Cloudron

We are happy to announce the release of Cloudron 5.4! For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure. Cloudron 5.4 adds a dark mode ... [More] , file manager, Mandatory 2FA, Backblaze B2 support & lots of bug fixes! Features Dark Mode The new Dark Mode brings a beautiful dark color scheme for the Cloudron Dashboard. This new look is easier on the eyes and helps reduce eye strain. The dashboard automatically uses this new look when the OS switches to dark mode. You can also turn on dark mode per-site using a browser extension like Dark Reader. File Manager File Manager allows you to create and modify application files straight from the browser. The File Manager can be access from the Console section of any app. Clicking on the File Manager button will open a new window: File Manager supports the following actions: Creating new files and folders Uploading new files and folders Edit files (just click on the file). There is also basic syntax highlighting for the file Basic operations like download/rename/delete file (right click on file name) Change ownership of file (right click on filename) Mandatory 2FA Admins can now require all users to set up two factor authentication. When enabled, all new users will be forced to setup a 2FA during sign up. Existing users will be forced to setup 2FA when they login or reload the dashboard page. When users login, they will see a modal dialog like below: Lock user profiles Admins can now disallow users from changing their email and full name. When locked, the user's profile becomes readonly like below (the edit buttons are missing): Backblaze B2 Backblaze B2 recently announced support for S3 compatible APIs. Thanks to this new feature, we have added Backblaze B2 as a backup destination. Enhancements Univention Directory We have added support for synchronizing users and groups from a Univention Directory server. To configure, go to the Users view and select Univention in the external LDAP configuration. Ping capability In Cloudron 5.2, we dropped NET_RAW caps from containers to prevent them from sniffing internal network traffic. This, however, prevented apps from making ICMP requests as well. We have added a new ping capability in the manifest to allow apps like Statping to make ICMP requests. Security Nginx The nginx packages in Ubuntu 18 are lagging behind. For this reason, we now use the latest stable packages from the nginx project directly. We have updated nginx to 1.8 for various security related fixes in this release. In addition, we have started hiding the version of nginx in HTTP responses. Misc Fix bug where aliases were displayed incorrectly in SOGo Bump max_connection for postgres addon to 200 The mailbox and the mailing list views now have pagination and search support. Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. To update an existing installation, simply click on the 'Update now' button on your dashboard. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

We are happy to announce the availability of Cloudron Referral Program. If you like running apps using Cloudron, please share your experience on social networks, youtube and other sites to earn account credit. How it works When someone subscribes to ... [More] Cloudron using your referral code, you will get a $30 service credit. The referred person will get a $30 credit as well. Your referral code To get your referral code, login to cloudron.io and go to the 'Referral' section. Here's a direct link. Using your code When a customer sets up a subscription, they can fill in your referral code and the credits will be immediately applied. Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

We are happy to announce the availability of Cloudron Referral Program. If you like running apps using Cloudron, please share your experience on social networks, youtube and other sites to earn account credit. How it works If someone subscribes to ... [More] Cloudron using your referral code, then you will get a $30 service credit. The referred person will get a $30 credit as well. Your referral code To get your referral code, login to cloudron.io and go to the 'Referral' section. Here's a direct link. Using your code When a customer sets up a subscription, they can fill in your referral code and the credits will be immediately applied. Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

This is an interview from Girish, founder of Cloudron and GzEvD, an avid Cloudron user. Girish: Please introduce yourself. Tobias: My name is Tobias Bähr and I'm working for the Gesellschaft zur Entwicklung von Dingen (Company for the Development of ... [More] Things) as a software developer. We are a Berlin-based company with 6 employees and a lot of freelancers and partner companies. We are strong in technology consulting and planning, especially in free and open source software. But we also develop a lot of web applications for customers (and for ourselves). Tobias, please tell us which products you used before you came to Cloudron. One of our last technology stacks was based on a private cloud. We used OpenNebula, Rancher, and a hell of a lot of automation scripts. Parts of that stack we are still using today for custom projects. Ah I see. What was your reason for using Cloudron? For our consultance business it's necessary to know a lot of FOSS apps, therefore we always install a lot of those. However, security issues are a concern for us. We would not want to have abandoned installations around. We stumbled upon Cloudron and started with a small trial. What was most appealing to us was the prompt updates. Obviously because of that, Cloudron now is our first choice. What do you like most about Cloudron? A few weeks after our initial try, I realized that Cloudron is the missing piece in our stack. In our development workflow it's important for us to show customers the results from a feature branch. But before Cloudron, it was difficult to create a stage environment for customers to empower their quality assurance. Especially when we have several parallel feature branches. Today our workflow looks like this: Add the code base of the project into a prepared Cloudron base image Push it into our private docker registry (Gitlab) Use the Cloudron-CLI to start the app or remove it, after the branch was merged or deleted All done via the CI of Gitlab Tasks like obtaining a certificate, binding it to LDAP user directory, and supporting non-technical staff through the Cloudron dashboard are all done by Cloudron magic. We love it. Which apps do you use on Cloudron? We have several instances of Cloudron. As I said before, one instance serves our staging environment, another instance is more a playground for new apps and a third one is used by our company for collaborative work. On those we use the following apps: Rocket.chat: for our internal company communication. Nextcloud: for sharing documents in our company and with customers ONLYOFFICE & Collabora: to replace Office 365 Bookstack: as our internal wiki Wekan: as our Kanban board OpenProject: as our project management tool Kimai: for timetracking EspoCRM: for contacts InvoiceNinja: for invoices CodiMD: a wonderful piece of software for notes and meeting minutes Surfer: for some websites Commento: for some static website content Matomo: to replace google analytics Thank you, Tobias! Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

We are happy to announce the release of Cloudron 5.3! For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure. Cloudron 5.3 adds new ... [More] NFS/SSHFS/CIFS storage backends, LDAP groups synchonization, Dashboard optimizations & lots of bug fixes! Features NFS/SSHFS/CIFS We have added three specialized file systems backends for backups - NFS, SSHFS and CIFS. These backends check that the backup path is mounted properly with the correct flags before performing the backup. This prevents issues where Cloudron might inadvertently backup to the local file system when the external storage is not mounted. See the docs for detailed information on how to mount these filesystems on the server. LDAP Groups Synchronization The LDAP connector allows users from your existing LDAP or active directory to authenticate with Cloudron. In 5.3, you can optionally sync LDAP groups as Cloudron groups. LDAP group membership will be carried over to Cloudron users as well. Unaccent extension in PostgreSQL unaccent is a text search dictionary that removes accents (diacritic signs) from lexemes. We have enabled the unaccent extension in the PostgreSQL addon. Apps like Peertube can take advantage of this extension to provide accent-insensitive processing for full text search. Enhancements Dashboard In previous versions, Cloudron Dashboard would load excruciatingly slowly if you had a large number of apps. In addition, it would poll a lot to get the status of the apps. We have done a lot of optimizations this release to ensure the Dashboard not only loads fast but also downloads much lesser. We have re-designed the App Store view to be more compact and load faster as well. You can now search for popular SaaS and find alternate apps (for example, try 'github' or 'slack'). Backup cleanup policy The backup cleaner removed old backups based on the backup policy. This cleaner has undergone various changes. The following are some of the important rules that are followed by the backup cleaner: For installed apps and box backups, the latest backup is always retained regardless of the policy. This ensures that even if all the backups are outside of the retention policy, there is still atleast one backup preserved. This change also ensure that the latest backup of stopped apps is preserved when not referenced by any box backup. For uninstalled apps, the latest backup is cleaned up as per the policy. Finally, if the latest backup is already part of the policy, it is not counted twice. Errored and partial backups are cleaned up immediately. nginx nginx logs are available in the services view. We have also updated the nginx config to support higher loads. Specifically, we have optimized worker_rlimit_nofile, worker_processes and worker_connections configuration in nginx. S3 API Amazon S3 will no longer support path-style API requests starting September 30th, 2020. As a result of this deprecation, we have moved all S3 compatible providers to now use vhost style API requests. This includes Digital Ocean Spaces, Exoscale SOS, Linode Object Storage, OVH Object Storage, Scaleway Object Storage & Wasabi. Minio backups will continue to use the path-style API requests since the typical setup here is to not have a subdomain for each bucket. We have also added a Region field to S3 API Compatible providers. This is required for providers like Yandex Object Storage. cloudron-setup The cloudron-setup script does not require the --provider argument anymore. You can now install Cloudron on a Ubuntu Bionic 18.04 x64 server and run the setup script without arguments like this: wget https://cloudron.io/cloudron-setup chmod +x ./cloudron-setup ./cloudron-setup Note that the --provider flag is still required if you want to install older versions of Cloudron. Misc Cloudron mail server now sets the Auto-Submitted header for bounce emails. This feature allows apps like FreeScout to skip sending an auto-reply. Fix issue where PostgreSQL and MySQL addons would timeout when restoring very large backups. Fix crash when redis config was set Update schedule was unselected in the UI mail: make authentication case insensitive Do not count stopped apps for memory use Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. To update an existing installation, simply click on the 'Update now' button on your dashboard. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

We are happy to announce the release of Cloudron 5.2! For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure. Cloudron 5.2 adds EC certs ... [More] , Member only mailing lists, Inter-domain mail aliases, OVH storage backend, App graphs & more! Features Members only mailing list Internal or closed mailing lists can be marked as members only. This way an outsider cannot send mails to this list and will get a bounce. This feature is also useful in blocking spam from external email addresses. Inter-domain aliases We have enhanced the email alias functionality to allow aliases across domains. Redis status The status of Redis is now available in the Services view. Like other services like MySQL, one can view the logs of Redis, adjust the memory limit and restart the service. Note that unlike other services like MySQL which are shared across apps, each app gets it's own Redis (this is because redis does not support multi-tenancy). Backup retention policy A good backup policy is to thin out backups based on their age. Our current rentention policy used to simply prune backups based on their age. In 5.2, you can decide to keep a specific number of daily, weekly, monthly and yearly backups. For example, a backup policy of "3 daily, 4 weekly, 6 monthly" means to keep a single backup for each day for the last 3 days, single backup for each week for the last 4 weeks and single backup for each month for the last 6 months. Enhancements Backup config To restore Cloudron from a backup or to migrate an app to another instance, you have to make a note of the backup id, storage location, storage format and other details. We have noticed that this task is error-prone and awkward. To help this process, we have made the backup configuration downloadable as a JSON file. This file can be uploaded into the Cloudron Restore UI or the App Import UI and it will fill up all the form fields (except the backup passphrase and any secret access keys). For example, let's see how to migrate an app to another Cloudron instance. First, download the backup configuration corresponding to the backup: Then, upload the configuration into the app import UI of the other Cloudron instance: OVH Storage Backend OVH announced support for S3 API in it's Object Storage Clusters. We have added support for OVH Storage as a backup destination. App graphs Per app memory and disk usage is now available in the Graphs section of each app: Box Backup listing Cloudron has 2 types of backups - app backups and box backups. App backups are listed in the Backups section of each app. Box backups are full server backups that include all the Cloudron configuration (users, apps, domains, mailboxes etc). Box backups also contain a "link" to all the app backups at that point in time. You can view the list of all box backups in the new Backup listing UI: Clicking on a backup will show the list of apps it contains: There is also a 'Cleanup Backups' button that will remove old backups based on the retention policy. Note that this is done automatically but might be useful if you change the retention policy and want to run the cleanup immediately. Security EC Certs Elliptic Curve certificates (ECC) are those whose public key uses elliptic curve cryptography. They are step up from the RSA public keys because they are stronger, faster and use less power. ECC combined with cipher suites can provide perfect forward secrecy (PFS) - an assurance that even if the encrypted traffic was recorded, it cannot be decrypted even when the private key is compromised in a future date. Cloudron now requests EC certs from Let's Encrypt by default. All existing installations will get updated to use EC certs at certificate renewal time. If you inspect the certificate in Firefox, you will see: The supported cipher suites (for PFS): All Cloudron apps should get an A+ on Qualys SSL test: Sandboxing Cloudron uses container technology (via Docker) to run apps sandboxed from one another. Further more, apps are provided access to the file system and databases in a fashion where they cannot tamper with each other. In 5.2, we have hardened the sandboxing further by preventing apps from sniffing any internal network traffic by droppping the NET_RAW capability. Thanks to @will for reporting this! Backup encryption Cloudron supports encrypting backups using a password. This feature was written with a very simplistic approach - it's goal was merely to obfuscate than to be bullet proof. However, an important security concern was raised that given enough resources and access to all the encrypted backups, one could potentially find the key. In 5.2, we worked with @mehdi to make our backup encryption much more secure. A quick summary of the changes: Backups are encrypted using AES-256-CBC. Backup Password is not stored in the database anymore. We derive keys using scrypt from the passphrase. Per-file and per-filename IV. Per-file HMAC digest to authenticate the encryption. Most importantly, old backups are not compatible with the newer format. If you want to restore an app from a backup that uses the old format, you can follow this guide. You can read more details about the encryption file format and CLI tooling here. Misc Changes to Update Strategy When we make a new app package release, we do not immediately make it available to all users. We roll it out gradually over the course of the week. This approach lets us minimize the impact of a bad update. Cloudron's update model allows us to revoke existing packages or roll out new patch releases overriding the previous package. If you wanted to update to the new app package instantly, the only way was to contact us so that you are part of next rollout. Several users have expressed interest in being able to update instantly without the overhead of contacting us. Starting 5.2, if you click the 'Check for Updates' button, you will always get the latest update (app update or Cloudron update). We have changed our update model such that our roll out only applies to automatic updates. Stopped apps Stopping an app will now also stop dependent services like redis. This change in behavior means that Cloudron cannot take a backup of a stopped app because the backup code relies on all services to be running. Instead, the code will simply re-use the last known good backup of the stopped app. For this reason, it is recommended to trigger a backup before stopping the app. Other notable changes Fix bug in disk usage sorting Mail: allow an external MX to be set Ensure stopped apps are getting backed up Spam: large emails were not scanned Graphs: fix issue where large number of apps would crash the box code Add new wasabi s3 storage region us-east-2 Mail: Fix bug where SRS translation was done on the main domain instead of mailing list domain Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. To update an existing installation, simply click on the 'Update now' button on your dashboard. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

This is a guest article from Felix Bartels originally posted on his blog. While native support for OAuth has recently been removed from Cloudron users can still utilise OAuth 2 and OpenID Connect (oidc) to authorize users thanks to the built in ... [More] OpenID Provider of the Kopano Meet app. Under the hood Kopano Meet uses OpenID Connect to sign users into the application and this functionality is provided through Kopano Konnect, which is bundled inside of the app and pre-configured to allow Cloudron users to login. This article will show how to extend the configuration of Kopano Konnect to allow other apps to make use of OpenID Connect. Requirements: Cloudron 5.1 Installation of the latest version of Kopano Meet Nextcloud app "Social Login" app installed within Nextcloud Nextcloud only serves as an example most users will probably already be familiar with, any other app allowing login through oidc can be configured in a similar way. In the below configuration snippets I am going to use the domain meet.9wd.eu for my Kopano Meet installation and cloud.9wd.eu for my Nextcloud installation. Make sure to use your actual domain names during the configuration. Extending the configuration of Kopano Konnect To modify the configuration of Konnect you need to login at your Cloudron dashboard (which is usually available at https://my.your-comain.com) and open the terminal view of the Meet app (Look for "Console Access" in the settings of Meet). Here you need to open /app/data/konnectd-identifier-registration.yaml in an editor and add the following text to the end of the file: - id: cloud.9wd.eu application_type: web name: Nextcloud Cloudron trusted: true redirect_uris: - https://cloud.9wd.eu/index.php/apps/sociallogin/custom_oidc/CloudronMeet Important: the redirect url must match the "internal name" specified during the social login configuration later on After the file has been modified restart Konnect by running supervisorctl restart kopano-konnectd (alternatively the whole meet app could be restarted, but this is faster). The rest of the configuration is done inside of Nextcloud. Configuring Nextcloud for SSO with OpenID Connect To configure Nextcloud for oidc you first need to login with an admin level user and install the "social login" app inside of Nextcloud. After the app has been installed you have go into its settings (which are located at https://cloud.9wd.eu/settings/admin/sociallogin) to configure it. I recommend to have the following general configuration settings set in the app: Disable auto create new users Allow users to connect social logins with their account This will mean that new users will first need to login through the "traditional" Nextcloud login and then from within their user settings link their oidc login to Nextcloud. This will be further explained once oidc is generally setup in Nextcloud. Further down in the settings add your own "custom OpenID Connect" provider. You need to fill in the following values: Internal name: CloudronMeet users won't see this name, but it needs to match with the redirect_uris in konnectd-identifier-registration.yaml Title: Kopano Konnect (Cloudron) This is what the end user will see. The name should be something the user can relate to Authorize url: https://meet.9wd.eu/signin/v1/identifier/_/authorize Needs to match the domain the Meet app was installed on. Values can be retrieved from https://meet.9wd.eu/.well-known/openid-configuration Token url: https://meet.9wd.eu/konnect/v1/token User info URL (optional): https://meet.9wd.eu/konnect/v1/userinfo Logout URL (optional): not required to be filled out Client Id: cloud.9wd.eu Client Secret: some-password this value is not verified in the OpenID provider configuration, but needs to be specified anyways Scope: openid profile email konnect/hashed_sub Groups claim (optional): I have left this empty Button style: OpenID Default group: None Once this is setup log out with your admin user account and you will see another login button on the Nextcloud login page titled "Kopano Konnect (Cloudron)". Linking your Nextcloud user to oidc Before the user can use oidc to log into Nextcloud, he need to link his existing Cloudron user to it. For this log into Nextcloud like you have done in the past and afterwards go into the settings of the user. Here you will now find an option called "social login" (the url will be similar to https://cloud.9wd.eu/settings/user/sociallogin). Users need to manually connect their existing Nextcloud account with the oidc identity. At this menu item you will find a section called "Available providers" with a button underneath that will read "Kopano Konnect (Cloudron)". Click this button once to link your Nextcloud account to your new OpenID identity. In case you have previously not been logged into Meet you will be asked for your credentials for this (which are your normal Cloudron credentials). Once your Nextcloud account has been linked you can easily switch between Nextcloud and Kopano Meet without having to login again. [Less]

We are happy to announce the release of Cloudron 5.1! For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure. Cloudron 5.1 adds a TURN service ... [More] that makes it possible to have completely private peer-to-peer (P2P) voice and video calls. We have added support for running decentralized federation apps like Mastodon & Matrix Synapse. This release also has graph improvements, support for ECC certs, mail eventlog filter, security enhancements & more. TURN Service One of our primary goals with the 5.1 release was to support voice and video apps on Cloudron. Modern conferencing apps use WebRTC to transfer voice, video and data between peers. A necessary component to provide completely private P2P is to have a self-hosted STUN/TURN service. In layman terms, a TURN service helps two parties make a connection with each other. When a direct connection cannot be made (due to firewalls), it acts as a relay between those two parties. Cloudron 5.1 has a built-in TURN service implemented with coturn. Apps implementing WebRTC can use the turn addon to configure themselves. We have already updated 4 apps to use this new functionality: Kopano Meet - P2P voice and video calls. Thanks to Felix of Kopano's team for helping us out! Nextcloud Talk - P2P voice and video calls Matrix Synapse - Decentralized communication FilePizza - P2P file transfer Note that the current apps are best suited for small groups of 3-5 users. We are working on packaging apps like Jitsi and Big Blue Button for larger groups. Mail Eventlog The mail eventlog now has search and filter options. Disk Graphs Disk graphs are now sorted by usage. Further, apps that have automatic backups disabled are now listed in the Backups view: Thanks to @d19dotca for these suggestions! Security improvements We have various security related improvements: We have dropped support for TLSv1 and TLSv1.1. Qualys recently starting capping these insecure protocols to B grade. Elliptic Curve Cryptography or ECC certs provide greater security and perfect forward secrecy with a smaller key size. You can now upload custom ECC certs for each domain in the Domains view. Recently, Let's Encrypt has also started issuing ECC certs. In the next release, Cloudron will start installing ECC certs from Let's Encrypt automatically. Thanks to @zerononcense for reporting and testing this functionality. The docker addon allows apps to create containers by accessing the docker daemon. With an incorrectly packaged app, it is possible for a normal Cloudron user to break out of Cloudron's app sandbox and become a Cloudron admin. For this reason, apps that use the docker addon can only be installed/updated/exec'ed by the Cloudron owner. In addition, we have implemented a docker proxy service that restricts the container operations that the app can do. Thanks to @iamthefij for bringing this up. Password reset and new user invite tokens are now only valid for a day. Custom .well-known URLs We have recently released new apps like Mastodon and Matrix. These apps require well-known URIs to be setup for federation to work. This release allows you to setup .well-known documents for apps hosted on Cloudron. See the docs for more information. Other notable changes mail: fix bug with listing of >25 mailboxes and aliases branding: make the login page title show cloudron name mail: fix incorrect eventlog db perms Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. To update an existing installation, simply click on the 'Update now' button on your dashboard. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

We are happy to announce the release of Cloudron 5! For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure. Cloudron 5 adds User roles, App ... [More] passwords, Mail Eventlog & usage, Import UI for apps, Linode integrations, Branding UI & more. User Roles In Cloudron 4, there were only two kinds of users - admin & normal user. In Cloudron 5, we have added roles to restrict the permissions of a user. There are four roles: Owner, Admin, User Manager & User. An Owner is the person who set up the Cloudron and is in charge of server administration and subscription management. An Owner has the sole permission to configure backups, and the branding. An Admin can install apps and invite users. A User Manager can add & remove users and groups. Finally, a normal user can login to the dashboard and use the apps that they have access to. The role can be assigned from the Users page. Important: This release marks the first created admin user as the sole owner. This owner can grant owner permissions to other users. Please see this forum post for more information. Branding UI An Owner can configure the look and feel of the Cloudron dashboard. For a start, the following bits can be customized from the new Branding view. Cloudron Name Cloudron Logo Footer App not responding page We will add support for providing a custom color scheme/css in a future release. App Passwords Cloudron Apps are packaged and maintained by the Cloudron team & community. We ensure that the apps are packaged securely and do not leak sensitive information. However, many of the apps are accessed using Mobile & desktop clients that require a password to login. Using the password in a 3rd party app is a potential security risk. A password leak by the client will end up compromising Cloudron because other apps use the same password as well. We have implemented the App Passwords functionality for this reason. If you are trying out a new mobile or desktop app from an untrusted vendor, you can generate a password that provides access to a specific app. This way your main password does not get compromised. Another use case for App Passwords is to create SFTP credentials for non-cloudron users (this requires Cloudron 5.0.6). App passwords can be managed in the Profile view. Linode Linode is a popular VPS provider for installing Cloudron. You can now store backups on Linode’s Object Storage. We have also integrated Linode DNS Manager for automated domain setup. As of this writing, Linode DNS average propagation time is 30 minutes. Installing apps & getting a Let's Encrypt certificate will thus take a while. We are working with the Linode team to get this sorted out. Import UI It is now incredibly simple to move an app from one Cloudron to another. First, take an app snapshot in the source Cloudron. Make note of the backup id (click the copy to clipboard icon). Then, install a new app in the target Cloudron. Make sure the package version matches with the original one. After installation, go to it's Backup section and use the Import button. Mail Eventlog Mail server activity can now be monitored using the Eventlog UI in the Email page. Mailbox Usage Per domain disk usage information is now available in the Email UI. Per mailbox disk usage information is also available. Spam Training Cloudron mail server maintains a per-user spam database. It automatically trains this database when user marks an email as spam (or not). However, an important component that was missing was re-inforced learning where the spam filter is periodically (re)fed spam and ham emails from the user's mailbox. There is now a daily cron job that trains the spam filter using emails from the user's mailbox. No configuration is required, it's completely automatic. Other notable changes Show backup disk usage in graphs Display timestamps in browser timezone in the UI mail: Add X-Envelope-To and X-Envelope-From headers for incoming mails Fix potential previlige escalation because of ghost file (thanks to @iamthefij for reporting this) Add app start/stop/restart events in event log Use the primary email for LE account Install or update Cloudron New to Cloudron? Get started for free by running with 3 simple commands on your server. To update an existing installation, simply click on the 'Update now' button on your dashboard. Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]

GitHub has become the main platform to collaborate on open source projects. It started out as managed git hosting. Over time it has incorporated features around the needs of open source projects. This includes basic issue tracking, wiki, pull ... [More] requests, CI/CD and audit tooling. GitHub being such a central and core platform for projects and software companies, also comes with drawbacks. It is a closed source product with a largely unknown road map. It is also a single point of failure for teams. Further, since the acquisition of GitHub by Microsoft, many are worried whether it will retain it's former independence. More often than not, acquisitions makes it even less transparent on what the future brings. Luckily, many great open source alternatives have emerged and are suite better as they are tailored to specific needs. Let's check out 5 great projects, which lets you get back control of your precious SCM and contributor communities. GitLab By Gabriel Mazetto - Own work, CC BY-SA 4.0, Link GitLab was started in 2011 when Dmitriy Zaporozhets needed a tool to collaborate with his team. Since then the project has evolved dramatically and by now boasts an impressive feature set. In many areas like CI/CD or container management, it has even surpassed the feature set of GitHub. Next to the typical features around source code management, GitLab now has support for continuous integration, auto dev-ops pipelines, security automation, agile development tooling and analytics around project development. Developers, who are used to GitHub will feel right at home. GitLab follows an open core model. In this model, there is a Free & Open Source version of the product that offers most of the features. There is also a paid enterprise edition, suited for larger organizations. GitLab is written in Rails but also has some components written in Go. Installing GitLab from source is an onerous undertaking and not for the faint of heart! Gogs Gogs is "a painless self-hosted Git service" and the feature set and development takes this to heart. It offers everything that is required from a basic git hosting service but nothing more. For example, instead of writing a custom CI/CD system, it instead merely integrates with existing CI/CD systems like Jenkins, Drone, Concourse. This focus keeps it simple and lightweight and is thus ideal for small teams and personal projects. Gogs is written in Golang and thus highly performant. Gitea By CaptainStack - Own work, CC BY-SA 4.0, Link Gitea is a community fork of the afore-mentioned Gogs. It was forked in November 2016 because the Gitea authors wanted a different management model that included more people. In contrast, contribution to the Gogs project is tightly controlled by the Gogs author. Gitea has a similar feature set as Gogs together with a slightly improved user interface. It also has a lot of small fixes under the hood. The contributor community maintains a active blog where you can read more about upcoming releases and features. Phabricator Phabricator was originally developed as an internal tool for Facebook. The project was continued independently under a new company founded by main developer Evan Priestley once he left Facebook. The new company Phacility develops Phabricator as an Open Source Project and provides hosted instances together with support. The first release was already 10 years ago in 2010 and as such is one of the most mature projects. Phabricator does not only supports Git for source code management but also Mercurial and Subversion. Phabricator is actually a whole suite of tools around project management and not just git hosting. It includes Conpherence Group messaging, Phriction Wiki, Workboards, Herald Business Rules and much more. Redmine Redmine was started in 2006 by Jean-Philippe. It is a free and open source, web-based project management and issue tracking tool. It allows users to manage multiple projects and associated sub-projects. It features per project wikis and forums, time tracking, and flexible, role-based access control. One of the main strengths of Redmine over the other projects we have discussed so far is that it is extensible via plugins. There is an active community that develops and maintains Redmine plugins for just about every use case. Supported Features GitLab Gogs Gitea Phabricator Redmine Git ✓ ✓ ✓ ✓ ✓ Mercurial ✓ ✓ Subversion ✓ ✓ Merge Requests ✓ ✓ ✓ Issue Tracker ✓ ✓ ✓ ✓ ✓ Wiki ✓ ✓ ✓ ✓ ✓ CI/CD Integration ✓ Conclusion There is no clear winner as it heavily depends on the use-case. If non-git source code management is required, the options are Redmine & Phabricator. Redmine can appear to be a bit dated from a UX point of view. Phabricator looks modern but it's workflows are quite different from GitHub. GitLab, on the other hand, has the familiar UX as GitHub and covers nearly all use-cases for project management. However, GitLab is quite resource intensive to run and is a bit of a maintenance burden. Gogs & Gitea offer light weight solutions for basic Git hosting with issue tracking and pull/merge requests. Try them out Cloudron is a platform that makes it easy to run and manage web apps like WordPress, Nextcloud, GitLab on your server. GitLab, Gogs, Gitea, Phabricator and Redmine are all available on the Cloudron Store and can be easily installed on your server with a few clicks. Try these apps now With Cloudron from the DigitalOcean Marketplace Comments? Comments/Suggestions/Feedback? Use our Forum or email us. [Less]