PhotoPrism - Personal Photo Management powered by Go and Google TensorFlow

https://github.com/photoprism/photoprism

We added a new member to our team last week - @james .

James will help us with community support. Luckily for us, James requires no onboarding. He is a sysadmin by trade (is a big ansible fan) and has been working with Cloudron since very early days.

I should have done similar posts for our other members but better late than never. @vladimir.d has helping us app packaging. @joseph has been active with community support but will now focus a bit more on email support and platform testing.

All of us have the @staff badge here

OpenSlides is the all-in-one solution for running your plenary meetings and conferences. Show the current presentation on the main screen, while you show the agenda, motions, list of speakers on others. Working on elections and documents in parallel with all participants. Web-based and always up-to-date.

https://openslides.com/en
https://github.com/OpenSlides/OpenSlides

We will be working on the following for 8.2:

• (9.0) Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
• (9.0) Show backup/restore progress
• (9.0) Multiple Backup Destinations
• (9.0) Granular Backup schedule
• Fix issue with removal of stale/failed/partial backups
• Add sqlite3 addon
• Remove the global lock for backups.
• App archival?
• VM mode for apps?
• Branding of OIDC button
• Add more notification methods
• Don't run du for small disks (see)
• Mail attachment search

This used to 8.1 but see this post

This is solid proof that Santa is real

We have updated the existing OpenVPN app to support WireGuard. This is a major update and thus many major changes:

• It's the same app that supports OpenVPN and WireGuard. You create a client, you can connect using whichever protocol you want. Currently, the OpenVPN and WireGuard networks are different but we will make an effort at some point to bridge the networks.

• The name of the app has changed to just "VPN" . There is a new logo

  

• The first user to login to the app is automatically made admin. Previously, this feature was too hard to find.

• You can QR code scan WireGuard clients or choose one of the other formats.

  

• When connected, you can see the details and the type of connection.

  

• Like the OpenVPN version, WireGuard supports IPv4 and IPv6. You can set a custom DNS server as well.

Internally, there is now a unified database for both WireGuard and OpenVPN . We expect some migration glitches to the new version but we have tested this the best we can.

For those upgrading, you have to enable WireGuard in the Location section of the app after the upgrade.

Please report any bugs to the VPN category - https://forum.cloudron.io/category/20/vpn

Happy holidays!

Mostly quality of life improvements

What’s coming in 7.3

• (mail) Per mailbox quota - message limit and size
• (mail) VERP and bounce management for mailtrain and mautic
• SFTP export flag for volumes We will enhance the web file manager instead
• (mail) Virtual all directory in dovecot for search
• (mail) Expose mail queue operations
• (mail) wildcard aliases
• (mail) send as subaddress
• External app links in Dashboard
• storj/filebase integration
• Expose groups via LDAP: already implemented in a previous release
• Set domain of LDAP server
• Configurable TURN server
• Backup integrity
• OpenVPN/Wireguard integration

(We split the features into two release 6.2, 6.3 and 7.0, 8.0 they are tagged appropriately below)

Features planned for 9.0:

• (9.0) Multihost support. i.e you can have many servers and have a single dashboard to manage users, apps and domains - https://git.cloudron.io/cloudron/box/-/issues/142

These features are already implemented:

• (6.2) Move apps to new base image v3 - See https://forum.cloudron.io/topic/4366/docker-base-image-3-0
• (6.2) Database upgrades - MySQL 8, Postgres 12, Redis 5, Mongo DB 4.2.
• (6.2) Update node to 14.15.4
• (6.2) Update docker to 20.10.3
• Add service account type . This will add a way to create a "service" or bot user that can be used for automation but doesn't appear in LDAP directory queries. Decided against this because of lack of use cases.
• (6.2) Make it possible to restore without updating DNS. This is useful if you want to test out cloudron backups.
• (6.2) Add a way to manage apps <-> groups better. Currently, it's hard to get a grip on what apps a user/group has access to easily (maybe add filters as well).
• FTP access to volumes This is complicated, maybe some other release.
• (6.2) TLS addon (for DoT in AdguardHome)
• (7.4) Implement LDAP+2FA across apps - See https://git.cloudron.io/cloudron/box/-/issues/705 . Deprecated in favor of OIDC support.

Update: 6.2 is out. We will work on 6.3 - https://forum.cloudron.io/topic/4723/what-s-coming-in-cloudron-6-3 . It's a required first step for multi-host.

• Deprecate Ubuntu 20.04 support - we won't remove support yet, but you will get a notification that support is going away soon. I think Jul 2025 is when Ubuntu 20.04 reaches EOL.
• UI Redesign - this is a biggie and requires much work. We already started migrating to vuejs 3 months ago. We will also take this opportunity to fix the navigation in our UI. Currently, the whole navigation is crammed under the profile menu.
• App Level (Disk) Storage Limit - This will let you size the maximum disk storage an app can use. Currently, the plan is to add support for XFS Project Quota (supported on all the cloud block storage devices) and also a loopback device based backend. Maybe in future, we will add a LVM based backend as well.
• Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
• Show backup/restore progress
• Multiple Backup Destinations
• Granular Backup schedule

MeshCentral2 is complete remote computer management web site you can download and run in minutes. It's much like the original MeshCentral, but completely re-built using NodeJS. Easy to install and operate, runs on many platforms including Linux and Windows. This project is open source under the Apache 2.0 license. Once you get your MeshCentral server installed, you then install agents on remote computers and once the agent connects back, you can immediately take control of the remote computer over the Internet. You can do remote desktop, remote terminal and remote access to files

https://github.com/Ylianst/MeshCentral
https://www.meshcommander.com/meshcentral2

Why let only SaaS providers have shiny status pages ?

We have a self-hosted Uptime Kuma now showing the status of all our public facing selfhosted services - https://status.cloudron.io

Demo: https://watch.owncast.online

Github: https://github.com/owncast/owncast

Documentation: https://owncast.online

For 7.5, we just want to focus on fixing some long standing issues instead of adding new features. Also, Cloudron 7.4 added OIDC support, so we are also working on moving apps from LDAP to OIDC slowly (as long as the migration works seamlessly).

These are fairly critical and we haven't paid attention to them in a while:

• (mail) Virtual all directory in dovecot for search
• (mail) Investigate why Spam learning/filtering sometimes does not work effectively.
• (mail) SPF regression adding an extra header and leaking client IP.
• Backup integrity - store size and checksum of backups. Also provide a way to "verify" backup integrity in the remote.
• Backup/restore progress
• SSHFS/CIFS import is not working - 1 and 2
• Add optional flag for turn addon.
• Add check to indicate that Cloudron 7.6 will not support servers without AVX. This is required for MongoDB 6.0
• Upgrade Redis to 7 . This is required for Discourse
• Improve app repair workflow

You can read the announcement here.

Features:

• MongoDB was updated to 5.0 . Because of this we cannot support CPUs without AVX support anymore.
• New base image 4.2.0 cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
• OVH DNS backend
• DNSimple DNS backend
• System Info shows SMBIOS information
• Editable network volumes
• Color-keyed notifications
• External Directory Connector improvements
  • 2FA Behavior: When using another Cloudron as an authentication provider, 2FA of the external directory is used. When using other providers, users can setup 2FA locally.
  • User Attributes: The user's role and active state are local and not synced from LDAP.
  • Groups Behavior: When Sync Groups is enabled, groups will be automatically created and users will be associated. External Groups are readonly and cannot be edited.
  • Sync Behavior: The local directory is synced with the external directory every 4 hours.
  • Keep/Make Local: This feature has been removed. It never worked properly because local users were overwritten with the next sync.

Smaller changes:

• turn: add ddos mitigation settings
• api: return json when route not found
• oidc: loginRedirectUri can be empty string
• mail: add option to enable/disable Virtual All mailbox
• app proxy: Host header is set to match the proxy domain instead of the target domain
• oidc: add oidc logo as login indicator for apps
• dyndns: update dns every 10 mins
• dashboard: remove nginx config of old domain when domain changed
• Show disk consumption of docker volumes for /run and /tmp of apps separately
• roles: admin role can access branding and networking
• mail: fix issue with redis emitting warnings non-stop
• mail: fix issue where doublle header was sent
• logviewer: preserve horizontal scroll position
• dockerproxy: allow child containers to access volumes
• postgres: enable cube, vector and earthdistance extensions
• Add ability to register a Cloudron with a setupToken only
• support: replace ticket section with help section
• firewall: increase blocklist size to 262144
• route53: retry on rate limit errors
• update: continue with app update if box update does not start
• ldap: fix error messages to show proper error messages in the external LDAP connector
• dashboard: fix various UI elements hidden for admin user
• email: improve loading of the mail usage to not block other views from loading
• eventlog: add events for directory server and exernal directory configuration
• profile: changing email now requires password

We are working actively on Cloudron 9 .

One of the major tasks is to update the base image to Ubuntu 24.04 . Since this is a pretty massive change of it's own, we will make an intermediate release Cloudron 8.3 . This release will only contain base image change. All of the apps will also get updated in the coming month or two to the new base image.

• Postgres will update from 14 to 16. All apps will automatically migrate.
• Mongodb will update from 6 to 7. All apps will automatically migrate.
• PHP will update to 8.3 . This change doesn't require downtime but apps that use plugins heavily might have incompatibilites (looking at you WP and Nextcloud).
• Node will update to 22 LTS
• There is now an alias in the base image cloudron_<db> to connect to database. So, you can cloudron exec and then cloudron_mysql to connect to mysql without dealing with those pesky env vars.
• There are many software updates which are ultimately unremarkable but necessary (like solr 9, ruby 3.2, python 3.12 etc)

I will update this post with the finalized base image 5.0.0 sha256 when it's tested across a large variety of apps. Final image is cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c .

To repeat: This release is just an intermediate step to Cloudron 9 . No other features are planned as part of 8.3.

https://vikunja.io/
https://code.vikunja.io/

@girish said in What's coming in 8.2:

Remove the global lock for backups.

Finally, the global lock is gone. Practically, what this means is: Backups and Updates do not block app configuration anymore.

Alright, I managed to get initial wireguard implementation working. It's in a branch, still some work to be done but atleast it's working. I am still figuring out routing between the networks but you can connect separately already.

The idea is to have both OpenVPN and Wireguard in the existing OpenVPN app. Maybe we will rename this app to be just VPN. Hopefully, we can get this out the coming week.

@girish said in What's coming in 8.2:

App archival?

This is implemented now. In the Uninstall section, there is an option to archive.

In the Backups view, there is a listing of archives. You can unarchive them from there.

Archiving means:

• App gets uninstalled freeing up space on server
• App won't be in the main dashboard
• The latest backup of the app is kept "forever". Not affected by backup cleaning policies.
• Can be unarchived. If you delete the archive entry itself, the associated backup will eventually go away based on cleanup policy.

@humptydumpty Getting there... Last week we landed the support for multiple backup destinations with independent backup schedules. Backups also now link internally to the backup destination. This way, if you delete a backup destination, it's clear that Cloudron has lost track of backups that were made in that destination i.e those backup entries are removed and are not listed in the UI (unlike now where they linger but it's actually not possible to restore).

Currently, working on adding integrity checks and better progress. With that we are done.

@LoudLemur thanks for the kind words

This forum/community plays a big role is keeping us motivated and excited. Personally, I have learnt so much from you guys! I had no idea so many selfhosted apps existed for a start.

Since I based in the valley, I constantly hear "everyone uses gmail", "everyone uses slack" etc. So, whenever I read on the forum about using these different apps everyday, it reinforces the idea that they are enough people out there who have different priorities/values/use cases. For me, this is incredibly valuable feedback.