What's coming in 6.0

girish

We are continuing to work on getting many more of the apps published, see the WIP tag. Thanks to the community for really helping us out here!

CHANGE IN PLANS: As mentioned in the 5.4 post, we decided to release some of the features listed here in an intermediary release. I have marked the features below as such.

UPDATE 2: There is now a 5.5

UPDATE 3: There is now a 5.6

UPDATE 4: 6.0

6.0 will be a feature rich release:

• Focal support
• Mailbox sharing - we tried IMAP based mailbox sharing but this doesn't work well for the apps we have. We will instead make it such that a single mailbox can have multiple owners.
• Optimize WP and Nextcloud installations. This is not directly related to box code but we want to speeden things up and optimize the configs since we have a large number of installs with these 2 apps. @MooCloud_Matt has given us a lot of ideas to work with here.
• Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.
• Fix access control for service provider setups - There's a few small issues. Service providers wants admin flag per app, better control of SFTP user management and also to unify PHPMyAdmin across apps. We will see what we can do.
• Mail - Full text search via IMAP (solr integration)

Already released

• (5.4) Dark mode for dashboard
• (5.4) File manager UI to edit the files inside apps. For the initial version, one can only view and edit the files under /app/data (i.e one cannot view the files in the read-only parts of the file system. this is because of some technical reasons)
• (5.5) Backup upload/download speed - Currently, backups can be quite slow but we have some ideas to speed it up
• (5.4) Allow admin to lock email and display name globally. This essentially makes the LDAP directory non-editable by normal users.
• (5.5) Allow backup and update time to be set. Currently, this is all hard coded and it's causing problems for people working in the night
• (5.6) Mail: Configurable mail server settings - whitelist/blacklist, max message size, tls configuration. In the next release after 6.0, we will make spam settings configurable.

savity

Hi thanks for the Information any news or goals regarding firewall and security of Cloudron IP-Blocking or Fail2Ban maybe?

girish

@savity Are you looking for IP blocking at the app level of server level?

Mallewax

@girish Reads all very exciting. I am rooting (again) for server side full text search for Dovecot, maybe also Z-Push notifications....:-)

doodlemania2

Could we get per app bandwidth consumption graphs!? Pretty please!!!!

roru2k20

@girish said in What's coming in 6.0:

Allow backup and update time to be set. Currently, this is all hard coded and it's causing problems for people working in the night

Great idea! In the night I would like to shutdown my server and my NAS to reduce energy, but then my system does not backup my apps/data, when I realize this construction. Therefore I run 24x7 my systems.

Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.

Next really great idea!!! I have three instances and would be great to manage over one dashboard.

I am so sorry that I cannot really support this efficiently. Right now I'm just trying to create applications in my brain and on my desktop, but it doesn't really work yet

savity

@girish On app based first for Nextcloud, because Fail2Ban RegExpression is allready availaible.
But i think it should be also possible to restrict the acces to my.cloudron.com i know thath SMTP connection are goint through this hostname but to be honest. If someone can login to the Dashboard thath would not be fine its true thath there is a 2FA authentication but restricting the login to my.cloudron.com throug IP's would minimze really the Risk.

But i think it would be even easy by UFW just to allow from "IP to hostname on port 443"

p44

@girish said in What's coming in 6.0:

Unified dashboard for multiple cloudron setups - This will provide a unified auth across cloudron setups plus a single dashboard to control multiple cloudrons. Details are still being worked on and I will post it once I have more info.

@girish Dear Girish, could you give us more info about this interesting point?

girish

@p44 Will do once I have more information. We decided to have an intermediate release Cloudron 5.4 in the meantime before Cloudron 6 since half the features are already implemented and we want to ship it.

JOduMonT

@girish said in What's coming in 5.4:

We are moving nginx to latest upstream packages instead of ubuntu ones since they are lagging behind a lot.

• Why not mainline as NGINX seems to suggest

• What about PHP are we going to see PHP 7.4 soon as WordPress core consider optimal

@girish said in What's coming in 5.4:

Backblaze b2 provider - also new

You read my mind on this one

JOduMonT

would be nice, but also a big task, to take advantage of Cloudflare proxy for some apps such as

• Nextcloud
• WordPress
• GravCMS

and not simply using it as a DNS manager.

marcusquinn

@JOduMonT For interest: Part of the reason I chose Hetzner to host was for their network DDoS protection on bare IPs. I believe Netcup does the same. Surprisingly rare with other hosts.

https://www.x4b.net is a decent 3rd-party WAF if you're interested in a specialist without CF premiums.

Also just experimenting with DNS Made Easy and DNSimple as have been caught out with a fair amount of random errors from CF DNS (free but not proxied).

https://www.dnsperf.com maybe interesting too.

Lastly, https://bunnycdn.com cent if you're looking for that sort of speed thing cheaper than CF too.

marcusquinn

@JOduMonT Also, if I understand right, I tried switching some subdomains to proxies on CF (click on the icon image to switch if you didn't already know) and they worked fine. (had to do some filtering on the domains Apps are injected into though)

girish

@JOduMonT We use the latest stable instead of mainline as per https://www.nginx.com/blog/nginx-1-18-1-19-released/

JOduMonT

@marcusquinn said in What's coming in 6.0:
thanks for all your info, I guest I also use Hetzner and Linode and ... don't worry I know pretty Cloudflare

FYI

in the pass I had user which was unable to login in Nextcloud because of Email Address Obfuscation Scrape Shield
Cloudflare; so if you activate thas you might have to make a rule for your nextcloud

mehdi

@JOduMonT said in What's coming in 6.0:

would be nice, but also a big task, to take advantage of Cloudflare proxy for some apps such as

• Nextcloud
• WordPress
• GravCMS

and not simply using it as a DNS manager.

From a security perspective, I cannot recommend doing this for your self-hosted apps. It basically means authorizing Cloudflare to do a man-in-the-middle attack, and granting them full access to all your data, all your passwords, everything... I believe it negates a lot of the benefits of self-hosting ... And you would have to have a lot of trust in them.

The only "clean" way to do this would be to enable it only on public-facing stuff, never on the admin interface.

JOduMonT

@mehdi said in What's coming in 6.0:

self-hosting

when you self hosts yourself you need to trust a lot of people
all the people who work at your registrar, DNS and host company, their providers and 3rd parties, the developer of your hosting solution aka Cloudron, the developer of all these apps, ...
then on the other side you have to trust every device on the network where you are currently connected which means all smartphones, eTV and iFreezer...

Life is about trust

do you trust me

but yeah I ear you
and yeah, and the end trusting the GAFAM might be not that bad.

marcusquinn

@JOduMonT I think the world has change now there's more value in data than people released but capitalism knows and is both; competing to acquire, and exploiting, in ways beyond most people's imaginations - until they find election campaigning shenanigans but don't know what to do about it.

So necessary to trust in services; yes.

Trust them with your valuable and private data?

When Google is reading your shopping email confirmations and Facebook is reading everything with a "Like" script, I think it's a responsibility to have parts of your data world not visible to the marketing world.

Privacy, encryption and permissions should be as essential in schooling for the Technology Revolution as literacy was for The Renaissance.

So - data privacy politics for 6.1 anyone?

jdaviescoates

There are two things I'd really love to see in 6.0

1. Domain-based admin rights. I want to be able to give people all the rights of an Administrator, but only for specific domain names.
2. I love for Cloudron to become fully open source again

girish

@jdaviescoates said in What's coming in 6.0:

Domain-based admin rights. I want to be able to give people all the rights of an Administrator, but only for specific domain names.

Just getting 5.4 out now, but I wanted to make a post about how we plan to implement this under the "service provider setups" feature. I will try to make a post about it early next week since we will need some input anyway before we implement the feature.

I love for Cloudron to become fully open source again

Yup, let's discuss there!