Posted
almost 5 years
ago
by
Girish
We are happy to announce the release of Cloudron 5.4!
For those unaware, Cloudron is a platform that makes it easy to run web apps like
WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5.4 adds a dark mode
... [More]
, file manager, Mandatory 2FA, Backblaze B2 support
& lots of bug fixes!
Features
Dark Mode
The new Dark Mode brings a beautiful dark color scheme for the Cloudron Dashboard. This new look is easier on the eyes and helps reduce eye strain.
The dashboard automatically uses this new look when the OS switches
to dark mode. You can also turn on dark mode per-site using a browser extension like Dark Reader.
File Manager
File Manager allows you to create and modify application files straight from the browser. The File Manager can be access
from the Console section of any app.
Clicking on the File Manager button will open a new window:
File Manager supports the following actions:
Creating new files and folders
Uploading new files and folders
Edit files (just click on the file). There is also basic syntax highlighting for the file
Basic operations like download/rename/delete file (right click on file name)
Change ownership of file (right click on filename)
Mandatory 2FA
Admins can now require all users to set up two factor authentication. When enabled, all new users
will be forced to setup a 2FA during sign up. Existing users will be forced to setup 2FA when they login
or reload the dashboard page.
When users login, they will see a modal dialog like below:
Lock user profiles
Admins can now disallow users from changing their email and full name. When locked, the user's profile becomes
readonly like below (the edit buttons are missing):
Backblaze B2
Backblaze B2 recently announced support
for S3 compatible APIs. Thanks to this new feature, we have added Backblaze B2 as a backup destination.
Enhancements
Univention Directory
We have added support for synchronizing users and groups from a Univention Directory server. To configure,
go to the Users view and select Univention in the external LDAP configuration.
Ping capability
In Cloudron 5.2, we dropped NET_RAW caps from containers to prevent them from sniffing internal network traffic.
This, however, prevented apps from making ICMP requests as well. We have added a new ping capability in the manifest
to allow apps like Statping to make ICMP requests.
Security
Nginx
The nginx packages in Ubuntu 18 are lagging behind. For this reason, we now use the latest stable packages from the nginx
project directly. We have updated nginx to 1.8 for various security related fixes in this release.
In addition, we have started hiding the version of nginx in HTTP responses.
Misc
Fix bug where aliases were displayed incorrectly in SOGo
Bump max_connection for postgres addon to 200
The mailbox and the mailing list views now have pagination and search support.
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
almost 5 years
ago
by
Girish Ramakrishnan
We are happy to announce the availability of Cloudron Referral Program.
If you like running apps using Cloudron, please share your experience on social networks, youtube and other sites
to earn account credit.
How it works
When someone subscribes to
... [More]
Cloudron using your referral code, you will get a $30 service credit.
The referred person will get a $30 credit as well.
Your referral code
To get your referral code, login to cloudron.io and go to the 'Referral'
section. Here's a direct link.
Using your code
When a customer sets up a subscription, they can fill in your referral code and the credits will be immediately applied.
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
almost 5 years
ago
by
Girish Ramakrishnan
We are happy to announce the availability of Cloudron Referral Program.
If you like running apps using Cloudron, please share your experience on social networks, youtube and other sites
to earn account credit.
How it works
If someone subscribes to
... [More]
Cloudron using your referral code, then you will get a $30 service credit.
The referred person will get a $30 credit as well.
Your referral code
To get your referral code, login to cloudron.io and go to the 'Referral'
section. Here's a direct link.
Using your code
When a customer sets up a subscription, they can fill in your referral code and the credits will be immediately applied.
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
almost 5 years
ago
by
Girish Ramakrishnan
This is an interview from Girish, founder of Cloudron and GzEvD, an avid Cloudron user.
Girish: Please introduce yourself.
Tobias: My name is Tobias Bähr and I'm working for the Gesellschaft zur Entwicklung von Dingen (Company for the Development of
... [More]
Things) as a software developer. We are a Berlin-based company with 6 employees and a lot of freelancers and partner companies.
We are strong in technology consulting and planning, especially in free and open source software. But we also develop a lot of web applications for customers (and for ourselves).
Tobias, please tell us which products you used before you came to Cloudron.
One of our last technology stacks was based on a private cloud. We used OpenNebula, Rancher, and a hell of a lot of automation scripts.
Parts of that stack we are still using today for custom projects.
Ah I see. What was your reason for using Cloudron?
For our consultance business it's necessary to know a lot of FOSS apps, therefore we always install a lot of those. However, security issues are a concern for us. We would not want to have abandoned installations around.
We stumbled upon Cloudron and started with a small trial. What was most appealing to us was the prompt updates. Obviously because of that, Cloudron now is our first choice.
What do you like most about Cloudron?
A few weeks after our initial try, I realized that Cloudron is the missing piece in our stack.
In our development workflow it's important for us to show customers the results from a feature branch. But before Cloudron, it was difficult to create a stage environment for customers to empower their quality assurance. Especially when we have several parallel feature branches.
Today our workflow looks like this:
Add the code base of the project into a prepared Cloudron base image
Push it into our private docker registry (Gitlab)
Use the Cloudron-CLI to start the app or remove it, after the branch was merged or deleted
All done via the CI of Gitlab
Tasks like obtaining a certificate, binding it to LDAP user directory, and supporting non-technical staff through the Cloudron dashboard are all done by Cloudron magic. We love it.
Which apps do you use on Cloudron?
We have several instances of Cloudron. As I said before, one instance serves our staging environment, another instance is more a playground for new apps and a third one is used by our company for collaborative work. On those we use the following apps:
Rocket.chat: for our internal company communication.
Nextcloud: for sharing documents in our company and with customers
ONLYOFFICE & Collabora: to replace Office 365
Bookstack: as our internal wiki
Wekan: as our Kanban board
OpenProject: as our project management tool
Kimai: for timetracking
EspoCRM: for contacts
InvoiceNinja: for invoices
CodiMD: a wonderful piece of software for notes and meeting minutes
Surfer: for some websites
Commento: for some static website content
Matomo: to replace google analytics
Thank you, Tobias!
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
almost 5 years
ago
by
Girish
We are happy to announce the release of Cloudron 5.3!
For those unaware, Cloudron is a platform that makes it easy to run web apps like
WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5.3 adds new
... [More]
NFS/SSHFS/CIFS storage backends, LDAP groups synchonization,
Dashboard optimizations & lots of bug fixes!
Features
NFS/SSHFS/CIFS
We have added three specialized file systems backends for backups - NFS, SSHFS and CIFS.
These backends check that the backup path is mounted properly with the correct flags
before performing the backup. This prevents issues where Cloudron might inadvertently backup
to the local file system when the external storage is not mounted.
See the docs for detailed information
on how to mount these filesystems on the server.
LDAP Groups Synchronization
The LDAP connector allows users from your existing
LDAP or active directory to authenticate with Cloudron.
In 5.3, you can optionally sync LDAP groups as Cloudron groups. LDAP group membership will be carried over to Cloudron
users as well.
Unaccent extension in PostgreSQL
unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes.
We have enabled the unaccent extension in the PostgreSQL addon. Apps like Peertube
can take advantage of this extension to provide accent-insensitive processing for full text search.
Enhancements
Dashboard
In previous versions, Cloudron Dashboard would load excruciatingly slowly if you had a large number of apps. In addition, it
would poll a lot to get the status of the apps. We have done a lot of optimizations this release to ensure the Dashboard not
only loads fast but also downloads much lesser.
We have re-designed the App Store view to be more compact and load faster as well. You can now search for popular SaaS
and find alternate apps (for example, try 'github' or 'slack').
Backup cleanup policy
The backup cleaner removed old backups based on the backup policy. This cleaner has undergone various changes.
The following are some of the important rules that are followed by the backup cleaner:
For installed apps and box backups, the latest backup is always retained regardless of the policy. This ensures
that even if all the backups are outside of the retention policy, there is still atleast one backup preserved. This change
also ensure that the latest backup of stopped apps is preserved when not referenced by any box backup.
For uninstalled apps, the latest backup is cleaned up as per the policy.
Finally, if the latest backup is already part of the policy, it is not counted twice.
Errored and partial backups are cleaned up immediately.
nginx
nginx logs are available in the services view.
We have also updated the nginx config to support higher loads. Specifically, we have optimized worker_rlimit_nofile,
worker_processes and worker_connections configuration in nginx.
S3 API
Amazon S3 will no longer support path-style API requests starting September 30th, 2020.
As a result of this deprecation, we have moved all S3 compatible providers to now use vhost style API requests. This includes
Digital Ocean Spaces, Exoscale SOS, Linode Object Storage, OVH Object Storage, Scaleway Object Storage & Wasabi.
Minio backups will continue to use the path-style API requests since the typical setup here is to not have a subdomain for each bucket.
We have also added a Region field to S3 API Compatible providers. This is required for providers like Yandex Object Storage.
cloudron-setup
The cloudron-setup script does not require the --provider argument anymore. You can now install Cloudron on a Ubuntu Bionic 18.04 x64 server
and run the setup script without arguments like this:
wget https://cloudron.io/cloudron-setup
chmod +x ./cloudron-setup
./cloudron-setup
Note that the --provider flag is still required if you want to install older versions of Cloudron.
Misc
Cloudron mail server now sets the Auto-Submitted header for bounce emails. This feature allows apps like FreeScout to
skip sending an auto-reply.
Fix issue where PostgreSQL and MySQL addons would timeout when restoring very large backups.
Fix crash when redis config was set
Update schedule was unselected in the UI
mail: make authentication case insensitive
Do not count stopped apps for memory use
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
almost 5 years
ago
by
Girish
We are happy to announce the release of Cloudron 5.2!
For those unaware, Cloudron is a platform that makes it easy to run web apps like
WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5.2 adds EC certs
... [More]
, Member only mailing lists, Inter-domain mail aliases,
OVH storage backend, App graphs & more!
Features
Members only mailing list
Internal or closed mailing lists can be marked as members only. This way an outsider cannot send mails
to this list and will get a bounce. This feature is also useful in blocking spam from external email addresses.
Inter-domain aliases
We have enhanced the email alias functionality to allow aliases across domains.
Redis status
The status of Redis is now available in the Services view. Like other services like MySQL, one can view the logs
of Redis, adjust the memory limit and restart the service.
Note that unlike other services like MySQL which are shared across apps, each app gets it's own Redis
(this is because redis does not support multi-tenancy).
Backup retention policy
A good backup policy is to thin out backups based on their age. Our current rentention policy used to simply
prune backups based on their age. In 5.2, you can decide to keep a specific number of daily, weekly, monthly and
yearly backups. For example, a backup policy of "3 daily, 4 weekly, 6 monthly" means to keep a single backup for
each day for the last 3 days, single backup for each week for the last 4 weeks and single backup for each month
for the last 6 months.
Enhancements
Backup config
To restore Cloudron from a backup or to migrate an app to another instance, you have to
make a note of the backup id, storage location, storage format and other details. We have
noticed that this task is error-prone and awkward. To help this process, we have made the
backup configuration downloadable as a JSON file. This file can be uploaded into the Cloudron
Restore UI or the App Import UI and it will fill up all the form fields
(except the backup passphrase and any secret access keys).
For example, let's see how to migrate an app to another Cloudron instance. First, download the
backup configuration corresponding to the backup:
Then, upload the configuration into the app import UI of the other Cloudron instance:
OVH Storage Backend
OVH announced support for S3 API
in it's Object Storage Clusters. We have added support for OVH Storage as a backup destination.
App graphs
Per app memory and disk usage is now available in the Graphs section of each app:
Box Backup listing
Cloudron has 2 types of backups - app backups and box backups. App backups are listed in the Backups
section of each app. Box backups are full server backups that include all the Cloudron configuration
(users, apps, domains, mailboxes etc). Box backups also contain a "link" to all the app backups at that
point in time.
You can view the list of all box backups in the new Backup listing UI:
Clicking on a backup will show the list of apps it contains:
There is also a 'Cleanup Backups' button that will remove old backups based on the retention policy.
Note that this is done automatically but might be useful if you change the retention policy and want
to run the cleanup immediately.
Security
EC Certs
Elliptic Curve certificates (ECC) are those whose public key uses elliptic curve cryptography. They are step up from the RSA public keys
because they are stronger, faster and use less power. ECC combined with cipher suites can provide
perfect forward secrecy (PFS) - an assurance that even if the encrypted traffic was recorded, it
cannot be decrypted even when the private key is compromised in a future date.
Cloudron now requests EC certs from Let's Encrypt by default. All existing installations
will get updated to use EC certs at certificate renewal time.
If you inspect the certificate in Firefox, you will see:
The supported cipher suites (for PFS):
All Cloudron apps should get an A+ on Qualys SSL test:
Sandboxing
Cloudron uses container technology (via Docker) to run apps
sandboxed from one another.
Further more, apps are provided access to the file system and databases in a fashion where they cannot
tamper with each other. In 5.2, we have hardened the sandboxing further by preventing apps from sniffing
any internal network traffic by droppping the NET_RAW capability. Thanks to @will
for reporting this!
Backup encryption
Cloudron supports encrypting backups using a password. This feature was written with a very simplistic
approach - it's goal was merely to obfuscate than to be bullet proof. However, an important security concern
was raised that given enough resources and access to all the encrypted backups, one could potentially
find the key.
In 5.2, we worked with @mehdi to make our backup encryption much more secure. A quick summary of
the changes:
Backups are encrypted using AES-256-CBC.
Backup Password is not stored in the database anymore. We derive keys using scrypt from the passphrase.
Per-file and per-filename IV.
Per-file HMAC digest to authenticate the encryption.
Most importantly, old backups are not compatible with the newer format. If you want to restore an app
from a backup that uses the old format, you can follow this guide.
You can read more details about the encryption file format and CLI tooling here.
Misc
Changes to Update Strategy
When we make a new app package release, we do not immediately make it available to all users. We roll it out
gradually over the course of the week. This approach lets us minimize the impact of a bad update. Cloudron's
update model allows us to revoke existing packages or roll out new patch releases overriding the previous package.
If you wanted to update to the new app package instantly, the only way was to contact us so that you are part of
next rollout. Several users have expressed interest in being able to update instantly without the overhead of contacting us.
Starting 5.2, if you click the 'Check for Updates' button, you will always get the latest update (app update or Cloudron update).
We have changed our update model such that our roll out only applies to automatic updates.
Stopped apps
Stopping an app will now also stop dependent services like redis. This change in behavior means that Cloudron
cannot take a backup of a stopped app because the backup code relies on all services to be running. Instead,
the code will simply re-use the last known good backup of the stopped app. For this reason, it is recommended to
trigger a backup before stopping the app.
Other notable changes
Fix bug in disk usage sorting
Mail: allow an external MX to be set
Ensure stopped apps are getting backed up
Spam: large emails were not scanned
Graphs: fix issue where large number of apps would crash the box code
Add new wasabi s3 storage region us-east-2
Mail: Fix bug where SRS translation was done on the main domain instead of mailing list domain
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
about 5 years
ago
by
Felix Bartels
This is a guest article from Felix Bartels originally posted on his blog.
While native support for OAuth has recently been removed from Cloudron users can still utilise OAuth 2 and OpenID Connect (oidc) to authorize users thanks to the built in
... [More]
OpenID Provider of the Kopano Meet app.
Under the hood Kopano Meet uses OpenID Connect to sign users into the application and this functionality is provided through Kopano Konnect, which is bundled inside of the app and pre-configured to allow Cloudron users to login. This article will show how to extend the configuration of Kopano Konnect to allow other apps to make use of OpenID Connect.
Requirements:
Cloudron 5.1
Installation of the latest version of Kopano Meet
Nextcloud app
"Social Login" app installed within Nextcloud
Nextcloud only serves as an example most users will probably already be familiar with, any other app allowing login through oidc can be configured in a similar way.
In the below configuration snippets I am going to use the domain meet.9wd.eu for my Kopano Meet installation and cloud.9wd.eu for my Nextcloud installation. Make sure to use your actual domain names during the configuration.
Extending the configuration of Kopano Konnect
To modify the configuration of Konnect you need to login at your Cloudron dashboard (which is usually available at https://my.your-comain.com) and open the terminal view of the Meet app (Look for "Console Access" in the settings of Meet). Here you need to open /app/data/konnectd-identifier-registration.yaml in an editor and add the following text to the end of the file:
- id: cloud.9wd.eu
application_type: web
name: Nextcloud Cloudron
trusted: true
redirect_uris:
- https://cloud.9wd.eu/index.php/apps/sociallogin/custom_oidc/CloudronMeet
Important: the redirect url must match the "internal name" specified during the social login configuration later on
After the file has been modified restart Konnect by running supervisorctl restart kopano-konnectd (alternatively the whole meet app could be restarted, but this is faster).
The rest of the configuration is done inside of Nextcloud.
Configuring Nextcloud for SSO with OpenID Connect
To configure Nextcloud for oidc you first need to login with an admin level user and install the "social login" app inside of Nextcloud. After the app has been installed you have go into its settings (which are located at https://cloud.9wd.eu/settings/admin/sociallogin) to configure it.
I recommend to have the following general configuration settings set in the app:
Disable auto create new users
Allow users to connect social logins with their account
This will mean that new users will first need to login through the "traditional" Nextcloud login and then from within their user settings link their oidc login to Nextcloud. This will be further explained once oidc is generally setup in Nextcloud.
Further down in the settings add your own "custom OpenID Connect" provider. You need to fill in the following values:
Internal name: CloudronMeet
users won't see this name, but it needs to match with the redirect_uris in konnectd-identifier-registration.yaml
Title: Kopano Konnect (Cloudron)
This is what the end user will see. The name should be something the user can relate to
Authorize url: https://meet.9wd.eu/signin/v1/identifier/_/authorize
Needs to match the domain the Meet app was installed on. Values can be retrieved from https://meet.9wd.eu/.well-known/openid-configuration
Token url: https://meet.9wd.eu/konnect/v1/token
User info URL (optional): https://meet.9wd.eu/konnect/v1/userinfo
Logout URL (optional): not required to be filled out
Client Id: cloud.9wd.eu
Client Secret: some-password
this value is not verified in the OpenID provider configuration, but needs to be specified anyways
Scope: openid profile email konnect/hashed_sub
Groups claim (optional): I have left this empty
Button style: OpenID
Default group: None
Once this is setup log out with your admin user account and you will see another login button on the Nextcloud login page titled "Kopano Konnect (Cloudron)".
Linking your Nextcloud user to oidc
Before the user can use oidc to log into Nextcloud, he need to link his existing Cloudron user to it. For this log into Nextcloud like you have done in the past and afterwards go into the settings of the user. Here you will now find an option called "social login" (the url will be similar to https://cloud.9wd.eu/settings/user/sociallogin).
Users need to manually connect their existing Nextcloud account with the oidc identity.
At this menu item you will find a section called "Available providers" with a button underneath that will read "Kopano Konnect (Cloudron)". Click this button once to link your Nextcloud account to your new OpenID identity. In case you have previously not been logged into Meet you will be asked for your credentials for this (which are your normal Cloudron credentials).
Once your Nextcloud account has been linked you can easily switch between Nextcloud and Kopano Meet without having to login again.
[Less]
|
Posted
about 5 years
ago
by
Girish
We are happy to announce the release of Cloudron 5.1!
For those unaware, Cloudron is a platform that makes it easy to run web apps like
WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5.1 adds a TURN service
... [More]
that makes it possible to have completely
private peer-to-peer (P2P) voice and video calls. We have added support for running decentralized
federation apps like Mastodon &
Matrix Synapse. This release also has
graph improvements, support for ECC certs, mail eventlog filter, security enhancements & more.
TURN Service
One of our primary goals with the 5.1 release was to support voice and video apps on Cloudron. Modern
conferencing apps use WebRTC to transfer voice, video and data between peers.
A necessary component to provide completely private P2P is to have a self-hosted STUN/TURN service.
In layman terms, a TURN service helps two parties make a connection with each other. When a direct
connection cannot be made (due to firewalls), it acts as a relay between those two parties.
Cloudron 5.1 has a built-in TURN service implemented with coturn.
Apps implementing WebRTC can use the turn addon
to configure themselves.
We have already updated 4 apps to use this new functionality:
Kopano Meet - P2P voice and video calls. Thanks to Felix of Kopano's team for helping us out!
Nextcloud Talk - P2P voice and video calls
Matrix Synapse - Decentralized communication
FilePizza - P2P file transfer
Note that the current apps are best suited for small groups of 3-5 users. We are working on packaging
apps like Jitsi and Big Blue Button for larger groups.
Mail Eventlog
The mail eventlog now has search and filter options.
Disk Graphs
Disk graphs are now sorted by usage.
Further, apps that have automatic backups disabled are now listed in the Backups view:
Thanks to @d19dotca for these suggestions!
Security improvements
We have various security related improvements:
We have dropped support for TLSv1 and TLSv1.1. Qualys recently starting capping these insecure protocols to B grade.
Elliptic Curve Cryptography or ECC certs provide greater security and perfect forward secrecy with a smaller key size. You can now upload custom ECC certs for each domain in the Domains view. Recently, Let's Encrypt has also started issuing ECC certs. In the next release, Cloudron will start installing ECC certs from Let's Encrypt automatically. Thanks to @zerononcense for reporting and testing this functionality.
The docker addon allows apps to create containers by accessing the docker daemon. With an incorrectly packaged app, it is possible for a normal Cloudron user to break out of Cloudron's app sandbox and become a Cloudron admin. For this reason, apps that use the docker addon can only be installed/updated/exec'ed by the Cloudron owner. In addition, we have implemented a docker proxy service that restricts the container operations that the app can do. Thanks to @iamthefij for bringing this up.
Password reset and new user invite tokens are now only valid for a day.
Custom .well-known URLs
We have recently released new apps like Mastodon and Matrix. These apps require well-known URIs
to be setup for federation to work. This release allows you to setup .well-known documents for
apps hosted on Cloudron. See the docs for more
information.
Other notable changes
mail: fix bug with listing of >25 mailboxes and aliases
branding: make the login page title show cloudron name
mail: fix incorrect eventlog db perms
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
about 5 years
ago
by
Girish
We are happy to announce the release of Cloudron 5!
For those unaware, Cloudron is a platform that makes it easy to run web apps like
WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5 adds User roles, App
... [More]
passwords, Mail Eventlog & usage,
Import UI for apps, Linode integrations, Branding UI & more.
User Roles
In Cloudron 4, there were only two kinds of users - admin & normal user. In Cloudron 5,
we have added roles to restrict the permissions of a user.
There are four roles: Owner, Admin, User Manager & User.
An Owner is the person who set up the Cloudron and is in charge of server administration
and subscription management. An Owner has the sole permission to configure backups,
and the branding.
An Admin can install apps and invite users.
A User Manager can add & remove users and groups.
Finally, a normal user can login to the dashboard and use the apps that they have access to.
The role can be assigned from the Users page.
Important: This release marks the first created admin user as the sole owner. This owner
can grant owner permissions to other users. Please see this forum post for more information.
Branding UI
An Owner can configure the look and feel of the Cloudron dashboard. For a start, the following bits
can be customized from the new Branding view.
Cloudron Name
Cloudron Logo
Footer
App not responding page
We will add support for providing a custom color scheme/css in a future release.
App Passwords
Cloudron Apps are packaged and maintained by the Cloudron team & community. We ensure that the apps
are packaged securely and do not leak sensitive information.
However, many of the apps are accessed using Mobile & desktop clients that require a password
to login. Using the password in a 3rd party app is a potential security risk. A password leak
by the client will end up compromising Cloudron because other apps use the same password as well.
We have implemented the App Passwords functionality for this reason. If you are trying out a new
mobile or desktop app from an untrusted vendor, you can generate a password that provides
access to a specific app. This way your main password does not get compromised.
Another use case for App Passwords is to create SFTP credentials for non-cloudron users (this
requires Cloudron 5.0.6).
App passwords can be managed in the Profile view.
Linode
Linode is a popular VPS provider for installing Cloudron. You can
now store backups on Linode’s Object Storage.
We have also integrated Linode DNS Manager
for automated domain setup.
As of this writing, Linode DNS average propagation time is 30 minutes. Installing apps & getting a
Let's Encrypt certificate will thus take a while. We are working with the Linode team to get this
sorted out.
Import UI
It is now incredibly simple to move an app from one Cloudron to another. First, take an
app snapshot in the source Cloudron.
Make note of the backup id (click the copy to clipboard icon). Then, install a new app in the
target Cloudron. Make sure the package version matches with the original one. After installation,
go to it's Backup section and use the Import button.
Mail Eventlog
Mail server activity can now be monitored using the Eventlog UI in the Email page.
Mailbox Usage
Per domain disk usage information is now available in the Email UI.
Per mailbox disk usage information is also available.
Spam Training
Cloudron mail server maintains a per-user spam database. It automatically trains this database
when user marks an email as spam (or not). However, an important component that was missing was
re-inforced learning where the spam filter is periodically (re)fed spam and ham emails from the
user's mailbox. There is now a daily cron job that trains the spam filter using emails from the
user's mailbox. No configuration is required, it's completely automatic.
Other notable changes
Show backup disk usage in graphs
Display timestamps in browser timezone in the UI
mail: Add X-Envelope-To and X-Envelope-From headers for incoming mails
Fix potential previlige escalation because of ghost file (thanks to @iamthefij for reporting this)
Add app start/stop/restart events in event log
Use the primary email for LE account
Install or update Cloudron
New to Cloudron? Get started for free by running with 3
simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|
Posted
over 5 years
ago
by
Johannes
GitHub has become the main platform to collaborate on open source projects. It started out as
managed git hosting. Over time it has incorporated features around the needs of open source projects. This includes
basic issue tracking, wiki, pull
... [More]
requests, CI/CD and audit tooling.
GitHub being such a central and core platform for projects and software companies, also comes with drawbacks.
It is a closed source product with a largely unknown road map. It is also a single point of failure for teams.
Further, since the acquisition
of GitHub by Microsoft, many are worried whether it will retain it's former independence. More often than not, acquisitions
makes it even less transparent on what the future brings.
Luckily, many great open source alternatives have emerged and are suite better as they are tailored to specific needs.
Let's check out 5 great projects, which lets you get back control of your precious SCM and contributor communities.
GitLab
By Gabriel Mazetto - Own work, CC BY-SA 4.0, Link
GitLab was started in 2011 when Dmitriy Zaporozhets needed a tool to collaborate with his team. Since then the project has evolved dramatically and by now boasts an impressive feature set. In many areas like CI/CD or container management, it has even surpassed the feature set of GitHub.
Next to the typical features around source code management, GitLab now has support for continuous integration, auto dev-ops pipelines, security automation, agile development tooling and analytics around project development. Developers, who are used to GitHub will feel right at home.
GitLab follows an open core model. In this model, there is a Free & Open Source version of the product that offers most of the features. There is also a paid enterprise edition, suited for larger organizations.
GitLab is written in Rails but also has some components written in Go. Installing GitLab from source is an onerous undertaking and not for
the faint of heart!
Gogs
Gogs is "a painless self-hosted Git service" and the feature set and development takes this to heart. It offers everything that is required from a basic git hosting service but nothing more. For example, instead of writing a custom CI/CD system,
it instead merely integrates with existing CI/CD systems like Jenkins, Drone, Concourse. This focus keeps it simple and lightweight
and is thus ideal for small teams and personal projects. Gogs is written in Golang and thus highly performant.
Gitea
By CaptainStack - Own work, CC BY-SA 4.0, Link
Gitea is a community fork of the afore-mentioned Gogs. It was forked in November 2016 because the Gitea authors
wanted a different management model that included more people. In contrast, contribution to the Gogs project is tightly controlled by
the Gogs author. Gitea has a similar feature set as Gogs together with a slightly improved user interface. It also has a lot of small fixes
under the hood. The contributor community maintains a active blog where you can read more about upcoming releases
and features.
Phabricator
Phabricator was originally developed as an internal tool for Facebook. The project was continued independently under a new company founded by main developer Evan Priestley once he left Facebook. The new company Phacility develops Phabricator as an Open Source Project and provides hosted instances together with support.
The first release was already 10 years ago in 2010 and as such is one of the most mature projects. Phabricator does not only supports Git for source code management but also Mercurial and Subversion.
Phabricator is actually a whole suite of tools around project management and not just git hosting. It includes Conpherence Group messaging, Phriction Wiki,
Workboards, Herald Business Rules and much more.
Redmine
Redmine was started in 2006 by Jean-Philippe. It is a free and open source, web-based project management and issue tracking tool. It allows users to manage multiple projects and associated sub-projects. It features per project wikis and forums, time tracking, and flexible, role-based access control.
One of the main strengths of Redmine over the other projects we have discussed so far is that it is extensible via plugins. There is an
active community that develops and maintains Redmine plugins for just about every use case.
Supported Features
GitLab
Gogs
Gitea
Phabricator
Redmine
Git
✓
✓
✓
✓
✓
Mercurial
✓
✓
Subversion
✓
✓
Merge Requests
✓
✓
✓
Issue Tracker
✓
✓
✓
✓
✓
Wiki
✓
✓
✓
✓
✓
CI/CD Integration
✓
Conclusion
There is no clear winner as it heavily depends on the use-case. If non-git source code management is required, the options are
Redmine & Phabricator. Redmine can appear to be a bit dated from a UX point of view. Phabricator looks modern but it's workflows
are quite different from GitHub. GitLab, on the other hand, has the familiar UX as GitHub and covers nearly all use-cases for project management. However, GitLab is quite resource intensive to run and is a bit of a maintenance burden. Gogs & Gitea offer light weight solutions for basic Git hosting with issue tracking and pull/merge requests.
Try them out
Cloudron is a platform that makes it easy to run and manage web apps like WordPress, Nextcloud, GitLab on your server.
GitLab, Gogs, Gitea, Phabricator and Redmine are all available on the Cloudron Store
and can be easily installed on your server with a few clicks.
Try these apps now
With Cloudron from the DigitalOcean Marketplace
Comments?
Comments/Suggestions/Feedback? Use our Forum or
email us.
[Less]
|