Cloudron 3.0 released
3 min read

Cloudron 3.0 released

We are happy to announce the release of Cloudron 3.0!

For those unaware, Cloudron is a platform that makes it easy to run web apps on your server and keep them up-to-date and secure. Think SaaS for self-hosted apps.

Cloudron 3.0 brings many new security enhancements and implements often requested features.

Signed releases

Cloudron installations pull updates from the Cloudron Appstore. The Cloudron Appstore is hosted by the Cloudron team on AWS. There is a small (but valid) security concern that if our cloud infrastructure is compromised then an attacker can push a malicious update.

To mitigate this security risk, Cloudron releases are now signed using GPG. With the new release signing infrastructure in place, Cloudron verifies two things before installing an update:

Ensure that the release package was created by the Cloudron team.

Ensure that the release was staged by the Cloudron team. This check is required for situations where an old signed release can get re-staged as a new update.

If the verification fails, an error like below will be displayed and the Cloudron will not update.

See our documentation to read more about the security benefitsof using Cloudron.

Domain redirection

You can now setup a redirection from one or more domains to any application installed on the Cloudron using the configure dialog. Currently, the UI only allows a single domain but you can setup more domains using the REST API.

Encrypted incremental backups

Cloudron stores backups in one of the two formats - tgz and rsync. The tgz format simply makes a zipped tar ball of the application's data, optionally encrypts it and uploads it to the configured Cloud storage provider. The rsync format uploads individual files and unlike the tgz format supports uploading files incrementally (i.e only what changed since the last backup) and does server side copies. You can read more about backups here.

In Cloudron 3, we have added support for encrypted rsync backups. With this feature, all files are encrypted (aes-256-cbc) before upload. For maximum security, both the file names and contents are encrypted.

The backup key can be set in the backup settings:

Arbitrary subdomains

A common workflow on Cloudron is to start out testing an app in a staging environment and then move it to production. Apps are initially installed at a temporary domain like blog-staging.domain.comand then moved to a production domain like On the Cloudron, moving an existing app installation to another domain is easy - all you have to do is change the location field in the app's configure UI.

Now, if you wanted to use instead (notice the . instead of -), you had to first add a new domain named and then install the app under the subdomain blog of that domain.

In Cloudron 3, you can directly install apps into any level deep subdomain:

User & Group management

Cloudron User management allows users to single sign-on across (supported) Cloudron apps. Cloudron Groups can be used to group users and control accessto apps.

In Cloudron 3, we have reworked the Users view so that you can easily set the groups of a user when creating a new user:

You can also assign the members of a group, when creating a group:

Other notable changes

  • Mailbox names can now contain -. This allows one to create mailboxes like no-reply.
  • Add UI to view backup logs
  • Add Mailjet mail relay support
  • The restore UI has been made more robust and any errors are displayed in the UI

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button on your dashboard.


Comments/Suggestions/Feedback? Use our Forum or email us.