Cloudron 5.2 released

By Girish on Monday, June 1st 2020

We are happy to announce the release of Cloudron 5.2!

For those unaware, Cloudron is a platform that makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server and keep them up-to-date and secure.

Cloudron 5.2 adds EC certs, Member only mailing lists, Inter-domain mail aliases, OVH storage backend, App graphs & more!

Features

Members only mailing list

Internal or closed mailing lists can be marked as members only. This way an outsider cannot send mails to this list and will get a bounce. This feature is also useful in blocking spam from external email addresses.

Inter-domain aliases

We have enhanced the email alias functionality to allow aliases across domains.

Redis status

The status of Redis is now available in the Services view. Like other services like MySQL, one can view the logs of Redis, adjust the memory limit and restart the service.

Note that unlike other services like MySQL which are shared across apps, each app gets it's own Redis (this is because redis does not support multi-tenancy).

Backup retention policy

A good backup policy is to thin out backups based on their age. Our current rentention policy used to simply prune backups based on their age. In 5.2, you can decide to keep a specific number of daily, weekly, monthly and yearly backups. For example, a backup policy of "3 daily, 4 weekly, 6 monthly" means to keep a single backup for each day for the last 3 days, single backup for each week for the last 4 weeks and single backup for each month for the last 6 months.

Enhancements

Backup config

To restore Cloudron from a backup or to migrate an app to another instance, you have to make a note of the backup id, storage location, storage format and other details. We have noticed that this task is error-prone and awkward. To help this process, we have made the backup configuration downloadable as a JSON file. This file can be uploaded into the Cloudron Restore UI or the App Import UI and it will fill up all the form fields (except the backup passphrase and any secret access keys).

For example, let's see how to migrate an app to another Cloudron instance. First, download the backup configuration corresponding to the backup:

Then, upload the configuration into the app import UI of the other Cloudron instance:

OVH Storage Backend

OVH announced support for S3 API in it's Object Storage Clusters. We have added support for OVH Storage as a backup destination.

App graphs

Per app memory and disk usage is now available in the Graphs section of each app:

Box Backup listing

Cloudron has 2 types of backups - app backups and box backups. App backups are listed in the Backups section of each app. Box backups are full server backups that include all the Cloudron configuration (users, apps, domains, mailboxes etc). Box backups also contain a "link" to all the app backups at that point in time.

You can view the list of all box backups in the new Backup listing UI:

Clicking on a backup will show the list of apps it contains:

There is also a 'Cleanup Backups' button that will remove old backups based on the retention policy. Note that this is done automatically but might be useful if you change the retention policy and want to run the cleanup immediately.

Security

EC Certs

Elliptic Curve certificates (ECC) are those whose public key uses elliptic curve cryptography. They are step up from the RSA public keys because they are stronger, faster and use less power. ECC combined with cipher suites can provide perfect forward secrecy (PFS) - an assurance that even if the encrypted traffic was recorded, it cannot be decrypted even when the private key is compromised in a future date.

Cloudron now requests EC certs from Let's Encrypt by default. All existing installations will get updated to use EC certs at certificate renewal time.

If you inspect the certificate in Firefox, you will see:

The supported cipher suites (for PFS):

All Cloudron apps should get an A+ on Qualys SSL test:

Sandboxing

Cloudron uses container technology (via Docker) to run apps sandboxed from one another. Further more, apps are provided access to the file system and databases in a fashion where they cannot tamper with each other. In 5.2, we have hardened the sandboxing further by preventing apps from sniffing any internal network traffic by droppping the NET_RAW capability. Thanks to @will for reporting this!

Backup encryption

Cloudron supports encrypting backups using a password. This feature was written with a very simplistic approach - it's goal was merely to obfuscate than to be bullet proof. However, an important security concern was raised that given enough resources and access to all the encrypted backups, one could potentially find the key.

In 5.2, we worked with @mehdi to make our backup encryption much more secure. A quick summary of the changes:

  • Backups are encrypted using AES-256-CBC.
  • Backup Password is not stored in the database anymore. We derive keys using scrypt from the passphrase.
  • Per-file and per-filename IV.
  • Per-file HMAC digest to authenticate the encryption.
  • Most importantly, old backups are not compatible with the newer format. If you want to restore an app from a backup that uses the old format, you can follow this guide.

You can read more details about the encryption file format and CLI tooling here.

Misc

Changes to Update Strategy

When we make a new app package release, we do not immediately make it available to all users. We roll it out gradually over the course of the week. This approach lets us minimize the impact of a bad update. Cloudron's update model allows us to revoke existing packages or roll out new patch releases overriding the previous package.

If you wanted to update to the new app package instantly, the only way was to contact us so that you are part of next rollout. Several users have expressed interest in being able to update instantly without the overhead of contacting us.

Starting 5.2, if you click the 'Check for Updates' button, you will always get the latest update (app update or Cloudron update). We have changed our update model such that our roll out only applies to automatic updates.

Stopped apps

Stopping an app will now also stop dependent services like redis. This change in behavior means that Cloudron cannot take a backup of a stopped app because the backup code relies on all services to be running. Instead, the code will simply re-use the last known good backup of the stopped app. For this reason, it is recommended to trigger a backup before stopping the app.

Other notable changes

  • Fix bug in disk usage sorting
  • Mail: allow an external MX to be set
  • Ensure stopped apps are getting backed up
  • Spam: large emails were not scanned
  • Graphs: fix issue where large number of apps would crash the box code
  • Add new wasabi s3 storage region us-east-2
  • Mail: Fix bug where SRS translation was done on the main domain instead of mailing list domain

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button on your dashboard.

Comments?

Comments/Suggestions/Feedback? Use our Forum or email us.