Cloudron 5.1 released
We are happy to announce the release of Cloudron 5.1!
For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5.1 adds a TURN service that makes it possible to have completely private peer-to-peer (P2P) voice and video calls. We have added support for running decentralized federation apps like Mastodon & Matrix Synapse. This release also has graph improvements, support for ECC certs, mail eventlog filter, security enhancements & more.
TURN Service
One of our primary goals with the 5.1 release was to support voice and video apps on Cloudron. Modern conferencing apps use WebRTC to transfer voice, video and data between peers. A necessary component to provide completely private P2P is to have a self-hosted STUN/TURN service. In layman terms, a TURN service helps two parties make a connection with each other. When a direct connection cannot be made (due to firewalls), it acts as a relay between those two parties.
Cloudron 5.1 has a built-in TURN service implemented with coturn. Apps implementing WebRTC can use the turn addonto configure themselves.
We have already updated 4 apps to use this new functionality:
- Kopano Meet - P2P voice and video calls. Thanks to Felix of Kopano's team for helping us out!
- Nextcloud Talk - P2P voice and video calls
- Matrix Synapse - Decentralized communication
- FilePizza - P2P file transfer
Note that the current apps are best suited for small groups of 3-5 users. We are working on packaging apps like Jitsi and Big Blue Button for larger groups.
Mail Eventlog
The mail eventlog now has search and filter options.
Disk Graphs
Disk graphs are now sorted by usage.
Further, apps that have automatic backups disabled are now listed in the Backups view:
Thanks to @d19dotca for these suggestions!
Security improvements
We have various security related improvements:
We have dropped support for TLSv1 and TLSv1.1. Qualys recently starting capping these insecure protocols to B grade.
Elliptic Curve Cryptography or ECC certs provide greater security and perfect forward secrecy with a smaller key size. You can now upload custom ECC certs for each domain in the Domains view. Recently, Let's Encrypt has also started issuing ECC certs. In the next release, Cloudron will start installing ECC certs from Let's Encrypt automatically. Thanks to @zerononcense for reporting and testing this functionality.
The docker addon allows apps to create containers by accessing the docker daemon. With an incorrectly packaged app, it is possible for a normal Cloudron user to break out of Cloudron's app sandbox and become a Cloudron admin. For this reason, apps that use the docker addon can only be installed/updated/exec'ed by the Cloudron owner. In addition, we have implemented a docker proxy service that restricts the container operations that the app can do. Thanks to @iamthefij for bringing this up.
Password reset and new user invite tokens are now only valid for a day.
Custom .well-known URLs
We have recently released new apps like Mastodon and Matrix. These apps require well-known URIs to be setup for federation to work. This release allows you to setup .well-known documents for apps hosted on Cloudron. See the docs for more information.
Other notable changes
- mail: fix bug with listing of >25 mailboxes and aliases
- branding: make the login page title show cloudron name
- mail: fix incorrect eventlog db perms
Install or update Cloudron
New to Cloudron? Get started for free by running with 3 simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.