What's coming in 7.0 (was 6.4)
-
This will mostly have email related improvements. There's also a few last mail related migrations to do for multi-host in Cloudron 8 (everything else is migrated, yay).
- Better email monitoring/visibility for admins. @d19dotca raised many important posts and there's also existing ones. We have to read the posts in more detail and discuss internally before we give more details on what we plan to do here.
- Add easier way to setup mailbox redirects
- Add way to setup sieve rules for mailboxes from the dashboard itself. One way we are thinking of doing this is to simply expose mail data via the file manager. Just like how app data is also exposed via file manager. Just to make it easier to use, we will probably add "download"/"restore" action in the mailbox view to add on top of this.
- Backup mail data separately (instead of as part of box code). This will allow restoring and backing up mail stuff separately just like it's an app.
- Add a way to run cronjobs (per app?)
- Operator role for specific app. This new role will allow assigning a user as "operator" for some apps and that user can then view logs, restart app, increase memory limit etc but without being a cloudron admin as such.
- Make it easy to install non-appstore apps.
EDIT: Since we stop supporting Ubuntu 16 from this release, we decided to call this Cloudron 7.0 and not 6.4.
-
Wooo! Finally the big mail-focused release I (and many others) have been waiting for!
Looking forward to it. Any way I can help, just let me know.--
Dustin Dauncey
www.d19.ca -
-
@jdaviescoates Oh yeah great catch! I'm sure that was a copy/paste mix-up as it's stating that in the older 6.3 announcement too. Wouldn't make sense to announce something that's not actually coming.
haha -
That operator role will be AMAZING. ALso mail backups
-
@jdaviescoates said in What's coming in 6.4:
After the email stuff, but I think that's just a copy/ paste oversight, right @girish ?
whoops, fixed
-
@girish said in What's coming in 6.4:
Operator role for specific app. This new role will allow assigning a user as "operator" for some apps and that user can then view logs, restart app, increase memory limit etc but without being a cloudron admin as such.
any chance that this update in management comes with a "group admin", who can install/operate apps and add users for specific groups only?
-
@msbt Personally, I think the best approach is an unlimited number of customizable roles with a set of permissions you can give those roles.
So like discord for instance:
This is definitely more work so I get if its not a thing that will make it in.
-
@msbt Will look into that. I think there was also request for a role to just create mailboxes.
-
@girish as I remember that was about adding the ability to create mailboxes to the existing User Manager role (given that very often new Users also need an mailbox).
-
@atridad I added a last item "Make it easy to install non-app store apps". We are hoping to atleast make it easy for people to install from something like your repo.
-
@girish said in What's coming in 6.4:
- Make it easy to install non-appstore apps.
I see what you did there...
-
@girish said in What's coming in 6.4:
I added a last item "Make it easy to install non-app store apps".
That is great news. In case you do not yet have a better idea how this could be designed, I want to pitch the way this is organised in Portainer again. I explained it already a while back in https://forum.cloudron.io/topic/4485/proposal-the-cur-cloudron-user-repository/14?_=1626194230000. Basically a local admin can override/extend the entries from their official "appstore". Additional entries are defined in a json structure. When opening the Cloudron appstore it makes a request to
https://my.cloudron.host/api/v1/appstore/appswhich gets a json response with all the appstore data. What if opening the store would in addition to this also make a request tohttps://user:password@store.my.domain/apps.jsonand also show a category "community" that lists apps from this json listing. Plus points if the listing can be password protected (like the private docker registry). This could also be a nice revenue model for external app developers. -
Pinned by
girish
-
@fbartels Agreed! This workflow would be excellent!
-
@fbartels this sounds nice
-
@girish said in What's coming in 6.4:
Make it easy to install non-appstore apps.
Can someone point me to any prior discussions based around this topic?
Even though I myself like to use these non-appstore apps, partly to help test, partly because it is an app I'd like to use (I just installed the Paperless-ng app), the amount of troubleshooting that goes on seems like alot. And, as I've expressed before in other posts, I love the stability and ease of Cloudron, and the amazingly quick and attentive help the main devs give, particularly on this forum.
So I don't see how adding the option for more people, likely many who are even less skilled than I (and I am barely keeping my head above water here!), to start messing around with apps that need tweaking, is going to help keep all that we love about Cloudron at the fore. I mean, the tech barrier (code barrier? comprehension barrier?) in front of building and installing non-app store apps I imagine acts as a gate to limit the number of Help requests connected to these apps. Do we need another type of gate?
I am impressed by how quickly and neighbourly the other posters are to help, both myself, and I can see them helping others. Is there not some other way to keep this third-party option alive, maybe even another subscroption level?
Sub-reddits often require posters to have a certain life-span before you can post; lowendtalk also has a minimum activity level for posting. But I can see how that could seem too exclusive for new comers, and maybe even for old-timers now.
Any thoughts?
A life lived in fear is a life half-lived
-
@scooke I think Iβm with you on that. Having βinofficialβ apps or a second AppStore doesnβt help quality on the long run - unless itβs just testing ground for officially supported apps. Otherwise itβs easy to habe the Nextcloud or Yunohost mess on your hand with unofficial apps breaking all sorts of stuffβ¦.
-
@scooke Yeah, great points. I should have been more clear. We don't intend to add a way to add a 3rd party app store. While this is possible, apart from it being some technical achievement, will most likely just frustrate users.
What I meant by that feature was that it will be useful to have a way to quckly install apps that are packaged by others without having to step into the CLI. i.e skip the whole CLI install+build+push image+install cycle. This workflow requires the user to know nodejs, docker, CLI use among other things, quite complicated. We also have a selfish reason to do this. When someone suggests that something is "packaged", we would like to have a quick look as to what state the app is in and we have to do this CLI workflow ourselves.
I don't know how this looks like but maybe there is some simple install UI where one can just put upload a manifest file + docker image name and that's it.
-
@girish Yeah. An entire third party store built in might cause confusion.
-
Yes, depending on quality this could of course cause some confusion. But there are a few examples of working third party repositories out there that extend a main product. The external app stores on Synology come to mind for example. Plus since apps are running in read-only containers and are mostly isolated from the host I don't think an app can mess up a server at all. But the most important part for me was in the last sentence:
@fbartels said in What's coming in 6.4:
This could also be a nice revenue model for external app developers.
-
@girish said in What's coming in 6.4:
We also have a selfish reason to do this. When someone suggests that something is "packaged", we would like to have a quick look as to what state the app is in and we have to do this CLI workflow ourselves.
This makes a lot of sense actually. With whatever process you come up with, the goal would be that knowing when someone says the app is packaged, "ready", it most likely is because they've had to do the correct steps, get auto-checked. So in the long run it would actually help the AppStore by freeing up your time checking things before making them Official.
I imagine there'll still be alot of troubleshooting involved getting to the Packaged state though.
-
@girish thank you! Any way to add configurable backup failure SSL expiration notifications? I liked it very much the way there were before 6.3, as I only have one backup per day and 3 missing backups - itβs 3 days of data loss.
For SSL - I have a non-standard configuration and having notifications in advance helps really a lot. -
Excellent progress!
-
@girish I've got a suggestion if the focus on this release is on email : add some basic feature to deal with mailing-lists:
- add at least an API to see the members of a mailing-list. (priority P3)
- add an API to subscribe/unsubscribe a user from a mailing-list. (priority P2)
- build an UI for both features (P1)
In our use case, a user sending an email to a mailing-list want to be sure that someone from the crew is receiving the mail, aka is member of the mailing-list.
I definitely don't want to go through the hassle of installing/configuring mailman or something else, because I feel that the cloudron mailing-list feature does just enough for the job, and just need a little bit more basic features.
It would be very nice if a user can subscribe and unsubscribe by himself for the mailing-list, taking the burden off the administrator for adding/removing manually users. Besides, it would give more autonomy to the users, which is good.
With at least some basic APIs, I could automate myself the process, through a rocketchat bot for instance.
-
@girish oh, one more thing, fix the "https://forum.cloudron.io/topic/2611/cannot-send-email-from-outlook-2007-with-5-2-4-connection-error-ssl-routines-tls/2" instead of having a workaround...
-
@samir said in What's coming in 6.4:
fix the "https://forum.cloudron.io/topic/2611/cannot-send-email-from-outlook-2007-with-5-2-4-connection-error-ssl-routines-tls/2" instead of having a workaround...
The problem here is outlook that uses old encryption by default. Changing it would weaken the security of every other mail client.
-
@potemkin_ai About backups, let me look into if there is a better approach.
Can you tell me a bit more about your SSL setup? Note that cert renewal failure notifications are still there, they have not been removed. It's just that it won't alert you 30 days in advance now and instead only 10 days in advance (but it starts renewing 30 days in advance). This allows for 20 days of let's encrypt to be flaky.
-
@samir The current mailing list on Cloudron isn't actually a traditional mailing list i.e one with subscribe/unsubscribe feature. It is really just a forwarding list. Meaning if a mail comes to a specific address, it forwards it to unconditionally to all the members.
That said, there is already an API to see members and add/remove people from the forwarding list. I will put it in the docs and link it here.
-
@fbartels I've got the error message "Β Too many failures (Tried all MXs)" which is due to the fact that haraka is not configured by default with "secureProtocol = TLSv1_method". Nothing to do with outlook in my case.
-
@samir It's because some servers out there are using the insecure TLSv1 protocol . I will see if I can make this setting persistent in the next release.
-
This release looks wonderful!
@girish Yep a mailbox manager role would be great! And even better if a user can have several roles: e.g. user manager + mailbox manager
-
To give an update here, we sidetracked a bit and decided to modernize our codebase. Specifically, we moved from callback based programming to more modern async/await. Much of that work here is done, so we will post updates on features as we implement them.
-
@girish said in What's coming in 6.4:
Specifically, we moved from callback based programming to more modern async/await.
Great ! Honestly, that was long overdue ^^ I think it is a great time investment, as it will definitely speed up future developments significantly.
-
A quick update on this. The "rewrite" is done and our CI tests pass, so we can now proceed to implement new features.
Some changes that are already done:
- For privacy, do not use Gravatar as default avatar option
- wellknown: respond to .wellknown/matrix/client
- Make new login email translatable
- Require cloudron.io email to be verified to open support tickets
- external ldap: If we detect a local user with the same username as found on LDAP/AD we map it
- add basic eventlog for apps in app view
- Enable sshfs/cifs/nfs in app import UI
- Require password for fallback email change
- Make password reset logic translatable
- Logout users without 2FA when mandatory 2fa is enabled
-
Operator role is now implemented. An admin can set user(s)/group(s) as app operator:
The operator is then able to do app configuration and maintanence. They will see the gear icon on their dashboard:
Operator's app UI:
Note: An operator who is not an admin cannot uninstall an app, change it's location or clone it.
-
@girish that's a very nice feature. I recently had to give a WordPress developer the admin role on our production Cloudron since he needed access to the logs/terminal/file browser. This will make this a lot easier for the future.
-
@fbartels right, that's the exact use case this is for!
Also, there is a breaking change with this. SFTP access is now moved to operators and the flag we had previously to allow non-admins to access SFTP is now gone.
-
Added an Event Log section in the apps view.
-
- Added UpCloud object storage integration
- Added UpCloud object storage integration
-
Some email related changes:
- Email data is now viewable via the File manager (a new icon on the top right in the Email view).
-
Email data is stored separately from box data. A new mail.tar.gz (or mail directory in rsync mode) is created now at the top level. In theory, this makes it now possible to create backups, list backups and restore the Email data separately just like we have for apps. Maybe we will implement that in some future release as use cases arrive.
-
Mailbox backup / restore - There is no special UI for this. But one can now "restore" a mailbox by just uploading old mailbox from a backup and uploading it into the new mailbox via the File manager UI. Mailboxes are in the "vmail" directory in the above screenshot.
-
Custom cron commands can be added per-app:
Output of commands will nicely appear merged in the app's log output:
-
@girish Great, that you added support for custom cron-commands. I currently have a "cloudron exec" running as cron-job outside of an app, just because I was missing exactly this feature
-
There is now a "recovery" flag for the addon containers. It behaves similar to the app recovery mode. The addon container is put in read/write mode and will "sleep". One can then ssh and exec into the container to fix the database. It's fairly geeky but is needed when database becomes corrupt.
-
recvmail addon is fixed now. we will have to fix the apps after the release.
Only the email features are left now. Should be done hopefully this week.
-
Any ETA for 6.4? Wanting to test the migration issue defect that was identified in https://forum.cloudron.io/topic/5683/data-argument-must-be-of-type-received-null-error-during-restore-process when itβs ready. Would it be this week perhaps?
--
Dustin Dauncey
www.d19.ca -
@d19dotca Don't have an ETA yet, but hoping to finish the features this week, then we can test next week. I replied in the other thread to follow up.
-
@girish said in What's coming in 6.4:
recvmail addon is fixed now. we will have to fix the apps after the release.
Does this mean you'll be able to fix apps like Discourse so they can receive posts by email? Think / hope so!
-
@jdaviescoates yes. But for discourse, we also need pop support it seems.
-
@girish said in What's coming in 6.4:
But for discourse, we also need pop support it seems.
Unless you use the API instead:
-
Impersonate user feature:
You can click on the impersonate button (second button from left):
This will create a temporary password that you can use to login to apps or the dashboard. This will help admins to pre-setup things on behalf of the user. Importantly, this does not reset the user's existing password, this is an alternate password.
-
There's a link in the profile page now to send password reset request:
-
POP3 support is enabled on the server but it's disabled for all mailboxes by default. It has to enabled per mailbox.
-
So, the status of the release is that mailbox forwarding is being worked on. Once that is done, we will cut a release.
-
Getting excited for 6.4 (especially since it fixes a bug that's currently keeping me locked in-place with my current hosting provider), and all the amazing improvements particularly around email!
Was just wondering if there was an ETA for us. I know I asked about 11 days ago, just really looking forward to it. haha.
Also a slightly selfish reason for asking... it'll save me from having to pay another month of hosting from my current host if I can migrate off before end of this month if that other defect is fixed which is supposed to be fixed with 6.4, not a ton of time left for me to plan it out since it has to be in the middle of the night (i.e. weekends only, 3 weekends left and I'm guessing this weekend will be too soon, so really only 2 weekends left for me to do this migration so I'm getting a bit antsy).
--
Dustin Dauncey
www.d19.ca -
@d19dotca we plan to release next week, for sure.
-
Possibly final update: the manual tests went fine. We are just getting the e2e tests to pass and then we are good.
-
@girish will this be out later today by any chance?
--
Dustin Dauncey
www.d19.ca -
@d19dotca it is still in our end to end tests....
-
@d19dotca I will contact you from support, I think we can fix up your instance so you are not blocked by this.
Main issue is DO DNS is really letting us down this week. It keeps failing sporadically causing our tests to fail.
-
As a heads up, this release will get published as Cloudron 7.0 and not 6.4 . It's because we stop supporting Ubuntu 16 from this major version and also the format of backups have changed.
