What's coming in 7.5
-
Thanks @girish and @nebulon. If you need to prioritize, for the turn server the one that is simply impossible to add an external turnserver is matrix/element as it requires a restart to apply changes, which then of course leads to those changes being overwritten. I believe the others don't have that limitation, but at the same time, Nextcloud would probably have the quickest positive benefit as it is quite trivial to add the external turn server via the Nextcloud admin panel.
-
@potemkin_ai said in What's coming in 7.5:
@eganonoa just for my information - why are you looking for external TURN servers for Synapse/Matrix and NextCloud? What are the benefits?
A couple of reasons that make calls requiring a turn server not function well.
- We run our services behind Cloudflare, and turn servers don't work well (or at all) via reverse proxies like that as the server cannot accurately direct traffic to the correct IP addresses.
- Even if we didn't use Cloudflare proxying, we have many calls with people in academic and government environments with policies limiting what ports they can connect to, usually only allowing 443. Because Cloudron monopolizes that port its turn server has to run on a different port, so those people cannot use the Cloudron turn server even if we turned off Cloudflare proxying (which we don't want to do).
As a result, the ability to use an external turn server with Cloudron is critical and a very welcome development.
-
@girish said in What's coming in 7.5:
@eganonoa synapse update is now pushed and has optional turn.
Really wonderful. Thank you. Now restarting matrix does not overwrite that section of homeserver.yaml, with the added bonus that if you ever want to revert to the in-built turn you just "flip a switch" as it were and the settings revert to default. That's a very nice implementation.
-
Just dived right in and did the update to 7.5.1 (after all, I use Cloudron for private purposes, only, so no danger to any business ) - flawless.
For me, the addition of the Virtual "All Mail" folder is most welcome, as finally search in our webmail apps becomes usable! -
@eganonoa thank you, that makes much sense.
A few questions/proposals if you wouldn't mind:
-
Are you blocking any other access to Cloudron except via Cloudflare? If so - is it a precautious or a mitigation against well understood problem? If the later - could you please, share your experience?
-
I guess it's more to @nebulon and @girish actually - can't nginx proxy TURN/STUN traffic as well, reducing the required ports and system requirements as well?
-
-
@potemkin_ai said in What's coming in 7.5:
@eganonoa thank you, that makes much sense.
A few questions/proposals if you wouldn't mind:
-
Are you blocking any other access to Cloudron except via Cloudflare? If so - is it a precautious or a mitigation against well understood problem? If the later - could you please, share your experience?
-
I guess it's more to @nebulon and @girish actually - can't nginx proxy TURN/STUN traffic as well, reducing the required ports and system requirements as well?
For 1. Cloudflare proxying, its WAF with quite restricted settings outside of our static IPs. Then various app-level things as necessary. Mostly a precaution as we know our systems (not Cloudron) have been directly targeted by some sophisticated actors in the past.
For 2. there's been a bit of discussion on this (both re access to turn and the difficulty with VOIP services not running on 443) over the last few years here. Also worth checking out discussions outside of Cloudron for things like Nexrcloud Talk, Jitsi Meet, BigBlueButton. Upshot is that one way or another (whether because you run behind a NAT or just have users win the corporate/academic/government spheres with restrictive firewall rules) you really want an external turn, something that listens directly on 443 and can direct traffic. Theoretically there are (apparently) ways around it, but it adds levels of complexity that are just unnecessary given how utterly trivial it is to run an external turn. If interested BigBlueButton have a script that will set you up without any issue (https://github.com/bigbluebutton/bbb-install#install-a-turn-server)
Ultimately, I think we have to recognize that trying to make Cloudron provide all services to all people at all times is unworkable. If it provides a fully functioning base system and then allows flexibility for those needing more "complex" systems, then it is doing its job perfectly. This Redis and Turn change - long requested - is exactly that kind of solution.
-
-
Is 7.5.2 regarded as stable ?
-
Am I correct in thinking 7.5.X is not compatible with Ubuntu 18?
-
I think I've found a small UI bug in 7.5.2.
Whilst doing an backup the "Stop Backup" button actually displays "Stop Cleanup":
-
7.5 is available to all now. I will lock this thread shortly, please open separate threads for any issues.
Many of the backup features did not make it to this release. The focus for 7.6 is backup related stuff. I will create a thread for 7.6 release in a day or two.
-
-
-