What's coming in 7.5

eganonoa

@girish said in What's coming in 7.5:

@eganonoa synapse update is now pushed and has optional turn.

Really wonderful. Thank you. Now restarting matrix does not overwrite that section of homeserver.yaml, with the added bonus that if you ever want to revert to the in-built turn you just "flip a switch" as it were and the settings revert to default. That's a very nice implementation.

necrevistonnezr

Just dived right in and did the update to 7.5.1 (after all, I use Cloudron for private purposes, only, so no danger to any business ) - flawless.
For me, the addition of the Virtual "All Mail" folder is most welcome, as finally search in our webmail apps becomes usable!

micmc

Flawless and super smooth update from here too!

potemkin_ai

@eganonoa thank you, that makes much sense.

A few questions/proposals if you wouldn't mind:

1. Are you blocking any other access to Cloudron except via Cloudflare? If so - is it a precautious or a mitigation against well understood problem? If the later - could you please, share your experience?

2. I guess it's more to @nebulon and @girish actually - can't nginx proxy TURN/STUN traffic as well, reducing the required ports and system requirements as well?

eganonoa

@potemkin_ai said in What's coming in 7.5:

@eganonoa thank you, that makes much sense.

A few questions/proposals if you wouldn't mind:

1. Are you blocking any other access to Cloudron except via Cloudflare? If so - is it a precautious or a mitigation against well understood problem? If the later - could you please, share your experience?

2. I guess it's more to @nebulon and @girish actually - can't nginx proxy TURN/STUN traffic as well, reducing the required ports and system requirements as well?

For 1. Cloudflare proxying, its WAF with quite restricted settings outside of our static IPs. Then various app-level things as necessary. Mostly a precaution as we know our systems (not Cloudron) have been directly targeted by some sophisticated actors in the past.

For 2. there's been a bit of discussion on this (both re access to turn and the difficulty with VOIP services not running on 443) over the last few years here. Also worth checking out discussions outside of Cloudron for things like Nexrcloud Talk, Jitsi Meet, BigBlueButton. Upshot is that one way or another (whether because you run behind a NAT or just have users win the corporate/academic/government spheres with restrictive firewall rules) you really want an external turn, something that listens directly on 443 and can direct traffic. Theoretically there are (apparently) ways around it, but it adds levels of complexity that are just unnecessary given how utterly trivial it is to run an external turn. If interested BigBlueButton have a script that will set you up without any issue (https://github.com/bigbluebutton/bbb-install#install-a-turn-server )

Ultimately, I think we have to recognize that trying to make Cloudron provide all services to all people at all times is unworkable. If it provides a fully functioning base system and then allows flexibility for those needing more "complex" systems, then it is doing its job perfectly. This Redis and Turn change - long requested - is exactly that kind of solution.

timconsidine

Is 7.5.2 regarded as stable ?

nebulon

If you are already on 7.5 it only has some fixes over 7.5.1 so yes. Otherwise we usually wait for a few days to collect early feedback and see if we can consider it stable.

jdaviescoates

Am I correct in thinking 7.5.X is not compatible with Ubuntu 18?

nebulon

That is correct.

jdaviescoates

I think I've found a small UI bug in 7.5.2.

Whilst doing an backup the "Stop Backup" button actually displays "Stop Cleanup":

nebulon

Well spotted. Fix is pushed for next release then.

girish

7.5 is available to all now. I will lock this thread shortly, please open separate threads for any issues.

Many of the backup features did not make it to this release. The focus for 7.6 is backup related stuff. I will create a thread for 7.6 release in a day or two.