Cloudron 1.7.6 released

By Girish on Tuesday, October 31st 2017

We are happy to announce the release of Cloudron 1.7.6. 1.7.6 is primarily a patch release for 1.7 with some small enhancements.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

TLS mail relay

Every Cloudron has an internal mail relay server powered by Haraka. Apps have to authenticate to relay email.

There are a bunch of frameworks (e.g PHP based) that do not work well with self-signed certs. This led us to disabling STARTTLS wholesale for all apps. Apps still use auth but with STARTTLS and TLS disabled. This is fine because Cloudron's internal network is 'safe' from snooping.

Recently, the Go team decided not to send auth information over plain text connections. This broke our internal mail relay setup and apps like Mattermost were unable to send email.

For this reason, the internal mail relay now supports TLS based relay (SMTPS). The sendmail addon now exposes a new port MAIL_SMTPS_PORT.

Thanks to the haraka team for accepting our PR.

SMTP disconnect issue

The latest Haraka introduced a major issue where Haraka does not terminate the SMTP connection properly. This caused some apps like SOGo to not close the compose mail view (even though the mail itself was sent successfully). The latest release fixes this issue.

LDAP pagination support

The internal LDAP server now supports paginated requests. This will remove the errors displayed in the logs of apps like ownCloud, Nextcloud. The latest Rocket.Chat also requires this feature for login to work.

LDAP compare

LDAP compare is a feature where a client can ask the server to compare attributes against a value. Modules like django_ldap use this feature to validate the group membership of a user. One security benefit is for values like passwords which are now kept local to the server and not passed on to the client for comparison.

This feature will allow us to support some apps like Paperless.

404 page for unknown domains

In wildcard DNS setups, HTTP requests to invalid domains end up on the Cloudron. Cloudron redirects the HTTP request as HTTPS and the browser ends up showing a self-signed cert warning (this is because Cloudron does not have a cert for the invalid domain and it uses the fallback certificate).

In this release, we have made it so that Cloudron serves up the default nginx 404 page. Not pretty but we will put a better 404 page in the next release.

App update API change

In 1.7.0, we made an implementation change where apps can be rolled back more easily should an update fail (for example, backup can fail or the new image could not be downloaded). As part of this change, we had to make a breaking API change where port bindings are not allowed to set as part of the update route anymore.

Other notable changes

  • With the file system backend, check if directories can be created in the backup directory
  • Do not set the HTTPS agent when using HTTP with minio backup backend
  • Fix regression where a new domain config could not be set in the UI