What's coming in 7.0 (was 6.4)
-
@scooke I think I’m with you on that. Having ‚inofficial‘ apps or a second AppStore doesn’t help quality on the long run - unless it’s just testing ground for officially supported apps. Otherwise it’s easy to habe the Nextcloud or Yunohost mess on your hand with unofficial apps breaking all sorts of stuff….
-
@scooke Yeah, great points. I should have been more clear. We don't intend to add a way to add a 3rd party app store. While this is possible, apart from it being some technical achievement, will most likely just frustrate users.
What I meant by that feature was that it will be useful to have a way to quckly install apps that are packaged by others without having to step into the CLI. i.e skip the whole CLI install+build+push image+install cycle. This workflow requires the user to know nodejs, docker, CLI use among other things, quite complicated. We also have a selfish reason to do this. When someone suggests that something is "packaged", we would like to have a quick look as to what state the app is in and we have to do this CLI workflow ourselves.
I don't know how this looks like but maybe there is some simple install UI where one can just put upload a manifest file + docker image name and that's it.
-
@girish Yeah. An entire third party store built in might cause confusion.
-
Yes, depending on quality this could of course cause some confusion. But there are a few examples of working third party repositories out there that extend a main product. The external app stores on Synology come to mind for example. Plus since apps are running in read-only containers and are mostly isolated from the host I don't think an app can mess up a server at all. But the most important part for me was in the last sentence:
@fbartels said in What's coming in 6.4:
This could also be a nice revenue model for external app developers.
-
@girish said in What's coming in 6.4:
We also have a selfish reason to do this. When someone suggests that something is "packaged", we would like to have a quick look as to what state the app is in and we have to do this CLI workflow ourselves.
This makes a lot of sense actually. With whatever process you come up with, the goal would be that knowing when someone says the app is packaged, "ready", it most likely is because they've had to do the correct steps, get auto-checked. So in the long run it would actually help the AppStore by freeing up your time checking things before making them Official.
I imagine there'll still be alot of troubleshooting involved getting to the Packaged state though.
-
@girish thank you! Any way to add configurable backup failure SSL expiration notifications? I liked it very much the way there were before 6.3, as I only have one backup per day and 3 missing backups - it’s 3 days of data loss.
For SSL - I have a non-standard configuration and having notifications in advance helps really a lot. -
Excellent progress!
-
@girish I've got a suggestion if the focus on this release is on email : add some basic feature to deal with mailing-lists:
- add at least an API to see the members of a mailing-list. (priority P3)
- add an API to subscribe/unsubscribe a user from a mailing-list. (priority P2)
- build an UI for both features (P1)
In our use case, a user sending an email to a mailing-list want to be sure that someone from the crew is receiving the mail, aka is member of the mailing-list.
I definitely don't want to go through the hassle of installing/configuring mailman or something else, because I feel that the cloudron mailing-list feature does just enough for the job, and just need a little bit more basic features.
It would be very nice if a user can subscribe and unsubscribe by himself for the mailing-list, taking the burden off the administrator for adding/removing manually users. Besides, it would give more autonomy to the users, which is good.
With at least some basic APIs, I could automate myself the process, through a rocketchat bot for instance.
-
@girish oh, one more thing, fix the "https://forum.cloudron.io/topic/2611/cannot-send-email-from-outlook-2007-with-5-2-4-connection-error-ssl-routines-tls/2" instead of having a workaround...
-
@samir said in What's coming in 6.4:
fix the "https://forum.cloudron.io/topic/2611/cannot-send-email-from-outlook-2007-with-5-2-4-connection-error-ssl-routines-tls/2" instead of having a workaround...
The problem here is outlook that uses old encryption by default. Changing it would weaken the security of every other mail client.
-
@potemkin_ai About backups, let me look into if there is a better approach.
Can you tell me a bit more about your SSL setup? Note that cert renewal failure notifications are still there, they have not been removed. It's just that it won't alert you 30 days in advance now and instead only 10 days in advance (but it starts renewing 30 days in advance). This allows for 20 days of let's encrypt to be flaky.
-
@samir The current mailing list on Cloudron isn't actually a traditional mailing list i.e one with subscribe/unsubscribe feature. It is really just a forwarding list. Meaning if a mail comes to a specific address, it forwards it to unconditionally to all the members.
That said, there is already an API to see members and add/remove people from the forwarding list. I will put it in the docs and link it here.
-
@fbartels I've got the error message " Too many failures (Tried all MXs)" which is due to the fact that haraka is not configured by default with "secureProtocol = TLSv1_method". Nothing to do with outlook in my case.
-
@samir It's because some servers out there are using the insecure TLSv1 protocol . I will see if I can make this setting persistent in the next release.
-
This release looks wonderful!
@girish Yep a mailbox manager role would be great! And even better if a user can have several roles: e.g. user manager + mailbox manager
-
To give an update here, we sidetracked a bit and decided to modernize our codebase. Specifically, we moved from callback based programming to more modern async/await. Much of that work here is done, so we will post updates on features as we implement them.
-
@girish said in What's coming in 6.4:
Specifically, we moved from callback based programming to more modern async/await.
Great ! Honestly, that was long overdue ^^ I think it is a great time investment, as it will definitely speed up future developments significantly.
-
A quick update on this. The "rewrite" is done and our CI tests pass, so we can now proceed to implement new features.
Some changes that are already done:
- For privacy, do not use Gravatar as default avatar option
- wellknown: respond to .wellknown/matrix/client
- Make new login email translatable
- Require cloudron.io email to be verified to open support tickets
- external ldap: If we detect a local user with the same username as found on LDAP/AD we map it
- add basic eventlog for apps in app view
- Enable sshfs/cifs/nfs in app import UI
- Require password for fallback email change
- Make password reset logic translatable
- Logout users without 2FA when mandatory 2fa is enabled
-
Operator role is now implemented. An admin can set user(s)/group(s) as app operator:
The operator is then able to do app configuration and maintanence. They will see the gear icon on their dashboard:
Operator's app UI:
Note: An operator who is not an admin cannot uninstall an app, change it's location or clone it.
-
@girish that's a very nice feature. I recently had to give a WordPress developer the admin role on our production Cloudron since he needed access to the logs/terminal/file browser. This will make this a lot easier for the future.
-
@fbartels right, that's the exact use case this is for!
Also, there is a breaking change with this. SFTP access is now moved to operators and the flag we had previously to allow non-admins to access SFTP is now gone.
-
Added an Event Log section in the apps view.
-
- Added UpCloud object storage integration
- Added UpCloud object storage integration
-
Some email related changes:
- Email data is now viewable via the File manager (a new icon on the top right in the Email view).
-
Email data is stored separately from box data. A new mail.tar.gz (or mail directory in rsync mode) is created now at the top level. In theory, this makes it now possible to create backups, list backups and restore the Email data separately just like we have for apps. Maybe we will implement that in some future release as use cases arrive.
-
Mailbox backup / restore - There is no special UI for this. But one can now "restore" a mailbox by just uploading old mailbox from a backup and uploading it into the new mailbox via the File manager UI. Mailboxes are in the "vmail" directory in the above screenshot.
-
Custom cron commands can be added per-app:
Output of commands will nicely appear merged in the app's log output:
-
@girish Great, that you added support for custom cron-commands. I currently have a "cloudron exec" running as cron-job outside of an app, just because I was missing exactly this feature
-
There is now a "recovery" flag for the addon containers. It behaves similar to the app recovery mode. The addon container is put in read/write mode and will "sleep". One can then ssh and exec into the container to fix the database. It's fairly geeky but is needed when database becomes corrupt.
-
recvmail addon is fixed now. we will have to fix the apps after the release.
Only the email features are left now. Should be done hopefully this week.
-
Any ETA for 6.4? Wanting to test the migration issue defect that was identified in https://forum.cloudron.io/topic/5683/data-argument-must-be-of-type-received-null-error-during-restore-process when it’s ready. Would it be this week perhaps?
--
Dustin Dauncey
www.d19.ca -
@d19dotca Don't have an ETA yet, but hoping to finish the features this week, then we can test next week. I replied in the other thread to follow up.
-
@girish said in What's coming in 6.4:
recvmail addon is fixed now. we will have to fix the apps after the release.
Does this mean you'll be able to fix apps like Discourse so they can receive posts by email? Think / hope so!
-
@jdaviescoates yes. But for discourse, we also need pop support it seems.
-
@girish said in What's coming in 6.4:
But for discourse, we also need pop support it seems.
Unless you use the API instead:
-
Impersonate user feature:
You can click on the impersonate button (second button from left):
This will create a temporary password that you can use to login to apps or the dashboard. This will help admins to pre-setup things on behalf of the user. Importantly, this does not reset the user's existing password, this is an alternate password.
-
There's a link in the profile page now to send password reset request:
-
POP3 support is enabled on the server but it's disabled for all mailboxes by default. It has to enabled per mailbox.
-
So, the status of the release is that mailbox forwarding is being worked on. Once that is done, we will cut a release.
-
Getting excited for 6.4 (especially since it fixes a bug that's currently keeping me locked in-place with my current hosting provider), and all the amazing improvements particularly around email!
Was just wondering if there was an ETA for us. I know I asked about 11 days ago, just really looking forward to it. haha.
Also a slightly selfish reason for asking... it'll save me from having to pay another month of hosting from my current host if I can migrate off before end of this month if that other defect is fixed which is supposed to be fixed with 6.4, not a ton of time left for me to plan it out since it has to be in the middle of the night (i.e. weekends only, 3 weekends left and I'm guessing this weekend will be too soon, so really only 2 weekends left for me to do this migration so I'm getting a bit antsy).
--
Dustin Dauncey
www.d19.ca -
@d19dotca we plan to release next week, for sure.
-
Possibly final update: the manual tests went fine. We are just getting the e2e tests to pass and then we are good.
-
@girish will this be out later today by any chance?
--
Dustin Dauncey
www.d19.ca -
@d19dotca it is still in our end to end tests....
-
@d19dotca I will contact you from support, I think we can fix up your instance so you are not blocked by this.
Main issue is DO DNS is really letting us down this week. It keeps failing sporadically causing our tests to fail.
-
As a heads up, this release will get published as Cloudron 7.0 and not 6.4 . It's because we stop supporting Ubuntu 16 from this major version and also the format of backups have changed.
-
-
Unpinned by
girish
-
@girish Take it easy no pressue or rush. We understnad things take time. Love all of your work. Keep up the Good Work please!
-
It is a pity you can't hear the loud cheers and applause when you give us news like this.
-
Great job guys! Super long changelog, happy to see many of the changes included there!
I'm going to upgrade likely tomorrow night.PS - Girish, the migration went well from you manually adding in the self-signed certs the other day. I really appreciate the awesome support and help with that! You guys rock!
-
Why are we allowing POP3? It's an old, outdated, and insecure mail protocol.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~
Matrix: @murgero:urgero.org -
@murgero : i think the dinosaurs were bellowing loudly
-
@murgero said in What's coming in 7.0 (was 6.4):
Why are we allowing POP3? It's an old, outdated, and insecure mail protocol.
For some reason it is still required for various things. e.g. Discourse reply-by-email features (as mad as that sounds), and I think perhaps sucking messages into Gmail too (which can help people to get started using Cloudron mail stuff before they are ready to fully transition away from where they've currently got everything)
-
@murgero mostly for compatibility with apps and some services that we cannot control. Admittedly, I didn't want to enable it but it was trivial to enable it in dovecot.
It's also disabled by default for all mailboxes. We also only support POP3S (no plain POP3).
-
@murgero said in What's coming in 7.0 (was 6.4):
Why are we allowing POP3? It's an old, outdated, and insecure mail protocol.
TBH all mail protocols are outdated and insecure if compared so secure messenger protocols. Email cannot be fixed or made secure (think encryption or shit like HTML emails)
-
@necrevistonnezr said in What's coming in 7.0 (was 6.4):
all mail protocols are outdated and insecure if compared so secure messenger protocols
^this email was not designed as a secret medium. Unlike protocols such as matrix.
-
@fbartels said in What's coming in 7.0 (was 6.4):
@necrevistonnezr said in What's coming in 7.0 (was 6.4):
all mail protocols are outdated and insecure if compared so secure messenger protocols
^this email was not designed as a secret medium. Unlike protocols such as matrix.
Exactly.
-
Just curious @girish @nebulon ... I see 7.0.2 out but I still get the notice of this being pre-release and not production ready... is that still accurate or is that an outdated message?
This update is a pre-release and not considered stable yet. Please update at your own risk.--
Dustin Dauncey
www.d19.ca -
Thanks for the fantastic release!!
Brilliant new features: per event log, per cron, app manager role, email data file manager, and everything else...well done!!
Always visible grey squared gear icon is a bit less pretty than just the gear (as it used to be), no? Very minor point of course!
Also there was a talk on a mailbox manager role at some point (someone who could administrate the email side of thing), is this part of this release in the end or is there more work plan for this or for other role customisation in the next release?
-
@avatar1024 said in What's coming in 7.0 (was 6.4):
Always visible grey scared gear icon is a bit less pretty than just the gear (as it used to be), no? Very minor point of course!
which one do you mean? We have reworked some code in the apps grid to support the app operator role, so maybe you hit some regression, as the gear icon I am thinking of, should not be always visible.
-
@nebulon Apologies, I meant that on mouse hover an app, there is now a grey square button (with white gear) always visible, which then turns white (with blue gear) when actually hovering over it. Before it used to be that you see only the gear (without a square) when hovering over an app and you'd see the square when hovering over the gear.
Haha I've realised this is only a dark theme issue. I've just tried in another browser with a light theme and the issue is not here. So yes, probably a slight regression on the dark theme.
Cloudron 7
Cloudron 6 -
@avatar1024 well spotted, thanks. This is indeed a regression. I have fixed this now for the next release.
