What's coming in 6.0
@JOduMonT We use the latest stable instead of mainline as per https://www.nginx.com/blog/nginx-1-18-1-19-released/
in the pass I had user which was unable to login in Nextcloud because of Email Address Obfuscation Scrape Shield
Cloudflare; so if you activate thas you might have to make a rule for your nextcloud
would be nice, but also a big task, to take advantage of Cloudflare proxy for some apps such as
and not simply using it as a DNS manager.
From a security perspective, I cannot recommend doing this for your self-hosted apps. It basically means authorizing Cloudflare to do a man-in-the-middle attack, and granting them full access to all your data, all your passwords, everything... I believe it negates a lot of the benefits of self-hosting ... And you would have to have a lot of trust in them.
The only "clean" way to do this would be to enable it only on public-facing stuff, never on the admin interface.
when you self hosts yourself you need to trust a lot of people
all the people who work at your registrar, DNS and host company, their providers and 3rd parties, the developer of your hosting solution aka Cloudron, the developer of all these apps, ...
then on the other side you have to trust every device on the network where you are currently connected which means all smartphones, eTV and iFreezer...
Life is about trust
do you trust me
but yeah I ear you
and yeah, and the end trusting the GAFAM might be not that bad.
@JOduMonT I think the world has change now there's more value in data than people released but capitalism knows and is both; competing to acquire, and exploiting, in ways beyond most people's imaginations - until they find election campaigning shenanigans but don't know what to do about it.
So necessary to trust in services; yes.
Trust them with your valuable and private data?
When Google is reading your shopping email confirmations and Facebook is reading everything with a "Like" script, I think it's a responsibility to have parts of your data world not visible to the marketing world.
Privacy, encryption and permissions should be as essential in schooling for the Technology Revolution as literacy was for The Renaissance.
So - data privacy politics for 6.1 anyone?
jdaviescoates last edited by
Domain-based admin rights. I want to be able to give people all the rights of an Administrator, but only for specific domain names.
Just getting 5.4 out now, but I wanted to make a post about how we plan to implement this under the "service provider setups" feature. I will try to make a post about it early next week since we will need some input anyway before we implement the feature.
I love for Cloudron to become fully open source again
Yup, let's discuss there!
jdaviescoates last edited by
Great stuff, thanks @girish !
Other providers like Mailcow or Mail in a box have this feature and I find it quite handy when I am filtering spam into its own folder!
Another email feature requests is the ability to create a temporary email from the cloudron admin portal for a logged in user. Mailcow has this feature and it is again quite handy.
imc67 last edited by imc67
@ultraviolet it’s already there, see docs: https://cloudron.io/documentation/email/#subaddresses-and-tags
@imc67 well you learn something new everyday!
Suggestion for temporary email would be handy though!
@ultraviolet Does Catch-all & Masquerading enabled help?
@ultraviolet Does Catch-all & Masquerading enabled help?
Yes I use mainly a catchall with alias for email want to use to reply
it is something I was doing with MailCow and it work well with Cloudron too.
The only thing in Cloudron you need one catchall per domain while it was possible to alias
firstname.lastname@example.org to email@example.com in MailCow
If I can add File Permissions management to the Wishlist for the nice new File Manager please.
Actually the screenshot was only a work-in-progress. The action buttons made it too cluttered so those went into the context menu. There is also an action to at least change the owner to the typical ones we currently use in apps.
@nebulon A context menu ! These are quite rare on the web, so I would never have guessed to try it, but yeah it's really neat
@nebulon Ahh, I see. Perhaps it could so with a
...at the end of the row to click as well to show that
For interest, I get "Cloudron Error" when trying to navigate into the
Contentsdirectory on my Ghost install. Guessing maybe file permissions or bug?
@marcusquinn They just pushed a 5.4.1 version to fix a bug when navigating symlinks. Maybe ghosts Contents is actually a symlink and that's what you're hitting ?
@mehdi Cool - will test again now. The error also seems to trigger Ghost to run out of memory and restart. Will test again after updating...
@mehdi Confirmed - fixed - great work going on here!
@JOduMonT Question: what features of Cloudflare Proxy do you like? Just thinking most of it can be done another way anyway.
ty @girish for the update, we are working on OpenLiteSpeed image for WP, we are having some issue with the config file, but we hope to have a beta soon.
yusf last edited by
@yusf No details yet, we are working on https://forum.cloudron.io/topic/2918/what-s-coming-in-5-5
@MooCloud_Matt For interest I did a bunch of performance testing for WP a couple of years ago and LiteSpeed didn't give us any edge and was slower in many cases for a large stack (200 plugins).
I have written a ticket for our devs (brandlight.org) to share the things that we tuned for a fast stack, so we will share notes soon with our Brandlight base WP & Woo stack.
open_basedirin php gives a big performance improvement on any stack.
And we make all directories non-writable for security, except
/uploads/, since the only way anything can be deployed is with GitLab CI/CD with appropriate write permissions.
We don't use full-page caching, just fragments and transients and these are our TTFB times for interest, like I say 200+ plugins:
- https://status.brandlight.org (Cloudflare)
- https://status.swanson.co.uk (Route53)
- https://status.healthshop.net (Route53 but moving to DNS Made Easy)
Each on Vultr VMs with Network WAF, and no CDN yet.
Plus, on any of those sites, you should see similar times with any language - again I'll ask our dev team to share more on all that when we get time too.
Maybe there's more to LiteSpeed that we missed but the above is with Apache, Nginx and FastCGI.
I agree that OLS or LS are not the solution, because Nginx + FastCGI + ProxyCache are excellent (with LS + ESI woocommerce it works better in any situation in this days) especially in big sites with a lot o page, content and static content like images.
But large sites are exceptional cases in the hosting world, especially those who would use cloudron do not have a huge site because they would prefer to use a custom stack in that case.
We are thinking of satisfying the customer who wants performance without doing anything other than installing the LiteSpeed cache plugin.
We are working with @girish in general to improve the WordPress and NextCloud Apps, probably moving (nothing certain) to Nginx + FastCGI.
The problem will not be nextcloud, but WordPress; We are looking for a way to intelligently implement the cache in wordpress, because one of the problems is cleaning the FastCGI cache from WordPress (we have found some plugins, but they are not always easy to implement) so we are open to advice.
@MooCloud_Matt We use and recommend WP Super Cache for the options to cache fragments. Tried all the rest but came back to this one for code-quality, hooks and ultimately it's what wordpress.com uses.
Is there a thread under the relevant Apps > Wordpress category I can ask our devs to join and contribute?
Priority being raw uncached speed because caching is just for scaling traffic really.
Be interested in your feedback before & after for uncached from trying disabling
open_basedir. Query Monitor should give a quick impression on that, although we don't have QM active on live sites of course.
We also built a
mustuseunloader plugin, so only the plugins used on any page are loaded. Needs to be actively managed but does mean the minimal php is processing per page load.
Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.
does this come with group- or domain-admins who can only install apps/add and edit users from their designated domains/groups?
Very much looking forward to seeing how you develop the multi-host features for 6.0.
If I may suggest for consideration in that it would be very useful to be able to move an entire domain with all it's configurations and apps from one Cloudron to another with a button, confirmation and function that went through the processes. I image it would need to pause all services on that domain during the transition to ensure data is frozen but it could be a scheduled maintenance or just a staging Cloudron to live Cloudron launch process.
So we can set everything up on one Cloudron instance, and them move the whole thing to another separate and dedicated one.
Might be a big ask - but though it worth bearing in mind in your designs and planning.
@marcusquinn self-hosted auto-magical devops deployments at the click of a button....
@will That's the dream. I like scaleable businesses where the second time doing something is a tiny percentage of the effort of the first time. Setups take time, time is finite, speed is valuable. Templating is where profits are for client and provider
@marcusquinn Putting it another way, it would make it quick to move a domain from being on a shared Cloudron to it's own dedicated Cloudron, and we'd be happily paying another licence subscription for these
Curious how you're getting on with your 6.0 feature wishlist? I know it's always a difficult question but any idea on timeline yet?
I don't have a concrete time yet. We just pushed out 5.6 release last week (which hasn't even been announced yet).
For 6.0 specific features, Focal support is already in master. FTS search in mail is getting there. I think the unified dashboard feature has many architectures to choose from, so we have to pick carefully and regardless of what we choose it's a bit of work (atleast a month).
Lonkle last edited by
Optimize WP and Nextcloud installations
Is this for both managed and unmanaged versions of Wordpress? And is this completed already - it seems like WP has gotten a lot better with Redis (can’t remember if this is a new feature in one of the 2020 updates but I think it is).
@Lonk Yes, it's for both. It also includes PHP stack and Nextcloud as well.
The core issue is that currently we sort of hardcode the apache mpm_prefork configuration in the Dockerfile/app package. Making this customizable will easily make things more performant based on the user's setup/traffic. The fixes are not on platform side and on the app packaging side, so it's not tied to Cloudron 6 as such. We had put it in there because we wanted to investigate if this was some platform side issue (maybe some mysql performance related etc).
@girish Good stuff - I'm impressed already
I made a new post for what's really coming in 6.0 - https://forum.cloudron.io/topic/3205/what-s-coming-in-6-0-take-2 . I will lock this thread since this post got split into 3 releases!