What's coming in Cloudron 6.3
-
@d19dotca said in What's coming in Cloudron 6.3:
I totally agree with the rest of your suggestions
it wasn’t my intention at all to suggest to add Wordfence by default in the Cloudron package as indeed everyone has to decide themselves. Personally I install it in every Wordpress site I manage.@imc67 said in What's coming in Cloudron 6.3:
it wasn’t my intention at all to suggest to add Wordfence by default in the Cloudron package as indeed everyone has to decide themselves. Personally I install it in every Wordpress site I manage.Oh my bad, sorry I misunderstood the intention there.
-
Before Cloudron 7, we need some more work to make the single server install secure. For this reason, we will spend some time first with the following:
- (Security) - Inform users about new browser/IP logins.
(Security) - Better email monitoring/visibility for admins. @d19dotca raised many important posts and there's also existing ones. We have to read the posts in more detail and discuss internally before we give more details on what we plan to do here.(moved to next release)(Security) - Add a way to secure/limit access to specific apps and dashboard. For example, a set of apps are public and the rest are only accessible via wireguard/openvpn. This combined with mandatory 2FA for dashboard will make good security.(moved to next release)- Reduce/remove some notifications. It seems a bit noisy.
- Fix email situation for Go apps like Statping, Commento that are having trouble sending mails via our email server.
- Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
- Volumes - make mounting easier by automating fstab/exports entries
Move TURN server to port 443.(moved to next release)- As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.
- Vultr DNS
- Vultr Object Storage
@girish said in What's coming in Cloudron 6.3:
Fix email situation for Go apps like Statping, Commento that are having trouble sending mails via our email server.
our patch got merged upstream for this - https://github.com/haraka/Haraka/pull/2940
-
@girish said in What's coming in Cloudron 6.3:
Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
This one is implemented now in the Email view. The app package has to explicitly say whether it supports this feature or not using the
optionalflag to thesendmailaddon.
@girish said in What's coming in Cloudron 6.3:
@girish said in What's coming in Cloudron 6.3:
Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
This one is implemented now in the Email view. The app package has to explicitly say whether it supports this feature or not using the
optionalflag to thesendmailaddon.@girish In 6.2.7 update this should already be implemented, right? I thought I read it in the changelog.
However I have not yet seen this option in the applications.
-
@girish said in What's coming in Cloudron 6.3:
@girish said in What's coming in Cloudron 6.3:
Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
This one is implemented now in the Email view. The app package has to explicitly say whether it supports this feature or not using the
optionalflag to thesendmailaddon.@girish In 6.2.7 update this should already be implemented, right? I thought I read it in the changelog.
However I have not yet seen this option in the applications.
-
@girish Thank you. I am looking forward to that day! I need this feature very much.
Do you have any planned date when update 6.3 will be released?
-
Just wanted to check in and see how 6.3 is coming along.
Any ETA by chance? I'm super excited for these email improvements many of us have been requesting, particularly the DNSBL checks; greylisting; blocklist & whitelist auto-updating/DNSWL; email autoexpunge; and not forwarding spam to mailing lists. I know that's a lot, lol.
I know many of them came from me, haha, so if you want to discuss any of them or want clarification on the requests, I'd be happy to help offer guidance or clarification.
--
Dustin Dauncey
www.d19.ca -
Just wanted to check in and see how 6.3 is coming along.
Any ETA by chance? I'm super excited for these email improvements many of us have been requesting, particularly the DNSBL checks; greylisting; blocklist & whitelist auto-updating/DNSWL; email autoexpunge; and not forwarding spam to mailing lists. I know that's a lot, lol.
I know many of them came from me, haha, so if you want to discuss any of them or want clarification on the requests, I'd be happy to help offer guidance or clarification.
@d19dotca Thanks for checking
We haven't gotten to the email part yet. I am fixing up the notification issues. Once I do that, I want to look into the wireguard/VPN thing before I get into email. @nebulon is working on the login history and I think that is mostly done. He is also working on the volume mounting (i.e will automatically setup fstab entries).I don't have an ETA, will have a better idea next week. It's been a bit slow this week. I had my pfeizer vaccine, yay and now the sideeffects are gone, so I can go back to being productive
-
@girish said in What's coming in Cloudron 6.3:
Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
This one is implemented now in the Email view. The app package has to explicitly say whether it supports this feature or not using the
optionalflag to thesendmailaddon.I'm waiting like gold for this update, especially because Cloudron Mail is changing Mautic email configuration all time.
The Amazon SES-API and queue configuration that I have within Mautic is misconfigured every time the application restarts, updates, recovers ... it's frustrating.
-
New browser login locations is implemented. This is only for dashboard logins and not for LDAP login (because many apps send mails by themselves).
-
@girish said in What's coming in Cloudron 6.3:
This is only for dashboard logins
Since this already covers the dashboard, is it automatically available for apps using proxyauth as well?
-
@fbartels we could do that for the auth proxy as well, but right now it is not. For other apps using LDAP this will be a bit harder since the ldap server currently does not see the upstream user-agent or IP.
@nebulon ah, I kind of thought that the proxyauth would use the very same mechanisms of the dashboard for authentication. But the dashboard being mainly driven by an api with token authentication that of course does not have to be true.
Totally understand that the same is not possible for apps that use ldap under the surface.
-
@girish said in What's coming in Cloudron 6.3:
As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.
A big chunk of this landed today. Certificates also need to be migrated to the database, that should be done tomorrow. Essentially, from the next release,
/home/yellowtent/boxdatawill only contain mail server data and nothing else since everything has moved to the database. I will probably take this opportunity to separate box backups and mail backups. The box backup is going to be just the mysql dump and nothing else. -
Before Cloudron 7, we need some more work to make the single server install secure. For this reason, we will spend some time first with the following:
- (Security) - Inform users about new browser/IP logins.
(Security) - Better email monitoring/visibility for admins. @d19dotca raised many important posts and there's also existing ones. We have to read the posts in more detail and discuss internally before we give more details on what we plan to do here.(moved to next release)(Security) - Add a way to secure/limit access to specific apps and dashboard. For example, a set of apps are public and the rest are only accessible via wireguard/openvpn. This combined with mandatory 2FA for dashboard will make good security.(moved to next release)- Reduce/remove some notifications. It seems a bit noisy.
- Fix email situation for Go apps like Statping, Commento that are having trouble sending mails via our email server.
- Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
- Volumes - make mounting easier by automating fstab/exports entries
Move TURN server to port 443.(moved to next release)- As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.
- Vultr DNS
- Vultr Object Storage
@girish said in What's coming in Cloudron 6.3:
As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.
This is now done! Now the boxdata only contains the mysqldump and email.
root@my:/home/yellowtent/boxdata# ls -l total 900 -rw-r--r-- 1 yellowtent yellowtent 913492 May 7 06:00 box.mysqldump drwxr-xr-x 9 yellowtent yellowtent 4096 May 4 07:34 mailI am looking into moving mail as a separate backup just like an app. That way in future releases we can restore mail data (mailboxes) independently of box code just like apps.
-
Before Cloudron 7, we need some more work to make the single server install secure. For this reason, we will spend some time first with the following:
- (Security) - Inform users about new browser/IP logins.
(Security) - Better email monitoring/visibility for admins. @d19dotca raised many important posts and there's also existing ones. We have to read the posts in more detail and discuss internally before we give more details on what we plan to do here.(moved to next release)(Security) - Add a way to secure/limit access to specific apps and dashboard. For example, a set of apps are public and the rest are only accessible via wireguard/openvpn. This combined with mandatory 2FA for dashboard will make good security.(moved to next release)- Reduce/remove some notifications. It seems a bit noisy.
- Fix email situation for Go apps like Statping, Commento that are having trouble sending mails via our email server.
- Make email setup inside apps optional. This will make it possible to configure specific apps to use some external service for mail delivery directly and the Cloudron package won't touch their mail settings.
- Volumes - make mounting easier by automating fstab/exports entries
Move TURN server to port 443.(moved to next release)- As a pre-requisite for Cloudron 7 multi-host feature, we have to move file system data into the database. Much grunt work to be done here.
- Vultr DNS
- Vultr Object Storage
@girish said in What's coming in Cloudron 6.3:
Volumes - make mounting easier by automating fstab/exports entries
This is also mostly done. When adding a volume, you can choose the mount type
The current volumes are migrated as "no-op" mount type (as in, user managed the mount themselves). It shows the status of each volume as well:
One thing we decided to go with systemd mounts instead of /etc/fstab. This allows us to create mounts that have correct dependency with the unbound DNS server for CIFS and NFS mounts.
A similar mounting change will be done for the Backups view as well.
