Cloudron 5.1 released

By Girish on Wednesday, April 15th 2020

We are happy to announce the release of Cloudron 5.1!

For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.

Cloudron 5.1 adds a TURN service that makes it possible to have completely private peer-to-peer (P2P) voice and video calls. We have added support for running decentralized federation apps like Mastodon & Matrix Synapse. This release also has graph improvements, support for ECC certs, mail eventlog filter, security enhancements & more.

TURN Service

One of our primary goals with the 5.1 release was to support voice and video apps on Cloudron. Modern conferencing apps use WebRTC to transfer voice, video and data between peers. A necessary component to provide completely private P2P is to have a self-hosted STUN/TURN service. In layman terms, a TURN service helps two parties make a connection with each other. When a direct connection cannot be made (due to firewalls), it acts as a relay between those two parties.

Cloudron 5.1 has a built-in TURN service implemented with coturn. Apps implementing WebRTC can use the turn addon to configure themselves.

We have already updated 4 apps to use this new functionality:



Note that the current apps are best suited for small groups of 3-5 users. We are working on packaging apps like Jitsi and Big Blue Button for larger groups.

Mail Eventlog

The mail eventlog now has search and filter options.

Disk Graphs

Disk graphs are now sorted by usage.


Further, apps that have automatic backups disabled are now listed in the Backups view:


Thanks to @d19dotca for these suggestions!

Security improvements

We have various security related improvements:

  • We have dropped support for TLSv1 and TLSv1.1. Qualys recently starting capping these insecure protocols to B grade.

  • Elliptic Curve Cryptography or ECC certs provide greater security and perfect forward secrecy with a smaller key size. You can now upload custom ECC certs for each domain in the Domains view. Recently, Let's Encrypt has also started issuing ECC certs. In the next release, Cloudron will start installing ECC certs from Let's Encrypt automatically. Thanks to @zerononcense for reporting and testing this functionality.

  • The docker addon allows apps to create containers by accessing the docker daemon. With an incorrectly packaged app, it is possible for a normal Cloudron user to break out of Cloudron's app sandbox and become a Cloudron admin. For this reason, apps that use the docker addon can only be installed/updated/exec'ed by the Cloudron owner. In addition, we have implemented a docker proxy service that restricts the container operations that the app can do. Thanks to @iamthefij for bringing this up.

  • Password reset and new user invite tokens are now only valid for a day.

Custom .well-known URLs

We have recently released new apps like Mastodon and Matrix. These apps require well-known URIs to be setup for federation to work. This release allows you to setup .well-known documents for apps hosted on Cloudron. See the docs for more information.

Other notable changes

  • mail: fix bug with listing of >25 mailboxes and aliases
  • branding: make the login page title show cloudron name
  • mail: fix incorrect eventlog db perms

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button on your dashboard.

Comments?

Comments/Suggestions/Feedback? Use our Forum or email us.