Cloudron 6.3 released
5 min read

Cloudron 6.3 released

We are happy to announce the release of Cloudron 6.3!

For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.

Cloudron 6.3 has added many new features including Vultr DNS, Vultr Object Storage, Volume mounts, 2FA reset, App Start/stop button, Active flag for mailboxes, OCSP Stapling, New device login email, Reworked notifications, Optional email configuration & more!

Vultr DNS

Domains using Vultr DNS can now use the Vultr DNS backend. To get started, create a Vultr API token from Vultr Control Panel . Then, choose Vultr as the DNS provider when adding the domain in the Domain's view.

Vultr Object Storage

Backups can now be configured to be stored on Vultr Object Storage.

Backup and Volume Mounts

The Backup and Volumes UI now supports a variety of mount types - EXT4, NFS, CIFS and SSHFS. Internally, Cloudron generates systemd mount files to manage the mounts and ensure that they get mounted on server restart. See the docs for more information.

2FA Reset

Admins can reset the 2FA of users from the password reset dialog.

Mailbox Active Flag

A mailbox or a mailing list can be temporarily disabled by unchecking the Mailbox is active checkbox.

New Device Login Email

Cloudron now tracks the browser and IP addresses from which the user is logging in. When it notices a new browser or IP address, it sends a email notification as a security warning.

Start/Stop button

Apps can be quickly stopped and started using the start/stop button in the tool bar.

OCSP Stapling

OCSP Stapling is a standard to check the revokation status of TLS certificates. When enabled, it reduces the cost of a certificate validation for browsers, especially for large sites serving many simultaneous users. OCSP Staping is now enabled by default.

To verify that OCSP Stapling is enabled, run "openssl s_client -connect app.domain.com:443 -status". The output will contain OCSP response data.

A related extensions OCSP "must-staple" is not yet enabled. This is because nginx has an issue that it caches the staples asynchronously and at a worker level. You can read more in the nginx trac.

Optional Email Configuration

Cloudron has a built-in mail server and apps are pre-configured to send emails via this mail server. In this setup, the apps talk to the mail server using SMTP. Some specialized email and newsletter apps like Mautic can however use APIs of external mail services to send email. When using the API, they can track the delivery status of the email more reliably.

We have added an option in the Email section of the app to not configure an app's email. When the "Do not configure mail settings" option is selected, Cloudron will not interfere with email settings of the app and you will have to configure mail delivery settings inside the app yourself. Given that this flag makes sense only for apps that support email delivery via APIs, this feature is only enabled for specific apps.

Notifications

A common complaint about the existing notification system is that there's too much of it. After some thought, we have reworked the notification system.

  • Previously, notifications were per-user. This has instead been changed to be "system" level. The notification system is thus shared by the admin team and they can figure how to collaborate with other tools instead of Cloudron trying to have some sort of "read" indicator for each one of them.
  • Most of the email notifications have been removed. In fact, apart from backup failure emails and cert renewal failures, no emails are sent anymore. You have to visit the dashboard to see notifications since most of them are really not urgent or actionable.
  • Certificate renewal failure emails are now only sent if 10 days are left. The renewal itself will start 30 days in advance before the certificate expires.
  • Backup failure emails are only sent if 3 consecutive backups fail. This allows for "external services" to fail sporadically.

Misc

  • The last used time of API token is displayed in the Profile view.
  • Namecheap: fix issue where DNS records were not deleted on app uninstall
  • Copy over redis configuration when cloning an app
  • When importing an app from a backup, the icon, tag, label, proxy configs are imported as well.
  • Fix issues where backup process was leaking postgresql connections
  • Set task memory limit properly when backing up apps before an update
  • Certificates that have long expired (6 months) are automatically deleted.
  • Backup file names now contain the domain name of the app instead of the app id.
  • Store certificates and keys in the database instead of the file system. This is in preparation for Cloudron's multi-node feature.
  • SRS is now disabled for sieve filter redirects. In practice, this behavior change makes Cloudron mail server act similar to the forwarding functionality of popular mail services like gmail and office 365.
  • Incoming spam mail destined for a mailing list is immediately rejected.
  • This is the last release that will support Ubuntu 16.04. Please upgrade to Ubuntu 18.04 following this guide at the earliest.

What's coming next

Head over to our forum to learn more about what's coming in our next release - 6.4.

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button on your dashboard.

Comments?

Comments/Suggestions/Feedback? Use our Forum or email us.