We are happy to announce the release of Cloudron 5.1!
For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.
Cloudron 5.1 adds a TURN service that makes it possible to have completely private peer-to-peer (P2P) voice and video calls. We have added support for running decentralized federation apps like Mastodon & Matrix Synapse. This release also has graph improvements, support for ECC certs, mail eventlog filter, security enhancements & more.
One of our primary goals with the 5.1 release was to support voice and video apps on Cloudron. Modern conferencing apps use WebRTC to transfer voice, video and data between peers. A necessary component to provide completely private P2P is to have a self-hosted STUN/TURN service. In layman terms, a TURN service helps two parties make a connection with each other. When a direct connection cannot be made (due to firewalls), it acts as a relay between those two parties.
We have already updated 4 apps to use this new functionality:
Note that the current apps are best suited for small groups of 3-5 users. We are working on packaging apps like Jitsi and Big Blue Button for larger groups.
The mail eventlog now has search and filter options.
Disk graphs are now sorted by usage.
Further, apps that have automatic backups disabled are now listed in the
Thanks to @d19dotca for these suggestions!
We have various security related improvements:
We have dropped support for TLSv1 and TLSv1.1. Qualys recently starting capping these insecure protocols to B grade.
Elliptic Curve Cryptography or ECC certs provide greater security and perfect forward secrecy with a smaller key size. You can now upload custom ECC certs for each domain in the
Domains view. Recently, Let's Encrypt has also started issuing ECC certs. In the next release, Cloudron will start installing ECC certs from Let's Encrypt automatically. Thanks to @zerononcense for reporting and testing this functionality.
The docker addon allows apps to create containers by accessing the docker daemon. With an incorrectly packaged app, it is possible for a normal Cloudron user to break out of Cloudron's app sandbox and become a Cloudron admin. For this reason, apps that use the docker addon can only be installed/updated/exec'ed by the Cloudron owner. In addition, we have implemented a docker proxy service that restricts the container operations that the app can do. Thanks to @iamthefij for bringing this up.
Password reset and new user invite tokens are now only valid for a day.
We have recently released new apps like Mastodon and Matrix. These apps require
to be setup for federation to work. This release allows you to setup
.well-known documents for
apps hosted on Cloudron. See the docs for more
New to Cloudron? Get started for free by running with 3 simple commands on your server.
To update an existing installation, simply click on the 'Update now' button on your dashboard.