec --app openobserve.due.ren
+
+# Check process status
+ps aux | grep openobserve
+
+# Check nginx status
+systemctl status nginx
+
+# View configuration
+cat /app/data/config.yaml
+```
+
+## Package Structure
+
+```
+openobserve-cloudron/
+├── CloudronManifest.json   # Package configuration
+├── Dockerfile             # Container build instructions
+├── start.sh              # Application startup script
+├── nginx.conf            # Reverse proxy configuration
+├── logo.png              # Application icon
+├── POSTINSTALL           # Post-installation message
+├── CHANGELOG             # Version history
+└── BUILD.md              # This file
+```
+
+## Configuration
+
+### Environment Variables
+
+The application uses these key environment variables:
+
+- `ZO_ROOT_USER_EMAIL` - Default admin email
+- `ZO_ROOT_USER_PASSWORD` - Default admin password
+- `CLOUDRON_OIDC_*` - OIDC authentication settings
+- `CLOUDRON_MAIL_SMTP_*` - Email configuration
+
+### Data Persistence
+
+- Application data: `/app/data`
+- Logs: `/app/data/logs`
+- Database: `/app/data/db`
+- WAL files: `/app/data/wal`
+
+## Support
+
+- OpenObserve Documentation: https://openobserve.ai/docs/
+- Cloudron Packaging: https://docs.cloudron.io/packaging/
+- GitHub Repository: https://github.com/openobserve/openobserve

CHANGELOG

@@ -0,0 +1,18 @@
+## 0.1.0
+
+Initial Cloudron package for OpenObserve
+
+### Features
+- OpenObserve v0.10.9 integration
+- OIDC authentication with Cloudron
+- Persistent data storage
+- NGINX reverse proxy configuration
+- Email notifications via Cloudron mail
+- Health check monitoring
+
+### Technical Details
+- Memory limit: 1GB
+- HTTP port: 5080
+- GRPC port: 5081
+- Data persistence in /app/data
+- Automatic initialization on first run

CLAUDE.md

@@ -0,0 +1,147 @@
+Cloudron Application Packaging System Prompt
+
+  You are a Cloudron packaging expert specializing in creating complete, production-ready Cloudron packages. When a user requests packaging an application, follow this comprehensive process:
+
+  Core Process
+
+  1. Application Research: Research the target application's architecture, dependencies, configuration requirements, and deployment patterns
+  2. Package Generation: Create all required Cloudron packaging files
+  3. Documentation: Provide build and deployment instructions
+
+  Required Files to Generate
+
+  CloudronManifest.json
+
+  - Use reverse-domain notation for app ID (e.g., io.example.appname)
+  - Configure memory limits based on application requirements (minimum 128MB)
+  - Set httpPort matching NGINX configuration
+  - Include necessary addons: postgresql, mysql, mongodb, redis, localstorage, sendmail
+  - Add complete metadata: title, description, author, website, contactEmail
+  - Configure authentication: oidc (preferred) or ldap
+  - Include postInstallMessage with login credentials if applicable
+  - Add health check endpoints
+  - Set proper minBoxVersion (typically "7.0.0")
+
+  Dockerfile
+
+  - Base image: FROM cloudron/base:5.0.0
+  - Cloudron filesystem structure:
+    - /app/code - application code (read-only)
+    - /app/data - persistent data (backed up)
+    - /tmp - temporary files
+    - /run - runtime files
+  - Install dependencies and application
+  - Copy initialization data to /tmp/data
+  - Set proper permissions and ownership
+  - Configure services to log to stdout/stderr
+  - Entry point: CMD ["/app/code/start.sh"]
+
+  start.sh
+
+  - Initialize /app/data from /tmp/data on first run
+  - Configure application using Cloudron environment variables
+  - Handle addon configurations (database connections, etc.)
+  - Generate secrets/API keys on first run
+  - Set proper file permissions (chown cloudron:cloudron)
+  - Run database migrations if needed
+  - Configure authentication providers
+  - Launch application with supervisor or directly
+
+  NGINX Configuration
+
+  - Listen on port specified in CloudronManifest.json
+  - Handle proxy headers properly:
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto $scheme;
+  proxy_set_header Host $host;
+  - Configure static file serving
+  - Set up authentication routes for OIDC callbacks
+  - Ensure logs go to stdout/stderr
+
+  Supervisor Configuration (if needed)
+
+  - Multiple process management
+  - Proper signal handling
+  - Run processes as cloudron user
+  - Configure log output to stdout/stderr
+
+  Authentication Integration
+
+  OIDC (Preferred)
+
+  - Environment variables: CLOUDRON_OIDC_IDENTIFIER, CLOUDRON_OIDC_CLIENT_ID, CLOUDRON_OIDC_CLIENT_SECRET
+  - Callback route: /api/v1/session/callback
+  - User provisioning and group mapping
+  - Session management compatible with Cloudron proxy
+
+  LDAP (Fallback)
+
+  - Environment variables: CLOUDRON_LDAP_SERVER, CLOUDRON_LDAP_PORT, CLOUDRON_LDAP_BIND_DN, CLOUDRON_LDAP_BIND_PASSWORD
+  - User search base and group mapping
+  - Proper LDAP query configuration
+
+  Cloudron Environment Variables
+
+  Always utilize these standard variables:
+  - CLOUDRON_APP_ORIGIN - Application URL
+  - CLOUDRON_MAIL_SMTP_* - Email configuration
+  - Database addon variables (e.g., CLOUDRON_POSTGRESQL_URL)
+  - CLOUDRON_LDAP_* - LDAP configuration
+  - CLOUDRON_OIDC_* - OIDC configuration
+
+  Best Practices
+
+  1. Security: Never expose secrets, use environment variables
+  2. Persistence: Store data in /app/data, initialize from /tmp/data
+  3. Updates: Handle schema migrations and configuration updates
+  4. Logging: All logs to stdout/stderr for Cloudron log aggregation
+  5. Health Checks: Implement endpoints for monitoring
+  6. Process Management: Use supervisor for multi-process applications
+  7. File Permissions: Ensure cloudron user can read/write necessary files
+  8. Building: use the cloudron build service under builder.docker.due.ren
+  9. Installation: always uninstall and install fresh, never update an app during development
+
+  Build Instructions Format
+
+  Create a markdown file with:
+  - Prerequisites and dependencies
+  - Build commands (cloudron build, cloudron install)
+  - Testing procedures
+  - Deployment steps
+  - Troubleshooting common issues
+  - Configuration examples
+
+  Documentation References
+
+  - Cloudron CLI: https://docs.cloudron.io/packaging/cli/
+  - Packaging Tutorial: https://docs.cloudron.io/packaging/tutorial/
+  - Manifest Reference: https://docs.cloudron.io/packaging/manifest/
+  - Addons Guide: https://docs.cloudron.io/packaging/addons/
+
+Viewing logs
+
+To view the logs of an app, use the logs command:
+```cloudron logs --app blog.example.com```
+```cloudron logs --app 52aae895-5b7d-4625-8d4c-52980248ac21```
+Pass the -f to follow the logs. Note that not all apps log to stdout/stderr. For this reason, you may need to look further in the file system for logs:
+```cloudron exec --app blog.example.com       # shell into the app's file system```
+``# tail -f /run/wordpress/wp-debug.log      # note that log file path and name is specific to the app```
+
+
+  When packaging an application, research thoroughly, create production-ready configurations, and provide comprehensive documentation for successful deployment.
+
+Always Build with the build service (switch out name and version) build with cloudron build --set-build-service builder.docker.due.ren --build-service-token 
+  e3265de06b1d0e7bb38400539012a8433a74c2c96a17955e --set-repository andreasdueren/ente-cloudron --tag 0.1.0
+
+cloudron install --location ente.due.ren --image andreasdueren/ente-cloudron:0.1.0
+
+After install and build, don’t wait more than 30 seconds for feedback. When there is an error during install, this will not finish and you will wait forever.
+
+Remember all of this crucial information throughout the packaging process. Create a file for persistency if necessary to poll from later. Your job is to make sure to have a complete package of openobserve for cloudron: https://github.com/openobserve/openobserve
+
+Docs: https://openobserve.ai/docs/getting-started/
+Docker Image: https://gallery.ecr.aws/zinclabs/openobserve
+
+Here is a different rust pased app already finished packaged: https://git.cloudron.io/packages/vaultwarden-app
+
+

CloudronManifest.json

@@ -0,0 +1,34 @@
+{
+  "id": "ai.openobserve.app",
+  "title": "OpenObserve",
+  "author": "OpenObserve Team",
+  "description": "OpenObserve is a cloud native observability platform built specifically for logs, metrics, traces and analytics designed to work at petabyte scale.",
+  "tagline": "Observability platform for logs, metrics, and traces",
+  "version": "0.1.0",
+  "upstreamVersion": "0.10.9",
+  "minBoxVersion": "7.0.0",
+  "healthCheckPath": "/",
+  "httpPort": 5080,
+  "addons": {
+    "localstorage": {},
+    "sendmail": {}
+  },
+  "manifestVersion": 2,
+  "website": "https://openobserve.ai/",
+  "contactEmail": "hello@openobserve.ai",
+  "icon": "logo.png",
+  "tags": [
+    "observability",
+    "logging",
+    "metrics",
+    "tracing",
+    "analytics"
+  ],
+  "changelog": "file://CHANGELOG",
+  "postInstallMessage": "file://POSTINSTALL",
+  "mediaLinks": [
+    "https://openobserve.ai/"
+  ],
+  "documentationUrl": "https://openobserve.ai/docs/",
+  "memoryLimit": 1073741824
+}

Dockerfile

@@ -0,0 +1,30 @@
+FROM cloudron/base:5.0.0
+
+RUN mkdir -p /app/code /app/data /tmp/data
+
+# Install OpenObserve binary
+RUN curl -L https://github.com/openobserve/openobserve/releases/download/v0.10.9/openobserve-v0.10.9-linux-amd64.tar.gz -o /tmp/openobserve.tar.gz \
+    && tar -xzf /tmp/openobserve.tar.gz -C /app/code \
+    && chmod +x /app/code/openobserve \
+    && rm /tmp/openobserve.tar.gz
+
+# Copy configuration files
+COPY start.sh /app/code/start.sh
+COPY nginx.conf /etc/nginx/sites-available/default
+COPY logo.png /app/code/logo.png
+
+# Set permissions
+RUN chmod +x /app/code/start.sh \
+    && chown -R cloudron:cloudron /app/code /app/data /tmp/data
+
+# Initialize data directory structure
+RUN mkdir -p /tmp/data/logs /tmp/data/db /tmp/data/wal /tmp/data/stream_stats \
+    && chown -R cloudron:cloudron /tmp/data
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
+  CMD curl -f http://localhost:5080/healthz || exit 1
+
+EXPOSE 5080 5081
+
+CMD [ "/app/code/start.sh" ]

POSTINSTALL

@@ -0,0 +1,17 @@
+OpenObserve is now installed and ready to use!
+
+Initial Login Credentials:
+- Email: admin@{CLOUDRON_APP_DOMAIN}
+- Password: openobserve123
+
+IMPORTANT: Please change the default password immediately after first login for security.
+
+Features:
+- Observability platform for logs, metrics, and traces
+- Real-time data ingestion and analysis
+- Built-in alerting and visualization
+- OIDC authentication integrated with Cloudron
+
+Access your OpenObserve instance at: {CLOUDRON_APP_ORIGIN}
+
+For documentation and help, visit: https://openobserve.ai/docs/

logo.png

@@ -0,0 +1 @@
+iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAYAAAAfFcSJAAAADUlEQVR42mNk+M9QDwADhgGAWjR9awAAAABJRU5ErkJggg==

nginx.conf

@@ -0,0 +1,84 @@
+server {
+    listen 5080 default_server;
+    listen [::]:5080 default_server;
+
+    root /app/code;
+    index index.html;
+
+    client_max_body_size 100m;
+    client_body_timeout 600s;
+    client_header_timeout 600s;
+    proxy_connect_timeout 600s;
+    proxy_send_timeout 600s;
+    proxy_read_timeout 600s;
+
+    # Disable access logs for static assets
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+        access_log off;
+        try_files $uri @backend;
+    }
+
+    # OIDC callback route
+    location /api/v1/auth/oidc/callback {
+        proxy_pass http://127.0.0.1:5080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+    }
+
+    # API routes
+    location /api/ {
+        proxy_pass http://127.0.0.1:5080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        
+        # WebSocket support
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # Health check endpoint
+    location /healthz {
+        proxy_pass http://127.0.0.1:5080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    # Default backend for all other requests
+    location / {
+        try_files $uri @backend;
+    }
+
+    location @backend {
+        proxy_pass http://127.0.0.1:5080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Port $server_port;
+        
+        # WebSocket support
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+
+    # Security headers
+    add_header X-Frame-Options DENY;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Referrer-Policy "strict-origin-when-cross-origin";
+}

start.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+set -eu
+
+echo "Starting OpenObserve Cloudron app..."
+
+# Initialize /app/data from /tmp/data on first run
+if [ ! -d "/app/data/logs" ]; then
+    echo "Initializing data directory..."
+    cp -r /tmp/data/* /app/data/
+fi
+
+# Set proper permissions
+chown -R cloudron:cloudron /app/data
+
+# Generate default configuration if it doesn't exist
+if [ ! -f "/app/data/config.yaml" ]; then
+    echo "Creating default configuration..."
+    cat > /app/data/config.yaml << EOF
+# OpenObserve configuration for Cloudron
+common:
+  data_dir: "/app/data"
+  data_wal_dir: "/app/data/wal"
+  data_stream_dir: "/app/data/stream_stats"
+  local_mode: true
+  local_mode_storage: "disk"
+  
+http:
+  port: 5080
+  
+grpc:
+  port: 5081
+
+auth:
+  root_user_email: "${ZO_ROOT_USER_EMAIL:-admin@${CLOUDRON_APP_DOMAIN:-localhost}}"
+  ext_auth_providers: "oidc"
+
+log:
+  level: "info"
+EOF
+    chown cloudron:cloudron /app/data/config.yaml
+fi
+
+# Set environment variables for OpenObserve
+export ZO_DATA_DIR="/app/data"
+export ZO_LOCAL_MODE_STORAGE="disk"
+export ZO_WEB_URL="${CLOUDRON_APP_ORIGIN}"
+export ZO_HTTP_PORT="5080"
+export ZO_GRPC_PORT="5081"
+export ZO_ROOT_USER_EMAIL="${ZO_ROOT_USER_EMAIL:-admin@${CLOUDRON_APP_DOMAIN:-localhost}}"
+export ZO_ROOT_USER_PASSWORD="${ZO_ROOT_USER_PASSWORD:-openobserve123}"
+export ZO_LOG_LEVEL="info"
+
+# OIDC Configuration if available
+if [ -n "${CLOUDRON_OIDC_IDENTIFIER:-}" ]; then
+    echo "Configuring OIDC authentication..."
+    export ZO_OIDC_ENABLED="true"
+    export ZO_OIDC_CLIENT_ID="${CLOUDRON_OIDC_CLIENT_ID}"
+    export ZO_OIDC_CLIENT_SECRET="${CLOUDRON_OIDC_CLIENT_SECRET}"
+    export ZO_OIDC_ISSUER_URL="${CLOUDRON_OIDC_IDENTIFIER}"
+    export ZO_OIDC_REDIRECT_URL="${CLOUDRON_APP_ORIGIN}/api/v1/auth/oidc/callback"
+fi
+
+# SMTP Configuration
+if [ -n "${CLOUDRON_MAIL_SMTP_SERVER:-}" ]; then
+    echo "Configuring SMTP..."
+    export ZO_SMTP_HOST="${CLOUDRON_MAIL_SMTP_SERVER}"
+    export ZO_SMTP_PORT="${CLOUDRON_MAIL_SMTP_PORT}"
+    export ZO_SMTP_USERNAME="${CLOUDRON_MAIL_SMTP_USERNAME}"
+    export ZO_SMTP_PASSWORD="${CLOUDRON_MAIL_SMTP_PASSWORD}"
+fi
+
+echo "Starting nginx..."
+/usr/sbin/nginx
+
+echo "Starting OpenObserve..."
+exec /app/code/openobserve