What's coming in 6.0

girish

We are continuing to work on getting many more of the apps published, see the WIP tag. Thanks to the community for really helping us out here!

CHANGE IN PLANS: As mentioned in the 5.4 post, we decided to release some of the features listed here in an intermediary release. I have marked the features below as such.

UPDATE 2: There is now a 5.5

UPDATE 3: There is now a 5.6

UPDATE 4: 6.0

6.0 will be a feature rich release:

• Focal support
• Mailbox sharing - we tried IMAP based mailbox sharing but this doesn't work well for the apps we have. We will instead make it such that a single mailbox can have multiple owners.
• Optimize WP and Nextcloud installations. This is not directly related to box code but we want to speeden things up and optimize the configs since we have a large number of installs with these 2 apps. @MooCloud_Matt has given us a lot of ideas to work with here.
• Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.
• Fix access control for service provider setups - There's a few small issues. Service providers wants admin flag per app, better control of SFTP user management and also to unify PHPMyAdmin across apps. We will see what we can do.
• Mail - Full text search via IMAP (solr integration)

Already released

• (5.4) Dark mode for dashboard
• (5.4) File manager UI to edit the files inside apps. For the initial version, one can only view and edit the files under /app/data (i.e one cannot view the files in the read-only parts of the file system. this is because of some technical reasons)
• (5.5) Backup upload/download speed - Currently, backups can be quite slow but we have some ideas to speed it up
• (5.4) Allow admin to lock email and display name globally. This essentially makes the LDAP directory non-editable by normal users.
• (5.5) Allow backup and update time to be set. Currently, this is all hard coded and it's causing problems for people working in the night
• (5.6) Mail: Configurable mail server settings - whitelist/blacklist, max message size, tls configuration. In the next release after 6.0, we will make spam settings configurable.

savity

Hi thanks for the Information any news or goals regarding firewall and security of Cloudron IP-Blocking or Fail2Ban maybe?

girish

@savity Are you looking for IP blocking at the app level of server level?

Mallewax

@girish Reads all very exciting. I am rooting (again) for server side full text search for Dovecot, maybe also Z-Push notifications....:-)

doodlemania2

Could we get per app bandwidth consumption graphs!? Pretty please!!!!

roru2k20

@girish said in What's coming in 6.0:

Allow backup and update time to be set. Currently, this is all hard coded and it's causing problems for people working in the night

Great idea! In the night I would like to shutdown my server and my NAS to reduce energy, but then my system does not backup my apps/data, when I realize this construction. Therefore I run 24x7 my systems.

Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.

Next really great idea!!! I have three instances and would be great to manage over one dashboard.

I am so sorry that I cannot really support this efficiently. Right now I'm just trying to create applications in my brain and on my desktop, but it doesn't really work yet

savity

@girish On app based first for Nextcloud, because Fail2Ban RegExpression is allready availaible.
But i think it should be also possible to restrict the acces to my.cloudron.com i know thath SMTP connection are goint through this hostname but to be honest. If someone can login to the Dashboard thath would not be fine its true thath there is a 2FA authentication but restricting the login to my.cloudron.com throug IP's would minimze really the Risk.

But i think it would be even easy by UFW just to allow from "IP to hostname on port 443"

p44

@girish said in What's coming in 6.0:

Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.

@girish Dear Girish, could you give us more info about this interesting point?

girish

@p44 Will do once I have more information. We decided to have an intermediate release Cloudron 5.4 in the meantime before Cloudron 6 since half the features are already implemented and we want to ship it.

JOduMonT

@girish said in What's coming in 5.4:

We are moving nginx to latest upstream packages instead of ubuntu ones since they are lagging behind a lot.

• Why not mainline as NGINX seems to suggest

• What about PHP are we going to see PHP 7.4 soon as WordPress core consider optimal

@girish said in What's coming in 5.4:

Backblaze b2 provider - also new

You read my mind on this one

JOduMonT

would be nice, but also a big task, to take advantage of Cloudflare proxy for some apps such as

• Nextcloud
• WordPress
• GravCMS

and not simply using it as a DNS manager.

marcusquinn

@JOduMonT For interest: Part of the reason I chose Hetzner to host was for their network DDoS protection on bare IPs. I believe Netcup does the same. Surprisingly rare with other hosts.

https://www.x4b.net is a decent 3rd-party WAF if you're interested in a specialist without CF premiums.

Also just experimenting with DNS Made Easy and DNSimple as have been caught out with a fair amount of random errors from CF DNS (free but not proxied).

https://www.dnsperf.com maybe interesting too.

Lastly, https://bunnycdn.com cent if you're looking for that sort of speed thing cheaper than CF too.

marcusquinn

@JOduMonT Also, if I understand right, I tried switching some subdomains to proxies on CF (click on the icon image to switch if you didn't already know) and they worked fine. (had to do some filtering on the domains Apps are injected into though)

girish

@JOduMonT We use the latest stable instead of mainline as per https://www.nginx.com/blog/nginx-1-18-1-19-released/

JOduMonT

@marcusquinn said in What's coming in 6.0:
thanks for all your info, I guest I also use Hetzner and Linode and ... don't worry I know pretty Cloudflare

FYI

in the pass I had user which was unable to login in Nextcloud because of Email Address Obfuscation Scrape Shield
Cloudflare; so if you activate thas you might have to make a rule for your nextcloud

mehdi

@JOduMonT said in What's coming in 6.0:

would be nice, but also a big task, to take advantage of Cloudflare proxy for some apps such as

• Nextcloud
• WordPress
• GravCMS

and not simply using it as a DNS manager.

From a security perspective, I cannot recommend doing this for your self-hosted apps. It basically means authorizing Cloudflare to do a man-in-the-middle attack, and granting them full access to all your data, all your passwords, everything... I believe it negates a lot of the benefits of self-hosting ... And you would have to have a lot of trust in them.

The only "clean" way to do this would be to enable it only on public-facing stuff, never on the admin interface.

JOduMonT

@mehdi said in What's coming in 6.0:

self-hosting

when you self hosts yourself you need to trust a lot of people
all the people who work at your registrar, DNS and host company, their providers and 3rd parties, the developer of your hosting solution aka Cloudron, the developer of all these apps, ...
then on the other side you have to trust every device on the network where you are currently connected which means all smartphones, eTV and iFreezer...

Life is about trust

do you trust me

but yeah I ear you
and yeah, and the end trusting the GAFAM might be not that bad.

marcusquinn

@JOduMonT I think the world has change now there's more value in data than people released but capitalism knows and is both; competing to acquire, and exploiting, in ways beyond most people's imaginations - until they find election campaigning shenanigans but don't know what to do about it.

So necessary to trust in services; yes.

Trust them with your valuable and private data?

When Google is reading your shopping email confirmations and Facebook is reading everything with a "Like" script, I think it's a responsibility to have parts of your data world not visible to the marketing world.

Privacy, encryption and permissions should be as essential in schooling for the Technology Revolution as literacy was for The Renaissance.

So - data privacy politics for 6.1 anyone?

jdaviescoates

There are two things I'd really love to see in 6.0

1. Domain-based admin rights. I want to be able to give people all the rights of an Administrator, but only for specific domain names.
2. I love for Cloudron to become fully open source again

girish

@jdaviescoates said in What's coming in 6.0:

Domain-based admin rights. I want to be able to give people all the rights of an Administrator, but only for specific domain names.

Just getting 5.4 out now, but I wanted to make a post about how we plan to implement this under the "service provider setups" feature. I will try to make a post about it early next week since we will need some input anyway before we implement the feature.

I love for Cloudron to become fully open source again

Yup, let's discuss there!

jdaviescoates

Great stuff, thanks @girish !

ultraviolet

I would love to see the ability to use the + delimiter in emails e.g user+ebay@domain.com or user+pizza@domain.com.

Other providers like Mailcow or Mail in a box have this feature and I find it quite handy when I am filtering spam into its own folder!

Another email feature requests is the ability to create a temporary email from the cloudron admin portal for a logged in user. Mailcow has this feature and it is again quite handy.

imc67

@ultraviolet it’s already there, see docs: https://cloudron.io/documentation/email/#subaddresses-and-tags

ultraviolet

@imc67 well you learn something new everyday!

Suggestion for temporary email would be handy though!

marcusquinn

@ultraviolet Does Catch-all & Masquerading enabled help?

JOduMonT

@marcusquinn said in What's coming in 6.0:

@ultraviolet Does Catch-all & Masquerading enabled help?

Yes I use mainly a catchall with alias for email want to use to reply
it is something I was doing with MailCow and it work well with Cloudron too.

The only thing in Cloudron you need one catchall per domain while it was possible to alias
catchall@domain2.tld to catchall@domain1.tld in MailCow

marcusquinn

If I can add File Permissions management to the Wishlist for the nice new File Manager please.

mehdi

@marcusquinn said in What's coming in 6.0:

If I can add File Permissions management to the Wishlist for the nice new File Manager please.

Seeing the screenshot in girish's post here (more precisely the icons of the actions on the right), I think it's already done for the next version

nebulon

Actually the screenshot was only a work-in-progress. The action buttons made it too cluttered so those went into the context menu. There is also an action to at least change the owner to the typical ones we currently use in apps.

mehdi

@nebulon A context menu ! These are quite rare on the web, so I would never have guessed to try it, but yeah it's really neat

marcusquinn

@nebulon Ahh, I see. Perhaps it could so with a ... at the end of the row to click as well to show that

For interest, I get "Cloudron Error" when trying to navigate into the Contents directory on my Ghost install. Guessing maybe file permissions or bug?

mehdi

@marcusquinn They just pushed a 5.4.1 version to fix a bug when navigating symlinks. Maybe ghosts Contents is actually a symlink and that's what you're hitting ?

marcusquinn

@mehdi Cool - will test again now. The error also seems to trigger Ghost to run out of memory and restart. Will test again after updating...

marcusquinn

@mehdi Confirmed - fixed - great work going on here!

marcusquinn

@JOduMonT Question: what features of Cloudflare Proxy do you like? Just thinking most of it can be done another way anyway.

MooCloud_Matt

ty @girish for the update, we are working on OpenLiteSpeed image for WP, we are having some issue with the config file, but we hope to have a beta soon.

yusf

@girish said in What's coming in 6.0:

Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.

girish

@yusf No details yet, we are working on https://forum.cloudron.io/topic/2918/what-s-coming-in-5-5

marcusquinn

@MooCloud_Matt For interest I did a bunch of performance testing for WP a couple of years ago and LiteSpeed didn't give us any edge and was slower in many cases for a large stack (200 plugins).

I have written a ticket for our devs (brandlight.org) to share the things that we tuned for a fast stack, so we will share notes soon with our Brandlight base WP & Woo stack.

Disabling open_basedir in php gives a big performance improvement on any stack.

And we make all directories non-writable for security, except /uploads/, since the only way anything can be deployed is with GitLab CI/CD with appropriate write permissions.

We don't use full-page caching, just fragments and transients and these are our TTFB times for interest, like I say 200+ plugins:

• https://status.brandlight.org (Cloudflare)
• https://status.swanson.co.uk (Route53)
• https://status.healthshop.net (Route53 but moving to DNS Made Easy)

Each on Vultr VMs with Network WAF, and no CDN yet.

Plus, on any of those sites, you should see similar times with any language - again I'll ask our dev team to share more on all that when we get time too.

Maybe there's more to LiteSpeed that we missed but the above is with Apache, Nginx and FastCGI.

MooCloud_Matt

@marcusquinn

I agree that OLS or LS are not the solution, because Nginx + FastCGI + ProxyCache are excellent (with LS + ESI woocommerce it works better in any situation in this days) especially in big sites with a lot o page, content and static content like images.
But large sites are exceptional cases in the hosting world, especially those who would use cloudron do not have a huge site because they would prefer to use a custom stack in that case.
We are thinking of satisfying the customer who wants performance without doing anything other than installing the LiteSpeed cache plugin.

MooCloud_Matt

We are working with @girish in general to improve the WordPress and NextCloud Apps, probably moving (nothing certain) to Nginx + FastCGI.
The problem will not be nextcloud, but WordPress; We are looking for a way to intelligently implement the cache in wordpress, because one of the problems is cleaning the FastCGI cache from WordPress (we have found some plugins, but they are not always easy to implement) so we are open to advice.

marcusquinn

@MooCloud_Matt We use and recommend WP Super Cache for the options to cache fragments. Tried all the rest but came back to this one for code-quality, hooks and ultimately it's what wordpress.com uses.

Is there a thread under the relevant Apps > Wordpress category I can ask our devs to join and contribute?

marcusquinn

@MooCloud_Matt Dave Hilditch at https://www.wpintense.com is a treasure-trove of tuning knowledge & dev-ops knowledge too, and his performance demo is here: https://foundthru.com

Priority being raw uncached speed because caching is just for scaling traffic really.

Be interested in your feedback before & after for uncached from trying disabling open_basedir. Query Monitor should give a quick impression on that, although we don't have QM active on live sites of course.

We also built a mustuse unloader plugin, so only the plugins used on any page are loaded. Needs to be actively managed but does mean the minimal php is processing per page load.

msbt

@girish said in What's coming in 6.0:

Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.

does this come with group- or domain-admins who can only install apps/add and edit users from their designated domains/groups?

girish

@msbt said in What's coming in 6.0:

does this come with group- or domain-admins who can only install apps/add and edit users from their designated domains/groups?

Not part of the multi-host but it's part of the "Fix access control for service provider setups"

marcusquinn

Very much looking forward to seeing how you develop the multi-host features for 6.0.

If I may suggest for consideration in that it would be very useful to be able to move an entire domain with all it's configurations and apps from one Cloudron to another with a button, confirmation and function that went through the processes. I image it would need to pause all services on that domain during the transition to ensure data is frozen but it could be a scheduled maintenance or just a staging Cloudron to live Cloudron launch process.

So we can set everything up on one Cloudron instance, and them move the whole thing to another separate and dedicated one.

Might be a big ask - but though it worth bearing in mind in your designs and planning.

will

@marcusquinn self-hosted auto-magical devops deployments at the click of a button....

marcusquinn

@will That's the dream. I like scaleable businesses where the second time doing something is a tiny percentage of the effort of the first time. Setups take time, time is finite, speed is valuable. Templating is where profits are for client and provider

marcusquinn

@marcusquinn Putting it another way, it would make it quick to move a domain from being on a shared Cloudron to it's own dedicated Cloudron, and we'd be happily paying another licence subscription for these

marcusquinn

Curious how you're getting on with your 6.0 feature wishlist? I know it's always a difficult question but any idea on timeline yet?

girish

I don't have a concrete time yet. We just pushed out 5.6 release last week (which hasn't even been announced yet).

For 6.0 specific features, Focal support is already in master. FTS search in mail is getting there. I think the unified dashboard feature has many architectures to choose from, so we have to pick carefully and regardless of what we choose it's a bit of work (atleast a month).

Lonkle

Optimize WP and Nextcloud installations

Is this for both managed and unmanaged versions of Wordpress? And is this completed already - it seems like WP has gotten a lot better with Redis (can’t remember if this is a new feature in one of the 2020 updates but I think it is).

girish

@Lonk Yes, it's for both. It also includes PHP stack and Nextcloud as well.

The core issue is that currently we sort of hardcode the apache mpm_prefork configuration in the Dockerfile/app package. Making this customizable will easily make things more performant based on the user's setup/traffic. The fixes are not on platform side and on the app packaging side, so it's not tied to Cloudron 6 as such. We had put it in there because we wanted to investigate if this was some platform side issue (maybe some mysql performance related etc).

marcusquinn

@girish Good stuff - I'm impressed already

girish

I made a new post for what's really coming in 6.0 - https://forum.cloudron.io/topic/3205/what-s-coming-in-6-0-take-2 . I will lock this thread since this post got split into 3 releases!