Cloudron 4 released

Hi all,
We released Cloudron 4 now. The blog has more details about the release.

Changes:

• SFTP access is built into the platform. As of this release, WordPress, Surfer and LAMP apps support SFTP access. You can get the SFTP credentials from the i button in the app grid. Note that the username for each app is different!
• App tags and labels - this lets you easily categorize and search app. The current UI is very basic, we hope to iterate on this. Feedback welcome.
• Scaleway Object Storage backend for backups
• Easier email import. There is some basic docs on how to use imapsync here
• Unmanaged WordPress app - this app allows you to edit WordPress code unlike the existing WordPress app. Since, we let you edit the code, we won't deal with updates either. You can to use the WPs built-in updater for that. Docs for this app are here. Currently, this app is marked as unstable. So, you have to enable the unstable flag in settings before you can install it/see it in your Cloudron.
• Immediate App Update notifications
• Backups created right before an app update are retained for upto 3 weeks. This lets admins roll back in case they notice some breakage late.
• Community/Unstable apps. There's been a lot of app packaging going on and we can't keep up with testing of all the apps. So, we will get them all listed in the coming weeks, so others can easily test them out.
• Upstream app version is now listed in the app info dialog
• Support for email relays that do not require authentication and self-signed certificates
• Cloudron updates can now be applied without taking a full backup. This was added for situations where there might a bug in the backup logic and an upcoming Cloudron update fixes the backup issue.
• Add a way to disable outbound mail for a domain. Email -> Outbound -> Select Disabled

We are working on pushing out 2.2 early next week. The main feature planned is 2FA/TOTP support for the cloudron.io login and the dashboard.

Users will see a button in their profile section to setup 2FA. You can use Google Authenticator, FreeOTP or similar app to generate one time passwords.

To keep things simple this option will only enable 2FA for the dashboard login. App logins will not requires 2FA. From our initial investigation, many apps already support 2FA and making up some scheme like password+otp will have to carefully thought through from a UX perspective.

An update on this. We tried to push the update today with a plan to roll out later this week. We found some issues with the database migration which we are currently working on. Over all, it's unlikely this gets pushed out this week.

Now for some good news: we have updated all apps to use the latest base image 1.0.0 (which is based off ubuntu 18 and contains many security fixes).

Time for some progress updates!

There is now a system menu:

Inside which, there are services list. You can monitor and configure the services:

Backups can now be cancelled. Updates can also be cancelled. Yes, the layout is bit off here but it will be fixed before the release:

Also, we have reworked the email handling for apps a bit to support some use cases. Currently, apps are create a mailbox of their own and one cannot easily access these mailboxes (if someone replied to the email). We have fixed this so that apps can now be associated with any existing mailbox. By default, an address is auto-generated for the app. You can then change this to an existing mailbox which you can access using your credentials. It's also possible now to share the mailbox name across apps.

Starting today, we are making a Free Plan available. This plan will provide the
complete Cloudron experience for 2 Apps and 5 users. This plan includes automatic
updates and the Email solution. It's perfect suited for situations like:

• Newly registered domains where one just wants to setup a web site and email
• Users who just want to run a single app like NodeBB, GitLab or Rocket.Chat.

Please note that this does not affect current paid users.

You can see our latest pricing page here.

See our blog post for some background.

https://github.com/hooram/ownphotos

The upstream wallabag authors have enabled support for PG10. This means that Wallabag now works in the latest Cloudron version. We have pushed out a new version and it's now available for all -https://cloudron.io/store/org.wallabag.cloudronapp.html

Note that for installations "stuck" in Cloudron 3.2.3, we will enable updates so that they catch up to the latest release (which is 3.5.2)

We are working on pushing out 2.1 early next week. The main feature in 2.1 is improved mailbox management.

In Cloudron 1.x, the users/groups and mailbox/lists were tightly coupled. This meant that if you have a user named foo, they got the email id foo@domain.com. If you wanted to create a new mailbox bar@domain.com, you had to create a new user bar and also setup a new password for this user.

In Cloudron 2.1, we have decoupled the mailbox management and user management. You can create a mailbox (in a domain) and then assign a user. So in the case above, you can create a mailbox named bar and then assign the user foo to it. You can thus use a single password to manage any number of mailboxes.

Alright, we have integrated most of the changes.

There is now a 2FA button in the Account section:

Clicking on it, will bring up a QR code secret to scan:

If you lose the 2FA token/device, you have to SSH in and run some commands (will be documented).

We are working on bringing few new apps to the Cloudron. Some apps like CodiMD are already published. Few others like mastadon, suitecrm are on the works.

Back to 3.0:

• Signed releases
• Setup redirects. Currently, one has to use the LAMP app or Surfer to setup redirects from naked domain to www or vice-versa. We are adding a setting that will make this easy.
• Allow hyphen in mailbox names. This allows setting up mailboxes like no-reply.
• Add UI to edit users in the groups dialog and set groups when adding a user.
• Add button to view backup logs
• Add Mailjet mail relay support
• Encryption support for incremental backups
• Display restore errors in the UI

Another big feature coming up:

• Personal Spaces - This will allow setting up a system where users can install/manage apps in their own 'space'. More information on this coming soon but it's targeted a universities which can provide a personal hosting space for students.

Hey Guys,
We experimented with putting some user limits on our subscription plans. But it looks like this interferes with the business model of some of our upstream customers and also interferes with how we count users across apps and Cloudron itself. To avoid all the confusion, we have simply removed user limits from all plans. Same goes for app limits - there is no limit anymore (but there is still a restriction of more than 5 instances of the same app).

In the end, we still need a way to distinguish between personal and business use. For this reason, we have now tried put some of the apps are premium apps. Premium apps is simply based on our understanding that those apps are usually run by small teams/companies. Besides, those apps also require quite some work for us to manage compared to the rest.

Current users will be grandfathered to a plan which is the equivalent of the current business plan with no change in pricing.

Comments welcome!

Another quick update: the release is live now and we support 18.04. Newer Cloudrons will now get 3.3.

For existing Cloudrons, we are still working on some update issues. So they will still be on 3.2.

Thanks for your patience, but we literally have thousands of Cloudrons and we have to be ultra-careful on how we push updates.

3.6 will add the following:

• Enable UI that allows apps to use external data directory
• Backup rotation policy.
• Add notifications events in the UI for backups, setup issues, mail delivery issues etc

If you are facing any pressing issue, please leave a note here.

We have added a user active flag for the next release. When you de-activate a user, it simply won't let them login to the dashboard or any of the apps. No notification is sent to the user that he/she was disabled. In the admin view, you will see a grayed out user (which you can re-activate).

I wrote blog post on how to setup Cloudron on a home server - https://cloudron.io/blog/2018-04-13-home-server.html .

It's nice to have this documented once and for all since I have repeated this many times Let me know if I missed something.

Happy to answer any questions!

We are rolling out Cloudron 3.0!

Cloudron 3 is now available for all. You can read more in our blog post

Highlights:

• Signed releases
• Domain redirection
• Encrypted incremental backups
• Arbitrary subdomain installations
• Improved User & Group management UI

We are trying to get some frequently requested apps on Cloudron. For this, we will need to add support in the Cloudron platform first:

• UDP support - This will allow Jitsi, teamspeak etc
• Implement docker addon - This will allow CI systems/drone, jenkins, IDEs etc

Other cosmetic changes that are planned:

• Make backup interval configurable. This will let you backup more than once a day or less than once a day

Some important fixes:

• Redirection domains are not getting renewed
• Some important security fixes to encrypted backups logic

We want to focus on making Cloudron more self-serviceable in this release. Core problem is that when something is not working, the Cloudron dashboard is currently not very helpful for the Cloudron superadmin/operator in helping diagnose and fix problems.

• Make the backup task killable. Sometimes backups gets stuck and there is no way to stop/restart it.
• Add a way to monitor health and fix issues related to Cloudron's addons (the databases) and docker.
• The update process does a complete backup and this in turn currently locks up the admin UI. This is purely a UI issue, the Cloudron is actually up and running just fine during an update!
• Keep Dashboard always up. Currently, there is a bit of code in our startup logic which will prevent the dashboard from being accessible if it fails. We are fixing this so that the Cloudron UI will always be available 100%. And even if DNS setup is broken, it will be reachable by IP. (And then you can perform actions to fix the DNS),
• Issues related to very large app data. Currently, there is a way to disable daily backups per app. But an app update or box update still performs a full app backup. We are looking into adding a more flexible backup mechanisms and policies per app. Suggestions are welcome here (but we would strongly prefer not to disable backups of an app entirely).

4.2 will add the following:

• Update apps to manifest v2.
• Fix up apps to make migration easier. Many users are migrating apps from one Cloudron to another. For example, they install and setup an app in staging.domain.com and then move it to another cloudron at prod.domain.com. In such cases, the LDAP identification/auth causes problems because users of one Cloudron are different from the other Cloudron. We are fixing the apps to use username attribute consistently instead of uid. This means that as long as usernames match, migrations will happen seamlessly.
• Migrate mongodb to cluster mode. New versions of Rocket.Chat require mongodb oplog to be enabled and also to run mongodb in cluster mode.
• Rework app task. This is an internal code refactor but expected to be quite big.
• Customizable app data directory - this will allow you to mount an external disk (like a DO block storage) and make an app use that storage block. This was expected to be in 4.1 but is blocked by the app task rework.