Cloudron 2.2 released

By Girish on Wednesday, May 2nd 2018

We are happy to announce the release of Cloudron 2.2!

For those unaware, Cloudron is a platform for running self-hosted and on-prem web apps. The idea is to deploy apps on your server via our App Store to get a SaaS style hassle-free continuous deployment experience for self-hosted apps.


Users can enable 2FA authentication from the profile menu in the dashboard:

Clicking on the Enable 2FA button will display a QR Code which can be scanned using a TOTP app such as Google Authenticator (Android, iOS), FreeOTP authenticator (Android, iOS

Gandi LiveDNS

LiveDNS is's DNS platform, a completely new service that offers its own API and its own nameservers.

If your domain is registered with Gandi, you can use Cloudron's new Gandi DNS backend to manage the DNS. When apps are installed and removed, Cloudron will automatically add and remove DNS records. When using Cloudron Email, it will also automatically setup the MX, DMARC, DKIM records!

To get started:

  • Ensure that your domain is using LiveDNS. Go the DNS Records page in Gandi to verify that you are using LiveDNS. Old domains might see a Switch to LiveDNS banner. If you see this, click on Gandi's DNS Records button and wait for 2-3 hours for Gandi to migrate the domain.

  • Next, create an LiveDNS API key from the security section

  • In the Cloudron dashboard, choose Gandi LiveDNS from the drop down and provide the API key.


GoDaddy is the world's largest registrar.

If your domain is registered with GoDaddy, you can use Cloudron's new GoDaddy DNS backend to manage the DNS. When apps are installed and removed, Cloudron will automatically add and remove DNS records. When using Cloudron Email, it will also automatically setup the MX, DMARC, DKIM records!

To get started:

  • Create a GoDaddy API Key at their developer portal. When creating a new key select production environment.

  • In the Cloudron dashboard, choose GoDaddy from the drop down and provide the key and secret.

Other fixes

  • Fix zone detection logic on Route53 accounts with more than 100 zones
  • Warn user when disabling Cloudron Email
  • Cleanup scope management in REST APIs
  • Enhance user creation API to take a password
  • Relax restriction on mailbox names now that it is decoupled from user management
  • Fix issue where mail container incorrectly advertised CRAM-MD5 support

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button under Settings.


Comments/Suggestions/Feedback? Discuss in our Forum or email us.

Cloudron 2.1 released

By Girish on Friday, April 20th 2018

We are happy to announce the release of Cloudron 2.1!

For those unaware, Cloudron is a platform for running self-hosted and on-prem web apps. The idea is to deploy apps on your server via an App Store to get a SaaS style hassle-free continuous deployment experience for self-hosted apps.

Improved mailbox management

In Cloudron 1.x, users/groups and mailboxes/lists were tightly coupled. Each user had a mailbox of the same name and each group was also a mailing list. This tight coupling meant that if you just wanted to a create new mailbox, you had to create a new user and setup a new password for that user.

In Cloudron 2.1, we have decoupled the mailbox management and user management. Mailboxes can be added and removed independently of user from the Email view.

All Cloudron subscription plans include unlimited mailboxes and aliases.

The way it works is that you can create a mailbox in a domain and then assign an existing user as the mailbox owner.

The mailbox owner can access the mailbox using as the username and the Cloudron password.

Each mailbox can have one or more aliases. Aliases can be used by adding an identity in a mail client like Rainloop, Roundcube & Thunderbird.

A mailing list can be created by providing a name and assigning one or more existing mailboxes. Once created, you can email and a copy of the email will be sent to all the list members.

Docker 18.03

Docker has been updated to 18.03.0-ce. This Docker release bring numerous security and stability fixes. You can read the full Docker changelog here.

Support for private apps

Cloudron is internally architected as a PaaS. Application requirements and setup is described in a Dockerfile. An accompanying CloudronManifest specifies addon requirements like databases, local storage, authentication etc.

The current Cloudron app development flow uses the public Docker hub to build and deploy images. This means that any packaged app code is essentially publicly viewable.

A popular request has been to develop and deploy private (closed source) apps. In 2.1, we have added initial support to build and deploy apps using a private docker registry like quay, Amazon ECR. See the packaging guide for more information on private builds.

Other fixes

  • Make S3 backend work reliably with slow internet connections
  • mail: fix issue where hosts with valid SPF for a Cloudron domain are unable to send mail to Cloudron
  • mail: fix crash when bounce emails have a null sender
  • Add CSP header for dashboard
  • Fix bug where browsers used a cached version of the Cloudron dashboard after an update

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button under Settings.


Comments/Suggestions/Feedback? Discuss in our Forum or email us.

Installing Cloudron on a Home Server

By Girish on Friday, April 13th 2018

For those unaware, Cloudron is a platform that makes it easy to run web apps on your server and keep them up-to-date. Think SaaS for self-hosted apps.

Cloudron works best on public VPS providers like Digital Ocean, Vultr, Linode. This is simply because those servers come with a public IP out of the box and the default firewall allows incoming traffic from all TCP ports to the server.

A little known secret is that Cloudron works just fine on a Home Server! It just needs a little technical know how of your home network.

In this post, we will see how to install Cloudron on a home server. The setup described here is for a home server installation that can be accessed from outside home as well.


Cloudron requires the following:

  • A public IPv4 address. This IP address does not need to be static. Cloudron has a feature where it will continually keep your DNS updated with a dynamic IP address. You can visit this site to view your current public IP address.

  • Forward port 80 and port 443 from your router to the Home Server IP. For this, you have to login to your router and setup port forwarding in the firewall. See this site for router specific instructions on how to setup port forwarding.

  • NAT loopback support in your router. Cloudron apps are accessed using domain names and the DNS entries point to the public IP of your home network. When apps are accessed with the DNS name from inside your home, the router needs to be capable of routing the public IP back ('hairpinning') to your home server. Most modern routers support this.


Create a fresh server (VM or baremetal) with Ubuntu Xenial (16.04 x64) and run these commands:

chmod +x ./cloudron-setup
./cloudron-setup --provider generic

Domain setup

Once installation is complete, navigate to https://IP. If you meet the pre-requisites above, you should be able to use your current public IP address. If you are unable to access with the public IP address, now is a good time to investigate what is failing.

Provide a domain name to complete the installation:

We recommend choosing one of the automated DNS providers like Cloudflare, Digital Ocean and Route 53.

If you use the wildcard or manual DNS with a dynamic IP address, you have to setup some other way to keep the DNS in sync with your public IP.

Admin setup

Once DNS is setup, Cloudron will redirect to The browser address bar will show a green lock to indicate that the connection to your Cloudron is now secure (It does this by automatically getting a certificate via Let's Encrypt).

Appstore setup

You are now ready to start installing apps! When you click on the App Store link in the UI, you will be prompted to create a account. This account is used to manage your subscription & billing.

Enable Dynamic DNS

If you have a setup where you have a dynamic public IP, the Cloudron has to be configured to keep the DNS updated. For this, SSH into your server and run the following commands:

mysql -uroot -ppassword -e "INSERT box.settings (name, value) VALUES('dynamic_dns', 'enabled')"
systemctl restart box

Other notes

  • Remember to port forward TCP ports from the router to the server when using non-HTTP(S) ports. For example, you might have to forward SSH ports for git to work when using Gogs, Gitea & GitLab.

  • Cloudron requires port 80 (HTTP) to be forwarded at all times for the Let's Encrypt integration to work. Cloudron itself serves web pages only on 443 (HTTPS).

  • Cloudron requires x86 and does not work on Raspberry Pi.


Comments/Suggestions/Feedback? Discuss in our forum.

Help forum, App wishlist & Knowledge base

By Girish on Friday, April 6th 2018

For those unaware, Cloudron is a platform that makes it easy to run web apps on your server and keep them up-to-date. Think SaaS for self-hosted apps.

Over the last year, the Cloudron team has been providing support over various channels - our chat, website live chat, the git issue trackers, support email, phone to name a few.

We are now consolidating our official support channels to make it more SEO friendly and improve discoverability of common problems.

Help Forum

We are happy to announce that the Help Forum is now ready. Using a forum will help SEO, discover-ability and easily help us track issues with threads. The Cloudron Forum is proudly powered by NodeBB and is (of course) hosted on Cloudron :-)

You can login to the forum via Twitter, GitHub or create a new account with email.

App wish list

The help forum has an App Wishlist category. Please upvote for your favorite apps requests using the "^" button in the bottom right of the topic. Feel free to add new apps to the wish list as well.

Knowledge base

We have built extensive documentation for Cloudron. Simply use the Search bar on the top right to easily locate an article. The developer docs are located at a separate URL and has all the necessary information on building and maintaining custom packages.

Each app on Cloudron App Store also has a separate documentation page - for example, see Wordpress, GitLab, NextCloud, LAMP and Ghost.


Comments/Suggestions/Feedback? Please email us.

Cloudron 2.0 released

By Girish on Friday, March 16th 2018

We are happy to announce the release of Cloudron 2.0!

For those unaware, Cloudron is a platform that makes it easy to run web apps on your server and keep them up-to-date. Think SaaS for self-hosted apps.

The Big Picture

Cloudron 2.0 is a big exciting release for us and a tremendous amount of work has gone into making this happen. This release also marks a change in who Cloudron is targeting.

Two years back, we started Cloudron to scratch our own itch. After Google Reader shutdown, we started looking for solutions that will let us self-host applications easily. We wanted the convenience of SaaS for apps deployed on our own servers. We wanted automated deployment, seamless updates, encrypted backups, timely security patches - all of which are big barriers to self-hosting.

Our first iteration of Cloudron was designed primarily to be a personal cloud. Cloudron 1.x was installed on a domain name like and apps are then installed from the Cloudron App Store into subdomains like, and so on. With the personal cloud angle, our target audience was privacy conscious individuals and companies. We took an appliance centric and consumer oriented approach for our product like Android/iOS that hides all complexities of app deployment - we didn't even have a log viewer!.

As Cloudron gained more users, we received requests to build more tooling around managing running apps - web terminal, log viewer, advanced app configuration etc. What we have learnt is that Cloudron is solving the bigger problem of zero-effort application delivery, deployment and maintenance. Managed service providers, system administrators, IT teams and even some SaaS products are using Cloudron as the backend to deploy apps on the behalf of their own customers and users.

With that in mind, the first big feature we are pushing out today is support for multiple domains. This feature can be used to use a single Cloudron to deploy and manage apps for their customers spanning multiple domains.

Multiple domains support

Domains can be added in the Domains view.

Each domain has it's backend configuration. So, you can have one domain on Cloudflare, another on Digital Ocean DNS and so on.

App installation

When installing an app, simply select the domain in which it should be installed in the domain dropdown. Cloudron will automatically setup the DNS and install Let's Encrypt certificates when installing the app.

Multi-domain email server

Cloudron's built-in email server now supports hosting email on multiple domains. The email server can be enabled on a per-domain basis in the Email view. When email is enabled for a domain, Cloudron will automatically setup all the DNS records required for hosting email on that domain.

A mail relay like Postmark, Mailgun, Amazon SES can be setup for outbound mails on a per-domain basis.

The DNS status section in the Email view will have green check marks to indicate your domain is ready to use.


Mailboxes can be assigned to users and groups on a per-domain level. To edit the mailboxes of a user, simply edit the user in the Users view.

Email aliases can also be set on a per-domain basis.

Webmail updates

Rainloop and Roundcube have been updated to support multi-domain email. Login to the apps using the email ids to access the different mailboxes.

Revamped log viewer

The activity got a facelift and it's must easier to quickly browse through all the activity on the Cloudron.

Install or update Cloudron

New to Cloudron? Get started for free by running with 3 simple commands on your server.

To update an existing installation, simply click on the 'Update now' button on your dashboard.


Comments/Suggestions/Feedback? Please email us.

Cloudron 1.11 released - Haraka update

By Girish on Monday, February 19th 2018

We are happy to announce the release of Cloudron 1.11

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Haraka 2.8.17

The awesome folks at Haraka have put out a new release 2.8.17. We have updated the mail server to use this new release. It fixes many of the bugs that Cloudron mail server users have been hitting.

Some of the important fixes from the release are (the first two changes were contributed by Cloudron team):

  • SMTPS port is configurable - This feature is now used by all Go programs that run on Cloudron to send email. This is because the Go library has made changes that refused to send username/password on non-encrypted connections

  • smtp_forward: enable_outbound can be set per domain - This features lets the Cloudron set a different relay for each domain managed by the Cloudron. This was one of the blockers for the upcoming multi-domain feature on the Cloudron. Only issue 2346 is now pending for the multi-domain feature.

  • outbound/hmail: use Buffer to correctly read binary file data + tests - This fixes a crash when the outbound mail queue is corrupt.

We are happy to announce the release of Cloudron 1.10

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Addon updates

We have updated the internal addons:

  • Mongodb has been updated to 2.6.10.
  • MySQL has been updated to 5.7.17.
  • PostgreSQL has been updated to 9.5.5.
  • Redis has been updated to 3.0.6.

The mail container has moved SMTPS port to 2465. SMTPS support was initially added to support Go applications that refused to send username/password on non-encrypted connections. We had initially set this to port 4650. However, some apps like gogs and gitea have no way to configure the SMTPS port and rely on port number ending with 465 to determine SMTPS (!).

Storage backend update

DigitalOcean Spaces gained Singapore 1 region support.

We have updated Exoscale backend to support their new Next Generation Pithos. Currently, the rsync backend errors out when backing up weird filenames. We are working with Exoscale support to resolve the issue on their side.

Multidomain preparation

In Cloudron 1.9, we started reworking the code to support multiple domains. With this release, we have migrated the database schema and the code entirely to support multiple domains. What is left now is to fix our email server to support multiple domains and we will enable this feature for all! A couple of PRs are pending in Haraka for us to complete the testing.

A New email API is also in the works. Please note that it's not ready for use yet until we enable the multidomains feature.

Cloudron 1.9.4 released - Let's Encrypt and Cloudflare fixes

By Girish on Wednesday, January 31st 2018

We are happy to announce the release of Cloudron 1.9.4

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Let's Encrypt auto-renewal

Some of you have gotten notifications about Let's Encrypt certificates failing to renew. This is a regression that we introduced in 1.9 release. This patch release fixes it.

To give some background: In 1.9, we took big steps towards making Cloudron support multiple domains. As part of this large refactoring, we used the word intrinsic in the code to indicate the 'built-in' domain name of an app. Unfortunately, we ended up misspelling this word as instrincFqdn in the certificate renewal logic. This patch release fixes the typo. This is a lesson for us non-native English speakers to not use complicated words ;-)

Cloudflare DNS

Cloudflare DNS backend had a bug where it assumed that DELETE request returned 204. It appears has that Cloudflare has now changed this to be 200. We have fixed our backend accordingly.

Hosting Cloudron on Hetzner Cloud

By Girish on Monday, January 29th 2018

We are happy to announce support for running Cloudron on Hetzner Cloud.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date. After installing Cloudron, you have instant access to over 50 apps from the Cloudron App Store. We track upstream releases and push out updates requiring no server maintanence on your part.

Hetzner support

Hetzner Cloud made a big splash recently with some fantastic pricing changes to their Cloud offering. With the tag line "A little money gets you lots of Cloud", they have some amazing deals: a 4 vCPU with 16GB RAM is only 15.90 EUR/month! In addition to the pricing changes, they also introduced per hour billing.

Installing Cloudron

Installing Cloudron on Hetzner is straigtforward. First, create a vanilla Ubuntu 16.04 server:

Once the server is up and running, connect via SSH and run the following commands:

chmod +x ./cloudron-setup
./cloudron-setup --provider hetzner

Once installation has finished, open https://<IP> in your browser, accept the temporary self-signed certificate, and proceed with the domain configuration.

You are now all set to install over 50 apps from our Cloudron App Store!

Cloudron 1.9 released - Restore UI, Google Cloud Storage & More

By Girish on Wednesday, January 17th 2018

We are happy to announce the release of Cloudron 1.9

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Restore UI

Cloudron app backups are completely portable. Using these backups, one can easily clone apps within the same Cloudron and also migrate apps across Cloudrons.

A little known feature is that the Cloudron itself is completely portable across server providers. This means that you can trivially move your Cloudron server from say AWS to Digital Ocean - all apps and data will automatically migrate to the new server.

In 1.9, we have added a UI to make this feature more accessible. To move your server to another service provider, do the following:

  • Create a full backup on the current Cloudron. Make note of the backup id:

  • Install Cloudron on a new server with Ubuntu 16.04:

      chmod +x cloudron-setup
      ./cloudron-setup --provider digitalocean # change this to your new server provider
  • Complete the DNS setup and click on Looking to restore located at the bottom:

  • Provide the backup information to restore from:

  • Cloudron will download the backup and start restoring:

You can now shutdown the old Cloudron server :-) Your new Cloudron server is an exact clone of the old one - all your users, groups, email, apps, DNS settings, backup settings, certificates, will be exactly as-is before.

Google Cloud Storage

We have added Google Cloud Storage as a backup destination. Thanks to @syn for this feature!

Terminal and logs

We introduced Web terminal in Cloudron 1.6. The Web terminal has largely supplanted the Cloudron CLI tool as the preferred way for uploading/downloading files and tweaking app configuration files.

In this release, the terminal and logs icons appear on the app grid itself alongside the app.

Clicking the terminal icon will popup the terminal window. With this change, you can rely on your window manager to align the log window and terminal window side by side.

Multidomain preparation

Cloudron requires a domain for installation. Apps are installed as subdomains of this main domain. It is possible to specify an external domain for an app.

In this release, we have made big strides towards adding proper multi-domain support to the Cloudron. With this feature, one can add any number of top level domains to the Cloudron and installs apps on any of them. This functionality will also bring in support for multiple domains in the email server.

We have added a domains menu for this, but most of the functionality is disabled since there is still work to be done. We expect this feature to be complete in the next release.

Other changes

  • Do not put app in errored state if backup fails

  • Display backup progress in managed Cloudrons

  • Update node to 8.9.3 LTS

  • Set the max email recepient limit (in outgoing emails) to 500

Cloudron 1.8.2 released - Important Let's Encrypt update

By Girish on Tuesday, November 21st 2017

We are happy to announce the release of Cloudron 1.8.2

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Let's Encrypt update

Let's Encrypt has updated it's subscriber agreement URL. We have updated the Cloudron LE code to use the new URL.

Please note that LE will not issue any new certs without the new URL. For older Cloudrons, this means that all new app installations and certificate renewals will fail. Please update your Cloudron to 1.8.2 at the earliest.

Admin app access

Cloudron Admins can now unconditionally access all apps even if they are not part of any group.

We are happy to announce the release of Cloudron 1.8

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

User access restriction

Cloudron Groups are a convenient way to provide access to a group of users. Sometimes, one might want to give access to one-off users or guests. Currently, this requires the Cloudron admin to create a group with just that one user. Managing many such groups can be quite cumbersome (more so, because group names and user names cannot conflict on Cloudron).

In 1.8, you can select one or more users in addition to groups for specifying the access restriction.

Cloudron will let a user access the app if they are present in one of the groups or in the user list.

Docker upgrade

This release updates Docker to 17.09 CE from 17.03 CE.

You can read the entire list of changes for Docker 17.0.6 CE and 17.09 CE here.

Node upgrade

Nodejs has been updated from 6.11.3 to 6.11.5 LTS.

On a side note, now that node.js 8 LTS is out, we look forward to moving slowly to using more advanced ES6/7 features in the Cloudron code.

App package information

We have added a i button on the app grid that shows information like the package version. When reporting bugs, be sure to include the package version in the bug report.

Clicking on the icon will show any post-installation instructions like the default admin password as well. The version field can be clicked to view application information (like the NextCloud version).

Other notable fixes

  • Fix group email bounce when a group has users that have not signed up yet
  • Do not restrict app memory limit to 4GB
  • Fix display of the latest backup in the weekly digest

Cloudron 1.7.6 released

By Girish on Tuesday, October 31st 2017

We are happy to announce the release of Cloudron 1.7.6. 1.7.6 is primarily a patch release for 1.7 with some small enhancements.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

TLS mail relay

Every Cloudron has an internal mail relay server powered by Haraka. Apps have to authenticate to relay email.

There are a bunch of frameworks (e.g PHP based) that do not work well with self-signed certs. This led us to disabling STARTTLS wholesale for all apps. Apps still use auth but with STARTTLS and TLS disabled. This is fine because Cloudron's internal network is 'safe' from snooping.

Recently, the Go team decided not to send auth information over plain text connections. This broke our internal mail relay setup and apps like Mattermost were unable to send email.

For this reason, the internal mail relay now supports TLS based relay (SMTPS). The sendmail addon now exposes a new port MAIL_SMTPS_PORT.

Thanks to the haraka team for accepting our PR.

SMTP disconnect issue

The latest Haraka introduced a major issue where Haraka does not terminate the SMTP connection properly. This caused some apps like SOGo to not close the compose mail view (even though the mail itself was sent successfully). The latest release fixes this issue.

LDAP pagination support

The internal LDAP server now supports paginated requests. This will remove the errors displayed in the logs of apps like ownCloud, Nextcloud. The latest Rocket.Chat also requires this feature for login to work.

LDAP compare

LDAP compare is a feature where a client can ask the server to compare attributes against a value. Modules like django_ldap use this feature to validate the group membership of a user. One security benefit is for values like passwords which are now kept local to the server and not passed on to the client for comparison.

This feature will allow us to support some apps like Paperless.

404 page for unknown domains

In wildcard DNS setups, HTTP requests to invalid domains end up on the Cloudron. Cloudron redirects the HTTP request as HTTPS and the browser ends up showing a self-signed cert warning (this is because Cloudron does not have a cert for the invalid domain and it uses the fallback certificate).

In this release, we have made it so that Cloudron serves up the default nginx 404 page. Not pretty but we will put a better 404 page in the next release.

App update API change

In 1.7.0, we made an implementation change where apps can be rolled back more easily should an update fail (for example, backup can fail or the new image could not be downloaded). As part of this change, we had to make a breaking API change where port bindings are not allowed to set as part of the update route anymore.

Other notable changes

  • With the file system backend, check if directories can be created in the backup directory
  • Do not set the HTTPS agent when using HTTP with minio backup backend
  • Fix regression where a new domain config could not be set in the UI

We are happy to announce the release of Cloudron 1.7

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

rsync backup format

Previous versions of Cloudron uploaded tar.gz files as backups. While this approach works quite well, it does not handle large amount of data gracefully. Most cloud storage API require knowing the file length in advance before uploading. This meant that the tar.gz has to be buffered completely in disk (doubling the disk space requirement) or the backup has to be uploaded in chunks. Chunked (multi-part) uploads cannot be parallelized and also take up as much RAM as the chunk size. Finally, such backups cannot be incremental.

Cloudron 1.7 introduces a new rsync backup format. With this format, Cloudron uploads individual files to the backup storage. It keeps track of what it copied the last time around, detects what changed and incrementally uploads only the changed files on every backup. To switch to the format, simply select rsync format in the backup UI.

With the file system backend, the rsync format with the file system backend can optionally hardlink 'same' files across backups to conserve space. If you happen to use a file system that does not support hardlinks, just turn off hardlinks.

Note that the tar.gz format is still supported and there is no need to switch to this new format if backups are currently working fine. In fact, the tar.gz format is significantly faster when uploading a large number of small files like source code repositories to remote storage. In addition, encrpytion is currently only supported with the tar.gz format.

Google Cloud DNS

Cloudron programmatically configures the domain's DNS records using various DNS API backends like AWS Route53, Digital Ocean and Cloudflare. With 1.7, we have added support for domains hosted on Google Cloud DNS. To use this backend, create a service account key in JSON format in the Google Cloud console and set them in the Domains & Certs UI.

Thanks to @syn for this feature!

Improved Spam detection

Cloudron uses SpamAssassin to detect and fight email spam. We had a mis-configuration in the previous versions that led to SpamAssassin not learning spam correctly. We have now corrected this issue and also configured SpamAssassin to apply bayesian filtering after learning 50 spam emails.

Emails are now tagged with the X-Spam-Report header which give a detailed analysis of what went on during spam analysis. It looks like something like:

    *  1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
    *      [URIs:]
    *  1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
    *      [URIs:]

RBL status indicator

A Real-time Blackhole List is a dynamic list of IP addresses that are known to send spam. These lists are maintained by organizations such as Spamhaus, Barracuda, UCEPROTECT Network.

Cloudron now checks over 11 RBLs and display the status in the the email status UI. If the check fails, it's probably a good idea to migrate to another server IP or use Cloudron's email relay feature.

DigitalOcean Spaces

DigitalOcean recently announced a S3 compatible object storage called Spaces. We have added support for backing up to Digital Ocean spaces.

A heads up about using DO Spaces. In our tests, we hit a few issues including missing implementation for copying large files (> 5GB), severe rate limits and very poor performance when deleting objects. If you plan on using this backend, keep an eye on your backups. In any case, Cloudron will notify the admins by email when backups fail.

Cloudscale is now a supported VPS provider. You can pass --provider to the setup script. We have also tested Cloudron backups against their recently announced object storage and it works great! Simply choose 'S3 Compatible' in the backup UI and key in the object storage credentials.

Other notable changes

  • Support uploading backups to Minio servers with a self-signed cert.

  • Preliminary IPv6 support. You can manually point your IPv6 address to the Cloudron server by adding an AAAA record.

  • Add auto-update pattern of Every wednesday night.

  • Haraka (email server) was updated to 2.8.15. This fixes the issue where emails were bounced with the message 'Send MAIL FROM first'.

  • Add button to send test email.

  • Fix a crash in the stats collector that made graphs sometimes disappear.

  • Fix issue where OAuth SSO did not work when alternate domain was used.

Live Chat Customer Service

By Johannes on Wednesday, October 11th 2017

Providing a live chat on your business website is a great way to interact with users or potential customers. It offers low friction interaction right inside your own site, without the visitor having to leave the domain and losing context. At Cloudron, we use this every day to also offer support as well as getting in touch with users.

In this post, we will see how you can easily setup the live chat widget provided by the Rocket.Chat app on the Cloudron for your website.

For those unaware, Rocket.Chat is a self-hosted slack alternative. It allows ongoing conversations with users in the same window for your staff. No need to jump between chat apps for customer inquiries.

Get started in a few minutes

1. Install Rocket.Chat on your Cloudron, for example at Configure it through the Cloudron app configure dialog to allow embedding into your website. This will protect the live chat widget from being used in unwanted websites.

As an example, we have configured it for our landing page on

2. Head over to Rocket.Chat app's Administration view, select the Livechat section and enable it. After this, you will find a Livechat entry in the side bar.

You will also find options to customize the live chat widget appearance to match your look and feel there.

3. As the last step, copy the Javascript code snippet shown in the Livechat Installation view and paste it to the bottom of your website's html code as the last thing before the </body> tag. Wordpress users can use the Rocket.Chat LiveChat Wordpress plugin instead.

And voila, you will now see the live chat widget on the bottom right of your page!

I hope you find this as useful as we do. If you have any comments, suggestions or feedback, talk to us on our chat. In case you do not have a Cloudron to run Rocket.Chat, just follow the step in our installation page.

New Apps - Ghost, OpenVPN, Redmine

By Girish on Thursday, September 7th 2017

We are happy to announce the availability of 3 new apps in the Cloudron Store.


The Ghost team released version Ghost 1.0 last month. It includes a brand new editor named Koenig, Night shift mode, User suspension support and more.

The Ghost team has decided to break backward compatibility and remove support for Postgres with the new 1.0 release. For this reason, we have decided to mark the Ghost 0.11.x Cloudron app as legacy.

Migrating to 1.0 is very straightforward. Simply export from the old Ghost app and import into the new Ghost app. A complete guide to migrating to the new app is in our docs.


OpenVPN is an open source SSL VPN solution that helps creating Virutal Private Networks.

The Cloudron OpenVPN app features the following:

  • TCP based VPN tunnel with AES-256-CBC encryption and Pre-shared static key
  • Devices connected to the VPN can reach each other via DNS as devicename.username
  • Prevents DNS leaks using a private DNS server that is run as part of the app
  • Users can issue and revoke client certificates for themselves
  • This app can be installed multiple times to create independent OpenVPN instances

Special thanks to @mehdi for contributing this app!


Redmine is a web-based project management and issue tracking tool. It allows users to manage multiple projects and associated subprojects. It features per project wikis and forums, time tracking, and flexible, role-based access control.

The Cloudron Redmine app is integrated with Cloudron user management. You can also install custom themes and plugins.

Comments/Suggestions/Feedback? Talk to us on our chat.

Cloudron 1.6 released - Web terminal, per-app backup control

By Girish on Thursday, August 24th 2017

We are happy to announce the release of Cloudron 1.6

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Web Terminal

The Cloudron CLI is an indespensible tool for uploading/downloading files and tweaking the configuration of apps. However, installing the CLI tool and learning how to use it can be an onerous task for those not comfortable with the command line.

In this release, we have added a Web terminal that is capable of doing the most common CLI tasks.

To access the web terminal, select Terminal & Logs from the menu:

Select the application on the right to get "shell" access to the app's file system:

The web terminal can be used to:

  • Upload files to the /tmp directory. You can then work on this file from the terminal.
  • Download files and directories (as tar.gz) from the app.
  • Access addons like MySQL, Redis, PostgreSQL, MongoDB used by the app.

Control per-app backups

Cloudron makes a complete backup every day. When using apps that contain a large number of files (like NextCloud, ownCloud) the backup storage can quickly add up.

Backups can now be disabled at a per-application level from the 'Advanced settings' in the Configure UI:

NOTE: Disabling backup for an app puts the onus on the Cloudron adminstrator to backup the app's files using some other means.

Network capability for apps

Apps can now request to be run with network capability(CAP_NETADMIN). This will allow the app to configure the Cloudron's iptables. This feature will allow Cloudron to support complex networking apps like OpenVPN (thanks @mehdi!).

Other notable changes

  • Add popups and warnings when using the no-op backend. This is to remind users that when the no-op backend is selected, the Cloudron is not backing up anything at all. If the server dies, all data will be lost.

  • Fix layout issues in the update and oauth views after our move to flexbox based UI.

Comments/Suggestions/Feedback? Talk to us on our chat.

We are happy to announce the release of Cloudron 1.5.0

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Log viewer

We have added a log viewer to tail the platform and application logs. Adding this view is a step towards providing a graphical interface for the common use cases of the Cloudron CLI tool.

Automatic app log rotation

Cloudron apps are built following the 12-factor app methodology. Quoting the spec, "A twelve-factor app never concerns itself with routing or storage of its output stream. It should not attempt to write to or manage logfiles. Instead, each running process writes its event stream, unbuffered, to stdout.".

Unfortunately, it is hard to get all apps to log to stdout and some of them can log only to files. For, this reason, we have settled on a approach to make them log into /run. The platform automatically rotates logs so that the app doesn't have to.

apt upgrade warning

Security is a core feature of the Cloudron and we continue to push out updates to tighten the Cloudron's security policy. Our goal is that Cloudron users should be able to rely on Cloudron being secure out of the box without having to do manual configuration.

Cloudron implements best security practices out of the box including automatic ubuntu security updates, rate limits, password restrictions, blacklist checks, app sandboxing and more.

This approach to security means that Cloudron is tested and released with specific versions of system libraries. System apps are carefully configured and the Cloudron code relies on these configurations be in place (if we could make the rootfs readonly, we would!). With this in mind, Cloudron admins will now see the following message when logging in via SSH:

                    NOTE TO CLOUDRON ADMINS
Please do not run apt upgrade manually as it will update packages that
Cloudron relies on and may break your installation. Ubuntu security updates
are automatically installed on this server every night.


Overlay2 support

Cloudron now configures docker to use the overlay2 storage driver. Switching to overlay2 will bring stability and improved performance.

Note that existing Cloudrons will continue to use the devicemapper backend. We will push out an update at some point that migrates old Cloudrons as well.

Flexbox UI

As we add more complex views to the Cloudron UI, we are outgrowing Bootstrap's grid system. To this end, we have started moving toward using flex box. The new UI ensures the navbar is always accessible and removes margins on mobile.

(On a side note, we have found flex box to be a very nice and simple layout system! Highly recommend it.)

Other bug fixes

  • Update node to 6.11.2
  • Collect disk usage statistics of all mounted disks. In the future, we will display this information in the UI.

Comments/Suggestions/Feedback? Talk to us on our chat.

We are happy to announce the release of Cloudron 1.4.0

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Cloudflare DNS

Cloudron automatically configures the DNS as required for apps and the built-in email server. With Cloudron 1.4, we have added Cloudflare DNS backend. Note that the current implementation configures Cloudflare so that the HTTP(S) traffic flows directly to the Cloudron and not via Cloudflare. In a future release, we will support traffic flowing via Cloudflare (for DDoS protection and CDN use case).

Thanks to @abhishek for doing the initial work on this feature.

Exoscale SOS support

Exoscale SOS is a simple, scalable and safe S3-compatible object store based on pithos. Cloudron can now upload backups automatically to Exoscale SOS. This can be configured from Settings -> Backups -> Configure.

Blocking app updates

Cloudron makes app updates easily and effortless and automatic updates is the preferred mode of operation. This way Cloudron users get a SaaS style experience for self-hosted apps. However, some app updates may break existing installations either because the user is using some plugins or because it is impossible to automate the app upgrade.

For such situations, we have now added the ability to push updates that will not be applied without the Cloudron administrator's consent. The Cloudron administrator will be alerted about blocking updates in the weekly digest mail sent by Cloudron. This gives them an opportunity to read and review the changelog and determine what is the best approach to apply the update.

Other bug fixes

  • Update Haraka to 2.8.14. Contains many stability fixes. Yours truly made it to the top 10 Haraka contributors! :D
  • Fix cron pattern that made Cloudron erroneously send out weekly digest mails every hour on wednesday.
  • Ensure Cloudron is only be installed on EXT4 root file system (required by Docker).

Comments/Suggestions/Feedback? Talk to us on our chat.

We are happy to announce the release of Cloudron 1.3.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.


The Robots.txt file is a file served from the root of a website to indicate which parts must be indexed by a search engine. The file follows the Robots Exclusion Standard. Google has an excellent document about the semantics.

Cloudron now allows the robots.txt to be configured for each app. You can find this in the Advanced settings of the app's configure dialog.

If you leave the robots configuration empty, Cloudron will serve the /robots.txt URI from the app.

Weekly update digest

Cloudron sends an email every week about the pending and applied platform and app updates.

Heads up: Unfortunately, due to a bug in the cron pattern, the weekly digest is sent every hour on wednesday instead of once on a wednesday. A patch release will follow soon. For now, please ignore the emails.

Disable FROM address validation

Cloudron automatically allocates a mailbox for every installed app. Apps can only send emails with the FROM set to the allocated mailbox address.

From 1.3, you can disable the FROM address validation check. When enabled, this allow for advanced use cases where an app can send emails on users' behalf. Combined with the catch all mailbox feature, apps can also generate email IDs on the fly.

This is an advanced feature and must be used with care since it allows all users and apps to spoof addresses on the Cloudron. For this reason, only use it when you trust your users and app plugins/extensions. In the future, we will consider making this an app-level configuration.

Use the REST API to enable this feature.

Other fixes

  • Set X-Forwarded-Port in the reverse proxy. This fixes a problem with plugins of certain apps like Jetpack. Thanks to Dick Tang for the patch!

  • Mail container received a couple of crash fixes.

  • (Enterprise) Make sure the DNS zone name is not lost across updates.

Comments/Suggestions/Feedback? Talk to us on our chat.

Cloudron 1.2.1 released

By Girish on Thursday, July 13th 2017

We are happy to announce the release of Cloudron 1.2.1.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Cloudron 1.2.1 is a patch release and fixes a high security vulnerability in nodejs. We highly recommend upgrading as soon as possible. Cloudrons on auto-update should have already updated to this release.


  • Update nodejs to 6.11.1 - Node.js was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. You can read more here.
  • Set max TTL of unbound to 5 minutes - Cloudron uses an internal DNS server called unbound. Unbound tends to respect the TTL in the DNS response and this can result in DNS entries being cached for a very long time. This can cause problems if you initially had a DNS entry with a high TTL and change it shortly after. This problem is frequently hit when users switch over the MX record to the Cloudron and the Cloudron does not detect that the DNS entry has changed. We have now capped unbound's DNS caching time to 5 minutes. This means that the Cloudron will only take up to 5 minutes maximum to notice a change in DNS.
  • Fix issue where mail container does not cleanup LDAP connections properly - The mail subsystem uses LDAP to authenticate users. However, LDAP connections were not being cleaned up properly. This resulted in authentication failing sporadically.

Comments/Suggestions/Feedback? Talk to us on our chat.

Cloudron 1.2.0 released

By Girish on Wednesday, July 5th 2017

We are happy to announce the release of Cloudron 1.2.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Mail Relay support

Cloudron has an internal mail server and all outbound emails from users and apps are routed via this server to recepients. To ensure reliable delivery of email, Cloudron automatically sets up DKIM, SPF, DMARC, PTR and MX records.

However, the world's email delivery network relies a lot on server IP and domain reputation. For this reason, it is sometimes necessary to send emails via trusted relay providers to deliver email. In addition, public cloud providers like Google Compute, Amazon EC2 and Digital Ocean partially or completely block outbound email to mitigate spam.

For these reasons, Cloudron now has a mechanism to send outbound emails via mail relays like Amazon SES, Google, Mailgun, Postmark, Sendgrid or any other external SMTP server.

First select a relay provider:

And then provide the credentials and click save:

Note that Cloudron will validate the SMTP credentials when you save. For this reason, the SMTP provider must be available at the time.

Docker Overlayfs support

Cloudron sets up Docker to use the devicemapper storage backend. Some users have reported seeing significant performance improvements when using the Overlay2 backend especially when using non-SSD drives.

For this reason, we have decided to push experimental support for overlay2. You will have to setup Docker to use overlay2 manually for now. Cloudron will preserve the overlay2 setting across it's updates (previously, we used to enforce devicemapper backend during updates).

You can move your Cloudron to use overlay2 by following the instructions here.

Moving forward, if we see that overlay2 is stable and reliable, we will push an update that will transparently convert all existing Cloudron installations to use overlay2.

MySQL password length

Some PHP applications like Typo3 place restrictions on the length of the database password. We have reduced the length of the passwords generated for the MySQL addon as a result. This change is transparent to Cloudron users and is merely mentioned here for curiosity's sake :-)

Comments/Suggestions/Feedback? Talk to us on our chat.

Cloudron 1.1.0 released

By Girish on Thursday, June 22nd 2017

We are happy to announce the release of Cloudron 1.1.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Catch-all mailboxes

A catch-all mailbox is one that will "catch all" of the emails addressed to a domain that do not exist in the mail server. Configuring a catch-all address can help avoid losing emails due to misspelling.

You can select one or more user mailboxes as the "catch all" in the Email section. Note that if you do not select any mailbox (the default), Cloudron will send a bounce.

Subdomain installations

Prior to this release, Cloudron required a top-level domain like or for installation. In this release, we have made it possible to install Cloudron on subdomains like or Once installed, the Cloudron admin page and apps will be available in subdomains like before.

The specific use case we have designed this for is for enterprises that want to host cloudrons for their customers under a single parent domain. Several of our enterprise users are using this feature to host Cloudrons like, and so on.

This change also allows for setups where the subdomain has a different nameserver than the top-level domain. This can be done by passing a zone query parameter during the initial dns setup.

Comments/Suggestions/Feedback? Talk to us on our chat.

Cloudron 1.0 released

By Girish on Tuesday, June 20th 2017

We are happy to announce the release of Cloudron 1.0. Removing the beta tag and moving to 1.0 is meant to signify that Cloudron is production-ready and ready for the daily use.

State of Self-hosting

Say you want to run a web application like Wordpress, GitLab, or even an email server. The first step is to get a server from one of the various cloud providers like AWS, Azure or Digital Ocean. Next, you have to start reading up installation manuals, provisioning databases and configuring the server.

Once the software is installed, DNS and SSL certificates have to be setup. If the server hosts multiple apps, one needs to make sure that apps do not interfere with each other, setup a reverse proxy and configure the firewall.

Installation is just one hurdle though. The server and apps must be secured and backed up properly. Upstream releases must be tracked and updates must be applied on time.

As you can see, self-hosting web applications is error prone and time consuming. 1-click installers and docker files automate some of the above tasks but requires one to have the technical know how to complete the installation and put in the effort to keep it up-to-date. We, at Cloudron, want to fix just that!

Introducing Cloudron

The Cloudron is a cloud platform that makes it easy to install and maintain apps on your server. Install Cloudron on your server, give it a domain name and start installing apps. Behind the scenes, the Cloudron automates all the tasks around installation like configuring databases, DNS setup and Certificate management. Apps on the Cloudron are containerized using Docker and run isolated from one another.

Cloudron has a backup solution that lets you backup and restore each app individually (compared to server snapshots). In fact, with Cloudron backups you can easily migrate your Cloudron in it's entirety from one infrastructure provider to another in no time.

Cloudron also provides a centralized way to manage users and specify which apps they can access.

Lastly, we have built an App Store that provides a mechanism for distribution and continuous update of apps. A good analogy for this is the Apple App Store on iOS or Google Play on Android. Anyone today can easily install apps from them and the apps are kept up-to-date. Cloudron does the same but for servers. You can easily install apps and receive continuous updates for the apps via the Cloudron Store.

Get it now

Install Cloudron 1.0 on your favorite cloud provider and join our community to give us any feedback. We are excited to hear how you like it.

Cloudron Pricing

By Girish on Tuesday, June 6th 2017

Edit: Our pricing has changed since this announcement.

We announced pricing for self-hosted Cloudron a couple of weeks back. Overall, the feedback we have received has been very positive and we are very happy that most of you see value of self-hosting using Cloudron.

Over the past 2 years, we have been working relentlessly on making a private cloud platform that makes self-hosting easy. Part of our vision is to develop an accompanying App Store on which 3rd party developers can publish apps and provide a SaaS like experience for self-hosting.

Over the last 6 months since we launched the platform, we have seen over 1500 Cloudron installations and 15K app installs. A whopping 50% of Cloudrons have the mail server enabled. Thanks to Cloudron's automatic updates, over 95% of Cloudrons are up-to-date. We have learned what is involved in continuously tracking upstream projects and pushing new app versions for a truly distributed system that is installed on 6 continents and over 20 Infrastructure providers.

Our step towards pricing is meant to reflect the work that we have to continuously put in to make the automatic update magic of Cloudron happen. On an average, each Cloudron sees 15 updates a month.

A repeated feedback we received was to increase the 2 app installation limit in the free tier. With that in mind, we have decided to change our pricing as follows:

  • Free – This is a free plan that allows unlimited app installs from the Cloudron store. It requires one to keep the platform and the apps updated manually from our package sources by following instructions in our wiki. Given it's high usage, we have decided to include the mail server as part of this tier. This is targeted at hobbyists who don’t mind putting in the effort to keep apps updated by themselves and have the expertise to get by with community support.

  • Pro - This is a 8 USD/month plan for personal use & non-profits. This includes the installation and automatic update of unlimited apps and support from Cloudron UG.

  • Startup - This is a 29 USD/month plan for commercial use by small and medium businesses. This includes the installation and automatic update of unlimited apps and support from Cloudron UG.

  • Enterprise - This is a white label product targeting service providers.

As mentioned earlier, Cloudron’s vision is to build a future where the original app authors or the community will maintain packages for the Cloudron. To realize this vision, we will provide the Pro or Startup plans free of charge for open source projects & Cloudron App maintainers. As of July 2017, we have decided to offer a 25% discount to open source projects.

Each plan includes an one month free trial. In addition, as an early adopter (pre 1.0 user), you will be given a 25% discount.

We will push the 1.0 release in the coming days where you can a make a choice of one of the above plans. Note that if you decide not to choose any plan or cancel a plan in the future, your current Cloudron installation and installed apps will continue to run as-is. This is the advantage of self-hosting. Nobody can take away the services you run on your server.

Lastly, a word of thanks for being patient with us during these changes. Building a platform company is tremendous work but we strongly believe that with your support, we can build a world where self-hosting is the norm.

Cloudron v0.150.0 released

By Girish on Friday, June 2nd 2017

We are happy to announce the release of Cloudron 0.150.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Disable backups

Cloudron always makes a backup before applying an app or platform update. If it is unable to create a backup, the update is not applied. Sometimes it is desirable to disable backups temporarily - for example, if there is a bug in Cloudron's backup mechanism and the incoming update actually fixes it! We have now added a noop backup storage backend that lets you temporarily disable backups.

DNS query subsystem

We use the native-dns module to check if DNS entries have been setup correctly. Unfortunately, this module is no longer maintained :( We have reworked the DNS query system to use dig instead.

Backup cleanup

The backup cleaner periodically removes old backups. The backup subsystem only tracks successful backups and as a result, the backup cleaner never cleaned up the artifacts of an errored backup.

From this release, Cloudron tracks the state of backups and cleans up errored backups.

Backup time limit

On some Cloudrons, the backup task gets stuck and this blocks future backups and updates. The root cause of this issue is unknown (maybe just a very slow network connection?). As a workaround, we have a set a time limit of 4 hours for the backup task to complete. If it takes more time, it is killed and you will receive an email notification of the same.

Email settings

We have moved email settings to a new view in preparation for new email features that we intend to add in the upcoming releases.

Cloudron Pricing

By Girish on Tuesday, May 16th 2017

Edit: Our pricing has changed since this announcement.

Time flies! It's almost 8 months now since we announced the Cloudron Open Source project. Over those months, we have actively listened to our users and implemented many features that make it easy for people to self-host including:

  • Support for over 10 Cloud Providers including Digital Ocean, AWS, and Scaleway
  • 3-step simple installation
  • Flexible DNS management
  • Backup features including Minio, File system and optional encryption
  • Email solution that walks through all the small details required to get your mail delivered
  • Reworked our updater to ensure smooth continuous app and server upgrades

In parallel, we have actively maintained all the apps in our App Store.

We are now satisfied that Cloudron is stable and plan to release v1.0 next week. We are happy to announce our new website that lays out our value proposition - Cloudron keep your apps and server up-to-date and secure. The new website includes pricing information of the self-hosted product.

Cloudron still has ways to go in terms of adding necessary features like intranet/home hosting, 2FA, external storage, multi-domains and of course, lot more apps! Your support will go a long way in helping us achieve our vision. It re-enforces the fact that we are spending our time on a product people find useful.

Cloudron v0.140.0 released

By Girish on Monday, May 15th 2017

We are happy to announce the release of Cloudron 0.140.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

HTTP/2 support

HTTP/2 is a major revision of the HTTP network protocol that is supported by most modern browsers. For the Cloudron, one main feature of HTTP/2 that really speeds things up is it's ability to load the entire website with a single TCP connection. This greatly reduces the number of round trips required to setup multiple TCP connections.

If you navigate to any app on the Cloudron and open up developer tools, you will see that it loads up using HTTP/2 (indicated by h2 in the protocol column below).

Appstore Submission Guidelines

The Cloudron Store is a mechanism to share your app with others who use Cloudron. Currently, to ensure that apps are maintained, secure and well supported there are some restrictions imposed on apps submitted to the Cloudron Store. See 292 and 327 for an in-depth discussion.

The following criteria must be met before submitting an app for review:

  • You must be willing to relocate your app packaging code to the Cloudron Git Repo.

  • Contributed apps must have browser tests. You can see the various app repos to get an idea on how to write these tests. The Cloudron team can help you write the tests.

  • For all practical purposes, you are the maintainer of the app and Cloudron team will not commit to the repo directly. Any changes will be submitted as Merge Requests.

  • You agree that the Cloudron team can take over the responsibility of progressing the app further if you become unresponsive (48 hours), lose interest, lack time etc. Please send us an email if your priorities change.

  • You must sign the Cloudron CLA.

As a token of our appreciation, 3rd party app authors can use the Cloudron for personal or business use for free.

Cloudron v0.130.0 released

By Girish on Tuesday, May 2nd 2017

We are happy to announce the release of Cloudron 0.130.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Unencrypted backups

It's a bit weird to announce unencrypted backups as a feature. Cloudron has supported only encrypted backups from the very first version. What we have seen is that many of our users do not set a backup password. But because Cloudron backups were always encrypted, we ended up in backups that were encrypted with an empty string. This has understandably led to a lot of confusion.

Starting this release, Cloudrons with a non-empty backup password are encrypted and have the extension .tar.gz.enc. Encrypted backups can be extracted using the following command (assuming secret is the password):

cat box_2017-04-28-201904-812_v0.130.0.tar.gz.enc | openssl aes-256-cbc -d -nosalt -pass "pass:secret" | tar zxvf -

Cloudrons with an empty password are not encrypted and have the extension .tar.gz. They can be extract using the following command:

cat box_2017-04-28-201904-812_v0.130.0.tar.gz | tar zxvf -

Naked domains as external location

The External domain feature allows you to set a custom domain for a single app. Enabling this feature involves opening the app's configure dialog and choosing External Domain in the location dropdown.

You can now set naked domains like and as an external domain for an app. The UI will point out that you need to add A record in the DNS for to point to the Cloudron.

DNS configuration alert

Should the DNS credentials expire or become invalid, Cloudron now shows a warning.

In the situation that the DNS credentials expire and the webadmin (my subdomain) certificate could not be renewed, the Cloudron switches to using a self-signed certificate. To remedy the situation, do the following:

  • If required, update the DNS entry of my subdomain manually to point to the Cloudron's public IP.
  • Login to my.<domain> by accepting the self-signed certificate in the browser.
  • Update the DNS credentials in the Domains & Certs menu.

Cloudron will automatically get a new certificate once it has valid DNS credentials (just refresh the browser after a minute).

Cloudron v0.120.0 released

By Girish on Wednesday, April 26th 2017

We are happy to announce the release of Cloudron 0.120.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

New backup design

Cloudron currently supports storing backups as encryped zipped tarballs on Amazon S3 or on the file system. We have seen many requests from our users to support alternate storage providers (like Backblaze B2), differential backups and different backup formats (plain files instead of tarballs).

To this end, we have reworked Cloudron's backup code so that it is easy to implement the above features. With the new design, it should be easy to add new backup formats and also use backup tools like rclone to upload to various storage providers. We also expect it to be easy to add support for differntial backups using tools like Borg.

Configurable backup retention

The retention period of backups can be configured in the Configure Backup dialog in the settings menu. After the retention period, Cloudron will delete the backups from the storage backend and from it's backup database.

Minio backend

Minio is now supported and listed separately as a new backup storage provider.

Download logs from web admin

We have added an UI to download system logs, mail logs and application logs. Navigate to the support menu, to download the logs.

Docker upgrade

We have updated Docker to version 17.03.1-ce. Cloudron previously had Docker 1.12.5 which did not support user namespaces very well. With the new version, we should be able to enable user namespaces and readonly rootfs for apps in a future release.

Other important fixes

  • Fix intermittent crash when checking mail dns settings
  • Fix issue where Cloudrons with errored apps won't backup when using fs backend
  • Fix DNS check issue where PTR records was read from hosts file

Cloudron v0.110.0 released

By Girish on Tuesday, April 18th 2017

We are happy to announce the release of Cloudron 0.110.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Custom data location

The disk location where Cloudron stores application and platform data can now be set by passing --data-dir during the installation step.

./cloudron-setup --provider digitalocean --data-dir /var/cloudrondata

If you have an existing Cloudron, we recommend moving the existing data directory to a new location as follows Assuming, DATA_DIR is the location to move your data, here's a migration script:

systemctl stop
systemctl stop docker
mv /home/yellowtent/appsdata "${DATA_DIR}"
ln -s "${DATA_DIR}/appsdata" /home/yellowtent/appsdata
mv /home/yellowtent/platformdata "${DATA_DIR}"
ln -s "${DATA_DIR}/platformdata" /home/yellowtent/platformdata
systemctl start docker
systemctl start

New App Restore UI

Previously, the Cloudron UI could only restore from the last backup and you had to use the CLI tool to restore from older backups.

The new App Restore UI allows you to restore from any of your previous backups. Note that on the Cloudron restoring from a backup revert not just the app data but also the app code to that point in time.

Other important fixes

  • We have added rate limits across all authentication routes to prevent password brute force. Our selfhosting docs has more information.
  • Cloudron apps including NextCloud & Surfer now support download of large files (> 1GB)
  • Max out swap size allocation to 4GB.
  • MySQL databases of all apps now uses utf8mb4 encoding by default.

Hosting LAMP apps on Cloudron - Part 2

By Girish on Thursday, April 6th 2017

In part 1, we saw how Cloudron can be used to run traditional LAMP applications using SFTP.

We have since added a couple of enhancements to the LAMP app.


You can now access the phpMyAdmin at the /phpmyadmin path of your app. Note that you have to authenticate using your Cloudron credentials to access it.

We recommend that users lock down their LAMP app once they have done modifying it. You can disable SFTP and phpMyAdmin access by unchecking the SFTP port in the app's configure dialog.

Cron support

You can now add a file named /app/data/crontab for cron support. This is how it looks in FileZilla (I added 0 * * * * php /app/code/update.php --feeds to the crontab):

Note that you must restart the app after making any changes to the crontab file. You can do this by pressing the 'Restart' button in the app's configure dialog.

Cloudron CLI on Windows

By Girish on Sunday, April 2nd 2017

We are happy to announce initial support for the Cloudron CLI tool on Windows. The Cloudron CLI tool allows you to install, configure and test apps on your Cloudron.

If you already have Node.js installed on Windows, you can install the CLI tool using npm install -g cloudron. Otherwise, you can follow this step by step guide to install the CLI tool on Windows.

Install node.js on Windows

You can download node.js for Windows from here. Be sure to download a Node.js version greater that 4.2.

Launch the node.js command prompt

By default, the installer installs Node.js under C:\Program Files\node.js. You can either add the subdirectory bin to your default PATH or use the Node.js command prompt shortcut.

Install Cloudron CLI tool

The cloudron CLI tool can be installed using npm install -g cloudron.

Your environment has been set up for using Node.js 6.10.1 (x64) and npm.

C:\Users\Girish>npm install -g cloudron
C:\Users\Girish\AppData\Roaming\npm\cloudron -> C:\Users\Girish\AppData\Roaming\npm\node_modules\cloudron\bin\cloudron

> spawn-sync@1.0.15 postinstall C:\Users\Girish\AppData\Roaming\npm\node_modules\cloudron\node_modules\spawn-sync
> node postinstall

Test drive

You should now be able to login:

C:\Users\Girish>cloudron login
Cloudron Hostname:

Enter credentials for
Username: cloudron
Password: ********
Login successful.

Try listing apps on your cloudron as follows:

C:\Users\Girish>cloudron list

Id                                    Location  Manifest Id                        State
------------------------------------  --------  ---------------------------------  -------
05e07250-1e3a-45c5-869a-00f85ad08dc4  mttrmst   org.mattermost.cloudronapp@0.8.0   running
1752eeaa-4995-4d75-ac08-139eace8434d  nvc       com.nextcloud.cloudronapp@0.4.0    running
2895f5ab-f310-46fd-aee3-062690e7337a  testes    org.tt_rss.cloudronapp@0.8.0       running
3cc158cb-89a7-476a-9b26-7f56fbce999a  piwik     org.piwik.cloudronapp@0.5.1        running
9d0857aa-8ae6-479a-9763-6b3c2036005f  opnprjct  org.openproject.cloudronapp@0.3.0  error
a5e0ee74-905d-46d7-9da9-1f79bc27b4ba  sogo3     nu.sogo.cloudronapp@0.4.0          running

To view the complete list of commands run cloudron help.

Using Cloudron as OAuth 2 provider

By Girish on Tuesday, March 21st 2017

The OAuth 2 protocol can be used to allow users with an account in your Cloudron to sign into an external service.

For this post, we will see how you can use Cloudron OAuth functionality to allow Cloudron users in to login to Kanboard at

Register OAuth application

Create an OAuth application in your Cloudron under the API Access menu.

The dialog requires 3 parameters:

  • The Application Name is the name of the external application. Set this to something memorable.

  • Authorization Callback URL is the URL that the Cloudron will callback after authentication. This value must be set to

  • Once authenticated, Scope specifies the resources to which the application has access. The profile scope indicates that the app only gets access to the user's profile and nothing else.

Make note of the Client ID and Client Secret. We will use them when configuring the OAuth2 plugin on Kanboard.

Configure OAuth2 plugin on Kanboard

First install the OAuth2 plugin in Kanboard (Plugins -> Plugin Directory -> Install), Then, configure it to use your Cloudron for authentication (Settings -> Integrations)

  • Client ID is the value obtained when registering the OAuth application.
  • Client Secret is the value obtained when registering the OAuth application.
  • Authorize URL must be set to https://my.<domain>/api/v1/oauth/dialog/authorize
  • Token URL must be set to https://my.<domain>/api/v1/oauth/token
  • User API URL must be set https://my.<domain>/api/v1/profile

The rest of the values define the mapping for the User profile API response.

  • Username Key must be set to username
  • Name Key must be set to displayName
  • Email Key must be set to email
  • User ID Key must be set to id

Testing the flow

You can now test the authentication flow on Kanboard.

Logging in using the OAuth link, takes you to the Cloudron authentication screen. On successful login, the Cloudron redirects you to Kanboard. Kanboard automatically picks up the display name, username, id and email information from the user's profile.

Cloudron v0.105.1 released

By Johannes on Thursday, March 16th 2017

We are happy to announce the release of Cloudron 0.105.1. This release brings various installation & mail relay issues and adds LDAP search improvements.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Improved email checklist

The Cloudron web interface already performed basic sanity checks for email sending and receiving. We have now added an additional check to verify that the Cloudron can connect to other SMTP servers on port 25 and will warn the admins if this is not the case.

Additionally, all email checks are now done regardless of the DNS backend (Route53, DigitalOcean, Manual, Wildcard). This is because PTR pointer checks and the newly added port 25 connectivity validation are useful for every configuration.

LDAP improvements

Cloudron groups can be used to restrict access to an app to one or more users. However, the app itself always listed all users and groups when doing an LDAP search. This issue is now resolved by only listing users and groups which are allowed to log into the app.

Installation fixes

  • Fix installation issue on servers when not using the C locale
  • Fix issue where pre-installed apps were not installed correctly
  • Fix issue where new Cloudrons could not be activated
  • Fix crash when setupToken is not provided in activate API
  • Use inline Docker GPG key when installing Docker

Cloudron v0.104.0 released

By Girish on Thursday, March 9th 2017

We are happy to announce the release of Cloudron 0.104.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

Remote support

We sometimes need SSH access to your servers to debug and collect logs. We have added a button in the Support section to easily allow you to let us SSH into your server.

Security fixes

  • Fix crash when sending mails to groups with just 1 user
  • Following the best practices listed in secureheaders, OWASP and Mozilla Wiki, we have added the following secure headers to all the apps:

    • X-XSS-Protection "1; mode=block"
    • X-Download-Options "noopen"
    • X-Content-Type-Options "nosniff"
    • X-Permitted-Cross-Domain-Policies "none"

UI fixes

  • Fixed bug where eventlog displays undefined as the username.
  • Fixed display of CNAME information when using an alternate domain.
  • Improved display of post installation messages depending on whether user chose SSO integration.

Using the Cloudron CLI tool (Part 2)

By Girish on Wednesday, March 8th 2017

In my previous post, we saw how the Cloudron CLI tool can be used to manage applications from your terminal.

In this post, we will see how to use the CLI tool to manage the Cloudron server using the cloudron machine command.

Installing Cloudron CLI

On Linux and Mac OS X, you can install the CLI tool on your laptop using the following command:

sudo npm install -g cloudron

As of this writing, the CLI tool does not work on Windows.

You can add the following command to end of your .bashrc or .zshrc for tab completion:

. <(cloudron completion)

Login to Cloudron

The first step is to login to your Cloudron. We will use the demo cloudron to test our commands.

$ cloudron login

Enter credentials for
Username: cloudron
Password: cloudron
Login successful.

There is an analogous cloudron logout, in case you want to switch to using another Cloudron.


To view the various events on the Cloudron:

$ cloudron machine eventlog

When         Action         Source        Info
-----------  -------------  ------------  ---------------------------------------------------
6 hours ago  backup.finish  girish        Backup finished
6 hours ago  backup.start   girish        Backup started
7 hours ago  backup.finish  girish        Backup finished
7 hours ago  backup.start   girish        Backup started
7 hours ago  app.login      ldap          App 6b6dc7d6-...-10b879ab1533 logged in
7 hours ago  user.login     ca3117eb...   User uid-...-7ed3d1825832 logged in
7 hours ago  user.login     ca3117eb...   User uid-...-7ed3d1825832 logged in
7 hours ago  user.login     ca3117eb...   User uid-...-7ed3d1825832 logged in
7 hours ago  app.install    girish        App org.owncloud.cloudronapp@0.10.1 installed at oc
7 hours ago  app.install    girish        App org.ghost.cloudronapp@0.4.0 installed at ghost

View Info

To view DNS and Backup information, including the backup encryption key:

$ cloudron machine info

Cloudron info:

 Version:              0.103.1
 Provider:             digitalocean

Backup config:

 provider:             filesystem
 backupFolder:         /var/backups

DNS config:

 provider:             route53
 accessKeyId:          AKIAI0SBYOQVT6CUHNWQ
 secretAccessKey:      <snipped>
 region:               us-east-1
 endpoint:             null

Server Logs

To view logs use the cloudron machine logs command:

$ cloudron machine logs
Mar 08 03:10:04 my node[1726]: Box GET /api/v1/apps 304 17.428 ms - -
Mar 08 03:10:04 my node[1726]: Box GET /api/v1/cloudron/config 304 19.167 ms - -
Mar 08 03:10:04 my node[1726]: Box GET /api/v1/profile 304 8.818 ms - -

Mar 08 03:10:09 my node[1726]: Box GET /api/v1/apps 304 6.579 ms - -
Mar 08 03:10:09 my node[1726]: Box GET /api/v1/cloudron/config 304 9.266 ms - -
Mar 08 03:10:09 my node[1726]: Box GET /api/v1/profile 304 8.054 ms - -
Mar 08 03:10:11 my dockerd[1644]: - - [08/Mar/2017:03:10:11 +0000] "GET / HTTP/1.1" 301 62 "-" "node-superagent/1.8.5"
Mar 08 03:10:11 my dockerd[1644]: - - [08/Mar/2017:03:10:11 +0000] "GET / HTTP/1.1" 302 969 "-" "node-superagent/1.8.5"
Mar 08 03:10:11 my node[1726]: box:apphealthmonitor apps alive: [ghost|org.ghost.cloudronapp, oc|org.owncloud.cloudronapp]
Mar 08 03:10:14 my node[1726]: Box GET /api/v1/apps 304 6.384 ms - -
Mar 08 03:10:14 my node[1726]: Box GET /api/v1/cloudron/config 304 4.728 ms - -
Mar 08 03:10:14 my node[1726]: Box GET /api/v1/profile 304 3.337 ms - -

Managing server backups

Cloudron backups can be used to upgrade, restore and migrate servers easily. A complete server backup consists of two parts:

  • Platform data - This contains the platform database (app list, users & groups and other settings) and the TLS certificates. When the mail server is enabled, all mailboxes are part of this backup as well.

  • App data - One file for each installed app.

The CLI tool makes it easy to create, list and download server backups.

Create a backup

To create a complete server backup at this instant (note that backups are created automatically every night):

$ cloudron machine backup create
Waiting for backup to finish......
Backup successful

Listing backups

To list the Cloudron backups:

$ cloudron machine backup list

Id                                                        Creation Time             Version
--------------------------------------------------------  ------------------------  -------
2017-03-08-031910-383/box_2017-03-08-480_v0.103.1.tar.gz  Tue Mar 07 2017 19:19:15  0.103.1
2017-03-07-211336-653/box_2017-03-07-697_v0.103.1.tar.gz  Tue Mar 07 2017 13:13:41  0.103.1
2017-03-07-201237-649/box_2017-03-07-237_v0.103.1.tar.gz  Tue Mar 07 2017 12:12:43  0.103.1

Downloading backup

To download the backups:

$ cloudron machine backup download --decrypt 2017-03-08-031910-383/box_2017-03-08-480_v0.103.1-pre.0.tar.gz

Downloading backups:

[================================================================================] 100%: 0.0s
[================================================================================] 100%: 0.0s
[================================================================================] 100%: 0.0s

If you download the encrypted backups, you can decrypt them using openssl aes-256-cbc -d -pass "pass:$pass" where $pass is the backup encryption key. You can then unpack the backup using tar zxvf <backup.tar.gz>.

We will see in a future post how you can migrate your Cloudron from one server to another easily using these backups.


The Cloudron CLI tool can be used to do various server related tasks on the Cloudron. To explore the CLI tool further, run cloudron machine help.

Using the Cloudron CLI tool (Part 1)

By Girish on Friday, March 3rd 2017

In my previous post, I gave an introduction to Cloudron's REST API. We also have a CLI tool that allows you to install, configure and test apps on your Cloudron.

The original intent of the CLI tool was simply to help package and test apps. But it's scope has since been expanded to do various app and server maintenance tasks. In this post, we will see how to use the CLI tool to manage apps on your Cloudron.

Installing Cloudron CLI

On Linux and Mac OS X, you can install the CLI tool on your laptop using the following command:

sudo npm install -g cloudron

As of this writing, the CLI tool only works with the Linux Bash Shell on Windows 10 (Cygwin and MSYS is known to not work).

You can add the following command to end of your .bashrc or .zshrc for tab completion:

. <(cloudron completion)

Login to Cloudron

The first step is to login to your Cloudron. We will use the demo cloudron to test our commands.

$ cloudron login

Enter credentials for
Username: cloudron
Password: cloudron
Login successful.

There is an analogous cloudron logout, in case you want to switch to using another Cloudron.

Listing apps

$ cloudron list

Id                         Location   Manifest Id                               State  
-------------------------  ---------  ----------------------------------------  -------
020816d3-...-a4b4649c2df9  jira       io.taiga.cloudronapp@0.5.0                running
0d502574-...-c0554f72174e  whatsapp   chat.rocket.cloudronapp@0.17.0            running
267a79ad-...-b4f2a81eb566  instagram  com.electerious.lychee.cloudronapp@0.1.1  running
7c8073e9-...-99d9a08b80c6  slack      org.mattermost.cloudronapp@0.7.2          running
c1ccac6f-...-4af951397112  github     io.gogs.cloudronapp@0.14.1                running
dd5c7893-...-4b7f195f4e19  blogger    org.wordpress.cloudronapp@0.7.2           running

You can then pass the Id or the Location as the --app parameter to identify the app to the commands below.

If you want program readable output, use cloudron inspect instead.

Installing apps

You can install apps from the Cloudron App Store like so:

$ cloudron install --appstore-id com.nextcloud.cloudronapp
Location: files
App is being installed with id: 0bcbd4f6-b7fd-4938-bde1-d236513ce9a1

 => Waiting to start installation
 => Cleaning up old install
 => Registering subdomain
 => Downloading image .......

App is installed.

Use cloudron open --app files to open the app in your browser. You can use cloudron uninstall --app files to uninstall the app.

Configure the app

To change the location of an existing app or to adjust the port bindings (for example, to change the git SSH port), use the cloudron configure command.

To move the app above to a new location myfiles:

$ cloudron configure --app files --location myfiles
Will configure app at location files
App is being configured with id: ec13f1f6-9c6c-4d60-a93f-90ca7e9c8d68

 => Cleaning up old install .
 => Registering subdomain
 => Downloading image

App is configured.

Managing backups

Cloudron maintains backups of each app individually. By doing so, you can backup, restore and clone apps individually instead of a server level (i.e compared to VPS "snapshots").

Create a backup

To create a backup at this instant (note that backups are created automatically every night):

$ cloudron backup create --app myfiles

 => Backing up .
 => Wait for health check

App is backed up

Listing backups

To list the backups of an app:

$ cloudron backup list --app myfiles

Id                                                          Creation Time        Version
----------------------------------------------------------  -------------------  -------
appbackups/app_ec13f1f6-9c...8d68_2017-03-06_v0.3.3.tar.gz  2017-03-06T02:47:40  0.3.3

Restoring from a backup

To restore from any of your backups:

$ cloudron restore --app myfiles

Restoring from a backup also rolls back the application code. This is required because old backup data is most likely incompatible with new app code.

Cloning from a backup

To install an app that is a clone of an existing app, use the clone command and pass the backup id in the --backup parameter.

The following command clones an existing app:

$ cloudron clone --app myfiles --backup latest
Location: dolly
App cloned as id a426fdec-94e7-42c5-a1f4-ab1a5ac22427

 => Waiting to start installation
 => Registering subdomain
 => Downloading image
 => Download backup and restore addons .......
 => Creating container .
 => Setting up collectd profile
 => Waiting for DNS propagation ....
 => Wait for health check........

App is cloned

Downloading backup

To download the backup and decrypt automatically:

$ cloudron backup download --decrypt  appbackups/app_ec13f1f6-9c6c-4d60-a93f-90ca7e9c8d68_2017-03-06-024727-352_v0.3.3.tar.gz

If you download the encrypted backups, you can decrypt it using openssl aes-256-cbc -d -pass "pass:$pass" where $pass is the backup encryption key. You can then unpack the backup using tar zxvf <backup.tar.gz>.

Manipulating App files

On the Cloudron, each app is it's own silo (also known as a "container"). Every app gets it's own file system and changes made by one app are invisible to others. This design allows one to manipulate apps independently without affecting others.

The Cloudron also marks most of the directories in the app's file system as read only. By making app containers immutable, Cloudron can easily update apps from one version to another because it knows exactly what is changing when the app is running.

If an app wants to persist any files across updates, it has to store them in /app/data. All other changes to the filesystem (like /tmp, /run) will be lost across updates and restarts.


You can get a "shell" into the app's file system using the exec command. As explained above, any changes you make to the filesystem only affect the app in question.

For example, to install an TinyTinyRSS theme into /app/data/themes:

$ cloudron exec --app ttrss
root@app:/app/code# cd /app/data/themes
root@app:/app/data/themes# wget
--2017-03-06 19:38:34--
Resolving ...
Connecting to connected.
HTTP request sent, awaiting response... 200 OK
Length: 38282 (37K) [text/plain]
Saving to: 'feedly.css'

feedly.css 100%[=====================================>]  37.38K  --.-KB/s    in 0.001s  

2017-03-06 19:38:35 (32.1 MB/s) - 'feedly.css' saved [38282/38282]

root@2384d1fe1ecc:/app/data/themes# ls
compact.css  default.php  feedly.css  night.css

Pushing files

You can push files or directories to an app's /app/data as follows:

For example, to push a local theme file reeder.css from your laptop to the TinyTinyRSS app:

$ cloudron push --app ttrss reeder.css /app/data/themes/
Uploading [==============================================================] 100%: 0.0s

Pulling files

You can pull files as well:

$ cloudron pull --app ttrss /app/data/themes/reeder.css .

Debugging apps

Check status

To get the status of an app:

$ cloudron status --app files

Id:               0bcbd4f6-b7fd-4938-bde1-d236513ce9a1
Location:         files
Version:          0.3.3
Manifest Id:      com.nextcloud.cloudronapp
Install state:    installed
Run state:        running

Getting logs

To get the logs of an app:

$ cloudron logs --app reader

... <snipped> ...
12:16:25 [main] - - [06/Mar/2017:20:16:25 +0000] "GET / HTTP/1.1" 200 2368 "-" "node-superagent/1.8.5"
12:16:35 [main] - - [06/Mar/2017:20:16:35 +0000] "GET / HTTP/1.1" 200 2368 "-" "node-superagent/1.8.5"
12:16:46 [main] - - [06/Mar/2017:20:16:45 +0000] "GET / HTTP/1.1" 200 2368 "-" "node-superagent/1.8.5"
... <snipped> ...

Restart app

To restart the app:

$ cloudron restart --app files

 => Waiting for app to be stopped
 => Waiting for app to be started .
 => Wait for health check

App restarted

In addition, you can use cloudron stop to "pause" an app if you want to free up resources temporarily and use cloudron start to start it up later. Unlike uninstalled apps, stopped apps are part of the Cloudron backup.


The Cloudron CLI tool can be used to do various app related tasks on the Cloudron. To explore the CLI tool further, run cloudron help.

Overview of Cloudron REST API

By Girish on Thursday, March 2nd 2017

One of the immediately visible aspects of the Cloudron is it's web based modern user interface. This user interface makes it easy for anyone to run apps on their server. Behind the scenes, there is a comprehensive REST API that powers this (Angular!) UI.

In this post, we will see how developers and integrators can use the REST API to automate various tasks in the Cloudron. I like to think of this feature as giving a REST API to an Ubuntu server.

Scope of REST API

The Cloudron UI is a client-side application that makes REST API calls for all of it's tasks. As such, you can automate any of the tasks that you can perform in the UI including:

  • Adding users, groups and mailboxes
  • Installing, configure, clone, backup and restore apps
  • Get a log of significant events
  • Change settings like the avatar, timezone, auto update pattern, certificates etc.
  • Backup and update the entire Cloudron

Using the REST API involves the following steps:

  • Create an API access token.
  • Use the access token in the Authorization header or as access_token query parameter to authenticate requests.
  • Follow the API docs to find the request endpoint and parameters.

Creating a API token

You can get an API token from the API Access menu of your Cloudron.


For illustration, we will create a user Dewey, add them to a nephews group. We will then install a Wordpress blog at location blog and give all the nephews access to that blog.

I will use my cloudron at the domain for the examples below.

Creating user 'dewey'

We start out by adding user dewey with his email. As we have set invite to true, Dewey will get an email invitation to join the Cloudron and set his password.

If you have the email server enabled, a mailbox named is automatically created.

$ curl -kX POST -H "Content-Type: application/json" -d '{ "email":  "", "username": "dewey", "invite": true }'
  "id": "uid-b51d8bd4-0f10-45e2-b927-565367bd9f33",
  "username": "dewey",
  "displayName": "",
  "email": "",
  "alternateEmail": null,
  "groupIds": [],
  "resetToken": "f13e1364790e94d3a965739064898a03942812551defa5f3c0bdb9bf760b29db"

Creating group 'nephews'

Creating a group is equally straightforward. Simply send a POST request with the name of the group.

If you have the email server enabled, a group mailing list named is automatically created.

$ curl -kX POST -H "Content-Type: application/json" -d '{ "name": "nephews" }'
  "id": "gid-fdd88ec8-5ccb-48da-b700-de2620c6b564",
  "name": "nephews"

Adding user 'dewey' to group 'nephews'

We use the set members API to add Dewey to the nephews group.

$ curl -kX PUT -H "Content-Type: application/json" -d '{ "userIds": [ "uid-b51d8bd4-0f10-45e2-b927-565367bd9f33" ] }'

The result of the above API calls can be seen in the UI immediately:

Installing 'Wordpress'

Using the app install API, we can set a location for the app and also assign the groups that have access to the app.

$ curl -kX POST -H "Content-Type: application/json" -d '{ "location": "blog", "appStoreId": "org.wordpress.cloudronapp", "accessRestriction": { "groups": [ "gid-fdd88ec8-5ccb-48da-b700-de2620c6b564" ] } }'
  "id": "1d752aad-c358-41a9-9043-602bee5324e8"

The status of the app can be checked using the get app API.

$ curl -kX GET -H "Content-Type: application/json"{
  "id": "1d752aad-c358-41a9-9043-602bee5324e8",
  "appStoreId": "org.wordpress.cloudronapp",
  "installationState": "installed",
  "installationProgress": "",
  "runState": "running",
  "health": "healthy",
  "location": "blog",
  "accessRestriction": {
    "groups": [
    "users": []
  "lastBackupId": null,
  "manifest": {
    "id": "org.wordpress.cloudronapp",
    "title": "WordPress",
    "author": "WordPress developers",
    "description": "This app packages WordPress 4.7.2.\n\nWordPress is web software you can use to create a beautiful website or blog.\nWe like to say that WordPress is both free and priceless at the same time.\n\nThe core software is built by hundreds of community volunteers, and when\nyou’re ready for more there are thousands of plugins and themes available\nto transform your site into almost anything you can imagine. Over 60 million\npeople have chosen WordPress to power the place on the web they call “home” \n— we’d love you to join the family.\n\n### Apps\n\n* [Android](\n* [iOS](\n\n",
    "tagline": "Transform your site into almost anything you can imagine",
    "version": "0.7.2",
    "healthCheckPath": "/",
    "httpPort": 8000,
    "manifestVersion": 1,
    "website": "",
    "contactEmail": "",
    "configurePath": "wp-admin/",
    "icon": "logo.png",
    "addons": {
      "mysql": {},
      "localstorage": {},
      "sendmail": {},
      "ldap": {}
    "tags": [
    "mediaLinks": [
    "changelog": "* Use latest base image 0.10.0\n* Update screenshots\n",
    "postInstallMessage": "This app integrates optionally with Cloudron SSO.\n\nWhen using Cloudron SSO, Cloudron adminstrators are automatically made WordPress\nadministrators. Non-administrators get the `editor` role by default.\n\nWhen _not_ using Cloudron SSO, the `admin` password is `changeme`.\n\nYou can access the dashboard directly at `/wp-admin/` (trailing slash is\nimportant!).\n\n",
    "optionalSso": true,
    "dockerImage": "cloudron/img-062037096d69bbf3ffb5b9316ad89cb9:71d18bb0-bd72-4661-a237-02f9d341f67b"
  "portBindings": {},
  "iconUrl": "/api/v1/apps/1d752aad-c358-41a9-9043-602bee5324e8/icon",
  "fqdn": "",
  "memoryLimit": 0,
  "altDomain": null,
  "xFrameOptions": "SAMEORIGIN",
  "sso": true,
  "debugMode": null

We can verify that the blog was installed and is running in the UI:


Cloudron has a complete REST API that can be used to automate repetitive tasks and build integrations.

Installing PHP extensions in the LAMP app

By Girish on Wednesday, March 1st 2017

In my previous post, I outlined how the Cloudron can run custom LAMP apps. You simply install the LAMP app and upload your app using SFTP. Everything around the LAMP app including DNS setup, Let's Encrypt certificate installation and renewal, backups and restores are completely taken care of by the Cloudron.

Today, we will see how to install custom PHP extensions in the LAMP app.

Pre-installed PHP extensions

The LAMP app already includes most of the popular PHP extensions including the following:

  • php-imap
  • php-mbstring
  • php-mcrypt
  • php-mysql
  • php-redis
  • php-xml
  • php-zip

You can check the complete list of pre-installed extensions by visiting the default index.php of the app that prints out phpInfo(). Alternately, you can view the source code of the LAMP app here.

Pre-installed extensions will be kept up-to-date automatically.

Installing custom extensions

As an example, we will install ionCube Loader, which is often required to install commercial PHP apps.

Step 1: Download ionCube

Download and extract the tar.gz or zip Linux 64-bit ionCube packages to your PC/Mac from the ionCube website or use the direct link.

Step 2: Upload using SFTP

Upload the extracted directory to the SFTP root directory (/app/data) of the Cloudron app (i.e one level above public/).

Step 3: Enable extension

In the top level directory of the Cloudron app (in /app/data), you will find a php.ini.

Add the following line to enable the extension (just add it before the many ;extension lines):


The LAMP app has thread safety disabled, so we choose the extension without the ts extension.

Step 4: Restart app

Lastly, restart the app for the extension to be enabled. You can do this using the Restart button in the app's configure dialog (the pencil icon in the app grid).

Verifying installation

Visit the LAMP app's default page to verify that the extension is enabled.

Hosting LAMP apps on Cloudron - Part 1

By Girish on Monday, February 27th 2017

The Cloudron is designed to be a platform for self-hosting turnkey applications. It is, however, perfectly capable of running custom LAMP apps as well.

Running LAMP apps on the Cloudron is no different than what is available on many hosting providers. You can upload your PHP code using SFTP and then modify the .htaccess and php.ini files as required. Most commonly used PHP extensions are pre-installed and you don't have to worry about keeping them up-to-date.

The main advantage of using the Cloudron to host your LAMP apps are:

  • DNS configuration, Let's Encrypt (SSL) certificate installation and renewal are automated.
  • You can use MySQL, LDAP, OAuth and send email out of the box.
  • Don't have to worry about app and server backups, restore and updates since the Cloudron takes care of it.
  • Run multiple LAMP apps, isolated from one another, on same server easily.

In this post, we will see an example of how to use the LAMP app and install ImpressPages in it.

Installing the LAMP app

First, install the LAMP app on your Cloudron from the Cloudron App Store.

When installing the app, you can specify the port in which SFTP will be available. You can disable SFTP by unchecking the checkbox, after you are done with using SFTP.

Uploading LAMP app using SFTP

Once installed, you can upload the ImpressPages app using an SFTP client like FileZilla.

  • Download and extract ImpressPages
  • Connect the SFTP client. The hostname is app's domain name. The SFTP port is 2222. The username/password is the same as your cloudron credentials.
  • Upload it to the public/ folder.

Configuring ImpressPages

Once uploaded, you can access ImpressPages by visiting the subdomain where you installed the app. The setup wizard requires the database credentials.

You can get the database credentials using the Cloudron CLI tool.

$ sudo npm install -g cloudron

$ cloudron login <your cloudron domain>

$ cloudron list
Id                                    Title  Location  
------------------------------------  -----  --------
73190fd2-059d-4ee0-9ffe-1754e8a490ff  LAMP   impress  

$ cloudron exec --app <app-id> env | grep MSQL_

Fill up the values in the installation wizard based on the values above and you should be set.

Finishing touches

On the Cloudron, we require that credentials (like MySQL access info) be not hardcoded into the app. Instead, apps should use env vars exposed to them at run time. Such an approach lets the Cloudron cycle mysql passwords periodically as a security measure and also makes apps easily migratable.

Edit the config.php on the server (using FileZilla or the cloudron exec tool) and change the db credentials to the below:

'db' => array (
    'hostname' => getenv("MYSQL_HOST"),
    'username' => getenv("MYSQL_USERNAME"),
    'password' => getenv("MYSQL_PASSWORD"),
    'tablePrefix' => 'ip_',
    'database' => getenv("MYSQL_DATABASE"),
    'charset' => 'utf8',
  ), // Database configuration

You can read more about some enhancements we have added to the LAMP app in part 2.

Cloudron supports RoseHosting

By Johannes on Friday, February 24th 2017

We are happy to announce support for installing Cloudron on


RoseHosting was the first and only web hosting company in the world to offer commercial Linux virtual servers back in 2001. See how their site looked back in the days by clicking here. Virtual servers have come a long way since that day and with Cloudron, we strive to bring them to the front for anyone, not just technically savvy people. RoseHosting's vision of becoming a leading provider of business and personal web hosting solutions lines up perfectly with our vision to enable those groups to run web services on their own terms.

Feature highlights

All virtual servers are fully managed, including support for any aspect of using/configuring the server and the software installed. The instances come with fast SSD drives, which greatly boost the performance when using a Cloudron and enables you to run even more apps in parallel, thanks to fast swap memory support. RoseHosting plans also come with full weekly backups of the whole server. This nicely complements the Cloudron backup story, which has daily per app backup and restore, but the wholesome server level backups additionally ensures that there is always a way to get your services back online fast. Read more about features here.

Get started now

With only a few steps, you can quickly get up and running with Cloudron on a RoseHosting server. Simply order the VPS instance of your choice and select the Ubuntu 16.04 LTS OS Template. Once the server is up and running, connect via SSH using the credentials shown in the instance details.

From this point on, installing the Cloudron platform is a matter of running those commands in the remote terminal:

chmod +x ./cloudron-setup
./cloudron-setup --provider rosehosting

Once finished, open your browser and visit the server by its IP address, accept the temporary self-signed certificate, and proceed with the Cloudron domain configuration.

You should now be all set to install over 50 apps from our Cloudron Store!

Cloudron v0.102.0 released

By Girish on Wednesday, February 22nd 2017

We are happy to announce the release of Cloudron 0.102.0.

For those unaware, Cloudron is a platform that makes it easy to run apps on your server and keep them up-to-date.

A+ rating for SSL

Cloudron now gets A+ rating for it's SSL setup out of the box.

You can test the rating yourself at SSL Labs.

New S3 backup regions

Cloudron can now backup to S3 in Canada and London giving you more control on where you want to keep your backups. As always, Cloudron backups are encrypted when using these regions.

New base image

Cloudron apps are built on a base docker image that already contains most of the software required for packaging. Sharing the same base image across apps allows us to conserve space (docker images tend to be quite big).

Some new software that is now part of the base image include:

  • Node 4.7.3 and 6.9.5
  • Go 1.6.4 and 1.7.5
  • PHP Composer 1.3.2
  • PHP Modules including php7.0-zip
  • Crudini - an ini file manipulator
  • xmlstarlet - an xml file manipulator

You can read the complete list here.

More supported providers

Cloudron had already supported AWS EC2, Lightsail and Digital Ocean from the get go. With this release, we are happy to announce support for many more providers (thanks to our community!)

  • Azure
  • Google Cloud
  • Amazon Lightsail
  • Linode
  • OVH
  • Rosehosting
  • Scaleway
  • Vultr

Noteworthy bug fixes

  • Robust detection and injection of Cloudron domain into the SPF record
  • Initial Cloudron setup UI now loads instantly on Firefox. This had to with us creating self-signed certificates with localhost as the CN.
  • Add a repair UI for apps in errored state.
  • Fix disk usage graphs on Scaleway

Cloudron v0.100.1 released

By Girish on Saturday, February 11th 2017

We are happy to announce the release of Cloudron 0.100.1. Cloudron continues to develop at a frantic pace and we have made a whole lot of features to make self-hosting secure, practical and fun.

Simplified installation

You can now install the Cloudron on Digital Ocean, Linode, Vultr, EC2 with 3 simple commands. Create a server with Ubuntu 16.04 and run the below:

chmod +x ./cloudron-setup
./cloudron-setup --provider [ec2/digitalocean/scaleway/generic]

We have improved the selfhosting manual to include detailed information about backups and updates.

Improved domain setup

Once the Cloudron is installed, you can access it via https://<ip>. You can provide the domain and DNS configuration for the Cloudron on the web interface. Cloudron will setup a Let's Encrypt certificate and you can then proceed to securely setup the Cloudron.

Johannes blogged about this feature in more detail here.

Backup improvements

The backup and restore story is one of the main strengths when using the Cloudron. The Cloudron maintains per app backups letting you restore any single app individually. Prior to this release, we used to create all backups in a flat directory. We have now made this structure a little more friendly by organizing backups in timestamped directories. Removing old backups is now simply a matter of removing a directory.

Minio support

In addition to S3 and the file system, backups can now be stored on Minio. You can read more in our minio blog post.

On a related note, we also have a community contributed Minio app (Thanks @dswd!).

Email setup

Setting up apps for sending and receiving email is complicated. Cloudron makes this task trivial by automatically configuring apps to send and receive email via the Cloudron's built-in email server.

When using one of the programmable DNS providers like DigitalOcean or Route53, the Cloudron will setup various mail related records like DKIM, SPF, DMARC automatically. For users using the Wildcard DNS backend, the expected DNS entries are now displayed in the UI so that they can be setup manually. Clicking on 'Advanced' will provide instructions on how to fix any issue.

Note that the Cloudron is a good mail citizen and will not send email until atleast the SPF check has passed.

Upgrade improvements

Cloudron's vision is to bring SaaS based deployment model to self-hosting. We want to build a platform where app authors can continuously push updates to apps. You can now control the time (in your Cloudron's time zone) when apps are updated.

Security and Stability

The latest release contains various security and stability related fixes and we enourage you to upgrade immediately. Some of them are:

  • Changes to ensure that the Cloudron will still run despite the disk being full.
  • Docker has been updated to 1.12.5
  • Fix issue where mail container was not detecting blacklisted IPs correctly

If you are having trouble upgrading, talk to us in our live chat.

Hope your enjoy the new release!

Improved domain setup

By Johannes on Tuesday, February 7th 2017

By design, every Cloudron requires a domain assigned to it. Specifying and configuring this domain is part of the setup flow. Since DNS management is a core aspect of the platform, the Cloudron uses DNS provider backends to create, modify and delete DNS records as needed. DNS records are updated every time a new application is installed on a subdomain or when email related records need to be added or adjusted.

So far, the domain had to be provided during the installation of the platform via the cloudron-setup script. With the latest release, you can now specify a domain as part of the initial setup flow. After the cloudron-setup script completes, the Cloudron will serve up the domain setup page on the server's IP address with a self-signed certificate. This new setup page allows the user to assign the domain for the Cloudron and to select a DNS backend provider.

The setup view supports the following backend providers:

Route53 and DigitalOcean offer the best experience, as they allow the Cloudron to take over ownership of the DNS records. Both backends are non-destructive and will only alter domain records if they do not already exist. To use them, the desired domain has to be hosted with the corresponding DNS provider. Read more about how to configure your domain to use those providers here.

If your domain is hosted on any other provider, we recommend choosing the wildcard option. For this, setup a DNS A record for * to your Cloudron's public IP. Doing so, avoids having to create a new DNS entry every time you install an app on a subdomain.

If adding a wildcard DNS record is infeasible, choose the manual option. For this, setup a DNS A record for '' to your Cloudron's public IP. You must also remember to add a DNS record manually every time you install an app. Since it's easy to forget adding and updating DNS records, we do not recommend this option.

When the domain setup form is submitted, the setup code will verify if your domain is setup correctly with the selected provider and validate the access tokens. Once validated, it will attempt to acquire a SSL certificate from Let's Encrypt and redirect the browser to the main admin configuration page available at This can be verified by the green lock icon in the browser's URL bar. You can now proceed to securely setup an adminstrator account and install apps.

We hope the new setup flow gives a smoother setup experience.

Let us know what you think and join us at our user chat.

Minio support in Cloudron

By Johannes on Tuesday, December 13th 2016

Minio is a distributed object storage server built for cloud applications and devops. It is Amazon S3 Compatible and thus implements the S3 v4 APIs and comes with their own client SDK, command line tooling and has a minimalist design web interfaces for administration. Furthermore, it is published under the Apache v2.0 license with an active developer community.

Since Cloudron has supported Amazon S3 from the very start, as the only proper backup solution, our community asked for Minio support, to improve the on-premise or pure self-hosting deployment.

Due to the nature of high compatibility with the Amazon S3 API, adding support was straightforwards. Setting your Cloudron up to use Minio as the backup storage is trivial, once you have a running Minio instance.

Getting started with Minio

Minio itself has great documentation to get up and running quickly, either using Docker or plain Linux.

Since it is written in go, running the following commands will spawn a working server in a few seconds:

chmod +x minio
./minio server ./storage

The server will print all required information, including the URLs to the web interface and login credentials:

You may continue for testing purposes with this setup, however if publicly accessable, your instance should be at least setup with https. Read here for further details.

Configure your Cloudron

First thing to use Minio as the backup storage for your Cloudron is to create a bucket. This can be done via the Minio web interface.

Ensure the bucket is setup with read and write permissions:

That's all there is needed on the Minio side. Now head over to your Cloudron's admin interface and go to the backup section of the settings page. Click the Configure button and simply fill in all the details from your Minio setup.

It should look similar to this:

Upon saving the new configuration, the Cloudron will attempt to upload and then remove a test file, using the provided credentials.

Create a new backup

To verify everything works just fine, trigger a new backup using the Backup now button, which should now appear next to the backup configuration button.

And afterwards refresh the Minio web interface to check if the backups have been correctly stored.

We hope you enjoy the latest addition to our backup storage support.

Join us at our user chat if you have any unanswered questions.

Cloudron on Amazon Lightsail

By Johannes on Thursday, December 8th 2016

Amazon recently launched a new virtual private server offering called Amazon Lightsail. It is positioned to compete with other VPS providers like DigitalOcean, Vultr or Scaleway to name a few.

Instances start from $5 per month and come with static IP address support free of charge. Additionally there is a DNS management interface, which is using the Route53 as the underlying technology. The new offering comes outside the common AWS console, in a much more clean and simplistic appearance. There is no need to dive into security groups, vpc setup or complex firewall settings.

Getting Started

Since Lighsail accounts plugs nicely into other AWS services like S3 and Route53, which are well supported with Cloudron, it is a great way to get started with your own Cloudron installation, being able to install all apps from our Cloudron store in a few minutes.

The minimum requirement for Cloudron is 1GB main memory, make sure to select a server model with at least 1GB.

Cloudron is based on a server running pristine Ubuntu 16.04, so after creating an account at Amazon Lightsail a new server instance has to be created with that specific base OS:


Cloudron v0.80.0 released

By Johannes on Tuesday, November 29th 2016

We are happy to announce the release of Cloudron 0.80.0.

The version 0.80.0 may not seem very high but this is in fact our 177th release! We keep making more dramatic version bumps in the next releases to signal how close we are to 1.0.0.

Optional Single Sign-On

So far single sign-on and thus a centralized user management on the Cloudron was a very important feature and we still think it is a great benefit in the long run. However there are use-cases like a public chat or forum, where it does not make sense to manage all users from within the Cloudron, we have decided to allow apps to be setup with either Cloudron single sign-on or disable it and let the app handle the user management entirely on its own.

All apps supporting this setting will be published over the next week and new installations will give you the option to select which option fits best for your use-case. Enabling single sign-on for an app is done at installation time. It cannot be changed after the app got installed. This has to do with complexity on how apps can deal with swapping out the authentication backend, which we want to avoid.

Please be aware, that current app installations, will not be affected.

In addition to making the user integration optional, we will also push forward packaging of apps which we didn't consider adding to our store, due to the inability of adding support for Cloudron user management. We already had a few such apps published, like ghost, however those were exceptions so far.

We hope by adding new popular apps with less packaging burden due to the optional user management, will open up better conversation and support from upstream developers, to assist us adding support for single sign-on in the future.

Incremental improvements to the install script

Over the course of the last week, we have seen a huge pick up of self-hosting the Cloudron on various different VPS providers and also other diverse setups. Which resulted in many valuable feedback for the Cloudron installation scripts. We were able to fix various stumbling blocks, to make installation more reliable and easier. Furthermore we also reduced impact on the server configuration, like micromanaging the ssh daemon, which turned out to be not necessary.

As many other reported issues around self-hosting did not make it into this release, we dedicate the next milestone to this topic.

Thanks to our growing community for assistance and all the great feedback.

See how easy self-hosting is now.

Improvements to the configuration panel

While the optional single sign-on and the changes to the centralized user management, required larger tweaks to the admin web-interface. We were able to add various other smaller improvements to it.

Most notable are:

  • Better font to increase readability
  • Enhanced settings and filters for the activity log
  • Reworked error pages

We hope you like this release.

Let us know if you do, otherwise give us feedback.

Self-host the Cloudron on Digital Ocean

By Girish Ramakrishnan on Tuesday, September 20th 2016

Cloudron is a platform for self-hosting web apps like WordPress, MediaWiki, Rocket.Chat, ownCloud on your server. My previous post gives an introduction of the Cloudron.

We are happy to announce that you can now self-host the Cloudron on Digital Ocean.

# INFO: We have improved the Cloudron setup for DigitalOcean, click here for the current docs!

Getting ready

  1. Sign up with Digital Ocean (This is a referral link to get $10 credit). You can also use your existing Digital Ocean account. Once you sign up, create an API token.

  2. Have your domain setup on Digital Ocean.

  3. Install the the Cloudron commandline tool via npm.

Creating the Cloudron

This simple command will create your Cloudron on Digital Ocean.

cloudron machine create digitalocean \
        --fqdn <domain> \
        --region <digitalocean-region> \
        --token <digitalocean-api-token> \
        --ssh-key <ssh-key-name-or-filepath> \
        --backup-key <backup-key>

You can now visit my.<domain> to finish the Cloudron setup and install apps.


For detailed information, please refer to our documentation.

Please send us feedback at or even better join us at our chat.

Cloudron v0.20.0 released

By Girish on Thursday, September 8th 2016

We are happy to announce the release of Cloudron 0.20.0.

The version 0.20.0 may not seem very high but this is in fact our 165th release! We will probably make a more dramatic version bump in the next release to signal how close we are to 1.0.0.

Smarter DNS management

The Cloudron is intended to completely take over your domain management. You give it a domain and it will maintain all the DNS entries as and when apps get installed and removed. The Cloudron also allows you to access individual apps from an external domain.

With today's release, you can add new DNS entries to your nameserver behind the Cloudron's back. If you attempt to an install an app at a location that is already taken, the Cloudron will smartly detect this and flag an error.

Configurable memory limit

Cloudron apps have a memory limit baked into the manifest. This is supposed to provide a sensible default after users install the app.

For higher loads, the app may need to be given more memory. We have added a slider under the 'Advanced Settings' section of the configure dialog that lets you change the memory limit for an app.

Better Access Control

The Cloudron store has a wide variety of apps and each brings it's own mechanism of managing users. We have consolidated the access control requirements for apps into three main categories:

  • Complete Cloudron authentication - Majority of the apps in the Cloudron Store fall under this category. For these apps, you can control which users and groups can access the app.

  • No Cloudron authentication - Some apps like Mattermost and Ghost have their own user management system and do not integrate with the Cloudron. For such apps, we now show a message stating so and access control functionality is disabled.

  • No user management - Apps like Haste, Imagebin have no concept of logged-in user. For such apps, the Cloudron will install a "proxy" login screen. The idea here is that you can access the app after authenticating with the "proxy". There is also an unrestricted option to turn off this proxy.

Post install messages

Some apps like ownCloud have a built-in admin usage. The Cloudron admin has to change the password of that user after installation. Currently, this information is buried in the App store description file and most users skip over it.

From this release, we have added a special manifest field named postInstallMessage that lets the app display messages after an app is installed.

For example, after you click the install button for ownCloud, you will immediately see this:

You can view the post installation message anytime by clicking the button in the app grid.

Hope you enjoy the release!

Cloudron is now open source

By Girish on Monday, August 29th 2016

Disclaimer: (28 Mar 2018) Cloudron is not a web app that you can just download and run. It is more akin to OS software and the final product is made from a lot of components carefully stitched together. It is also an operational service where we push out updates continuously and as such "version numbers" are not very meaningful. For this reason, we don't advertise Cloudron as "open source" anymore since people are often mistaking it to be "free" (as in beer). We continue to develop Cloudron in the open.

Cloudron is a platform for self-hosting web apps like WordPress, MediaWiki, Rocket.Chat, ownCloud on your server. My previous post gives an introduction of the Cloudron.

We are happy to announce that Cloudron is now Open Source. The code is available from our GitLab (self-hosted on a Cloudron, of course) under AGPL.

Core Ideas

Let's lay out some of the core ideas that led us to developing the Cloudron:

A Complete solution

Self-hosters today have to deal with app installation, DNS setup, SSL setup, alerts, database configuration, firewall, monitoring etc. Our solution?

Obviously, there will be some human intervention involved but the goal is to keep this so low as to make self-hosting a no-brainer.

Turnkey apps

It should be trivial to install apps on the Cloudron. On the Cloudron, you just give a subdomain and install an app. You can use it immediately without having to run through setup wizards.

Multiple apps

Unlike most 1-click solutions, we want to run multiple web apps on a single server. The Cloudron achieves this by containerizing apps using Docker and designing shared app resources (like databases) for multi-tenancy.

Continuous updates

A strength of SaaS apps is how quickly and transparently they can be updated. We want to bring the same agility to self-hosters. Security & feature updates to apps must be installed within hours and not days. Cloudron achieves this by implementing an App Store for web apps.

We also want to make tasks like upgrades & migrations at the server level seamless. Imagine, if you can move your data to a different geographic region, or switch your infrastructure provider or upgrade from one ubuntu to another with a simple command.

Single Sign-On

Nobody likes maintaining passwords for each app. We want to have the platform support user management and make installed apps use the Cloudron as the authentication provider. To be flexible, the user can turn off this integration at the app level. This might make sense for public facing websites like a chat, forum etc.

Developer friendly

Like any platform, our success depends on developer mindshare. We wanted to make sure apps for the Cloudron can be built easily and using any framework/language of their choice.

For this, we have implemented an app packaging mechanism based on Docker. Cloudron is fun and easy, here give it a shot.

Cloudron also has a complete REST API allowing you to automate all aspects of the Cloudron.

User friendly

We want to make self-hosting accessible to all. To this end, we want to build a great UI for managing apps without having to know about all the technical details of server management.

This applies to external users who use the apps as well. There must be no new technical concepts to learn. For example, our own code is hosted at, our chat is at and so on. For everyone involved, those links are just another website and the fact that they are hosted on a Cloudron is transparent.


Cloudron architecture

The Cloudron is implemented as a PaaS. 'Addons' implement a shared resource. For example, the MySQL addon, provisions one or more databases for an app. There are many addons available including MySql, Redis, MongoDB, Mail. A complete list is here.

Each addon is impemented as a Docker container. Among other things, this allows us to easily update the addons.

The main platform code is in the box repo. It orchestrates addons, provides user management and serves up a web interface.

Running the Cloudron

There are two way to get the Cloudron:

  • On your server - Simply follow the selfhosting guide to get Cloudron AWS EC2. We are adding support for more server providers (if you are a VPS provider, please contact us).

  • On a private server managed by us - If you don't feel like managing servers but like the idea of data ownership and control that comes with self-hosting, you can sign up here. You should be up and running in 10 minutes.

We also have a demo (username: cloudron password: cloudron).

Comments/Suggestions/Feedback? Talk to us on our chat.

Cloudron: A platform for self-hosting web apps

By Girish on Wednesday, August 24th 2016

Cloudron is a platform that makes it easy to self-host web apps like WordPress, Rocket.Chat, Mattermost, GitLab, Rainloop, NodeBB and ownCloud.

Today, many individuals and small businesses are self-hosting these apps for various reasons including data control, ownership, pricing and customization. However, self-hosting is an onerous task and they often end up compromising with SaaS products.


Let's run through some of the problems that self-hosters face and how the Cloudron solves them.

  • Installing and configuring apps is tedious. The Cloudron solves this by letting app developers publish apps to the Cloudron Store.

  • Most apps require database and email setup. The Cloudron platform automatically provisions those.

  • Apps need to be periodically backed up. The Cloudron backs up each app individually. This allows them to be restored independently.

  • Apps need to be updated. App updates are delivered via the Cloudron Store.

  • Domains have to be configured and SSL certificates needs to be installed and updated periodically. The platform will configure the DNS and install SSL certificates using Let's Encrypt.

  • Each app comes with it's own user management. Apps on the Cloudron integrate with Cloudron SSO and this allows one to use the same credential across all apps. You can easily add/remove users in the Cloudron admin page and grant access to them for specific apps.

The Cloudron also handles alerts, migration to another server (preserving your apps and data) and comes with a secure firewall. It also has a complete REST API.

A note about other existing 1-click solutions. These solutions install a single app and have no proper update, backup strategy. Also as you can tell, the Cloudron goes well and beyond app installation. It's goal is to bring server maintenance for self-hosters to zero.

Get Cloudron

The Cloudron platform is open source (under AGPL) and is available here.

There is a live demo (username: cloudron password: cloudron).

To get the Cloudron platform on AWS, you can read up more at our selfhosting page.

If you are an app developer, the packaging tutorial should get you started (hint: if you know docker and heroku, you are almost there).

If you are a VPS provider and would like to see the Cloudron integrated into your offering, please write to us.

Self hosted contacts and calendar sync

By Johannes on Monday, August 8th 2016

Having your address book and calendar synchronized between all your devices is very useful and basically a common thing to have nowadays. If you buy into an existing ecosystem like Google, it is pretty much a solved problem. However, there are not many such ecosystems out there and if you don't feel comfortable for your own reasons, to bind youself to such offerings, self hosted solutions are unfortunately not yet very popular, despite the availability of great self hosted alternatives.

In this article, I will guide you through the process of getting set up with three different self hosted apps, which provide contacts and calendar sync between all your devices, based on the solid standard protocols CardDAV and CalDAV.


Embedding apps into external sites

By Girish on Friday, July 15th 2016

A common request has been to allow embedding a Cloudron app into an external website. So far, we had disabled embedding to prevent Clickjacking (thanks to a security report by Imene Essoussi).

What is clickjacking?

Quoting OWASP, clickjacking is a cunning technique to mislead the user into clicking something they didn't intend to:

For example, imagine an attacker who builds a web site that has a button
on it that says "click here for a free iPod". However, on top of that
web page, the attacker has loaded an iframe with your mail account, and
lined up exactly the "delete all messages" button directly on top of the
"free iPod" button. The victim tries to click on the "free iPod" button
but instead actually clicked on the invisible "delete all messages"
button. In essence, the attacker has "hijacked" the user's click,
hence the name "Clickjacking".


One way to prevent clickjacking is to prevent embedding the app into other sites. The Cloudron did this by serving apps with the HTTP directive X-Frame-Options: SAMEORIGIN.

While this change made it more secure (on most browsers), it had the consequence of breaking our own Live Chat. Our Live Chat happens to be a Rocket.Chat app that runs on a Cloudron at - a different origin from this site


We released a feature today that will let you configure X-Frame-Options. You can do so from the app's configure dialog:

As you can tell, for our case, we simply set the allowed origin to and lo and behold, we have our Live Chat back!

Feedback/Comments ? Talk to us!

Self-host the Cloudron on AWS

By Johannes on Tuesday, July 5th 2016

We are happy to announce the possibility to self host-the Cloudron platform on AWS EC2.

Self-hosting is intended for technically savvy people to host on their own on EC2. We will release the very same versions that we already offer as a fully managed Cloudron via It includes the same feature set as the managed Cloudron. However, it does not come with any support or uptime promises.

How it works

We offer public AMIs for the base image in all AWS regions. We have extended the Cloudron CLI tool to provide an easy way to create a Cloudron in your AWS account. The tool will assist you in spinning up an EC2 instance, provisioned with the latest Cloudron version. It will also help in base image upgrades and in restoring the whole instance from a backup.

To get started, all you need is the Cloudron commandline tool via npm, a domain and an AWS account.

Once you have setup a few AWS resources, like DNS zone and the backup bucket in S3, a single command will bring your Cloudron to life:

cloudron machine create ec2 \
    --type t2.small --disk-size 30 --region <region-slug> --ssh-key <ssh-key-name> \
    --fqdn <domain> \
    --access-key-id <aws-key-id> --secret-access-key <aws-key-secret> \
    --backup-key <encryption-key> --backup-bucket <backup-bucket-name>

For detailed information, please refer to our documentation.

What to expect

We have tried to create a smooth process to self-host Cloudrons on EC2 with the CLI tool. However, since this is a brand new feature, there are likely some bugs and rough edges.

Please send us feedback at or join us at our chat.


By Girish on Wednesday, June 22nd 2016

We are pleased to announce the release of the Cloudron REST API.

The REST API provides programmatic access to manage all aspects of the Cloudron. It can be used to perform just about any task that you can do on the Cloudron admin page including:

  • Add users, groups and mailboxes

  • Installing, configure, clone, backup and restore apps

  • Get a log of significant events

  • Change settings like the avatar, timezone, auto update pattern, certificates etc.

  • Backup and update the entire Cloudron

Getting started

First get an API token to authenticate requests. You can get one from the API Access menu of your Cloudron.

The access token can be passed in the Authorization header or access_token query parameter to authenticate requests.

Quick tour

Let's start by adding a user (The cloudron is named in the examples below):

curl -X POST -d '{ "email": "" }'<token>

This will send an invite email to the new user with which they can sign up.

We can install any app from the Cloudron Store with a simple API call. To install Gogs in the subdomain

curl -X POST -d '{ "appStoreId": "io.gogs.cloudronapp", "location": "git", "accessRestriction": null }'<token>

accessRestriction can be set to a group or a list of users to restrict access to the app.

To view the login events across all apps in your Cloudron:

curl -X GET<token>


The complete API docs are here. If you have any questions feel free to mail us at or hop on to our Chat.

How to get your own private Rocket.Chat

By Johannes on Tuesday, March 15th 2016

In the wake of slack, private chat has become a major thing in the tech world, but it is by far not the only chat solution for teams available. This blog will introduce you to Rocket.Chat and how to get your personal instance up and running in no time.

Rocket.Chat is an open source webchat platform with a great active community around it. Releases happen on average about every 10 days. It comes with all the features you would expect, like group chats, private channels, history, notifications, message pinning, mobile clients and so on. Even if you are looking for an embedded live chat option for your website, look no further!

All in all, it is great chat option for a private company chat or a public channel to interact with your community. We, at Cloudron, use it day in day out and are very happy with it. Join us here to see how it works.

Let me explain how to install your own private Rocket.Chat.


User Groups & Access Control

By Johannes on Monday, February 22nd 2016

Today, we're announcing two new features - managing users using groups and group level access control for applications.

The story so far

Previously, all users on a Cloudron had access to all installed applications and the special built-in Admin group provided administrator rights.

With today's release, we have made it possible to create user groups and control which groups can access an application.


Fully Automatic Let's Encrypt Support and Custom Domains

By Girish on Friday, February 5th 2016

We are releasing support for custom domains today, thanks in large part to Let's Encrypt.

If you are wondering what a Cloudron is, please read this first. In short, the Cloudron is a managed Smartserver designed to run web applications. When you sign up, you can create a server with a domain name of your choice. From there on, installing web apps from our Cloudron Store is just a click away. Backups, updates, SSL certificates, security fixes are all taken care of.

Let's Encrypt

So far, you had to choose a subdomain under for your Cloudron. This limitation was because of the fact that automating SSL certificate creation, installation and renewal is extremely difficult. There's also the small matter that wild card certificates are quite expensive.

Enter Let's Encrypt, a new Certificate Authority, that not only makes it possible to fully automate certificate creation and renewal but also provides them for free!


The main requirement is that your custom domain must be hosted by Route53.

If you intend to use a brand new domain, we suggest simply purchasing the domain from Route53 itself. Doing so, will automatically setup your domain's nameservers to Route53.

If you have an existing domain, you have two choices:

  • Move your domain to use Route53 name servers by following this guide. If you are having trouble with this process, Chat or email us and we can help you out.

  • Alternately, if your DNS provider provides an automatable API, let us know and we will try to support it :-)

Once you have done the above, if you are an existing customer, just send us a mail and we will migrate your existing Cloudron to the new domain. All your data, apps and all configuration will be intact. That's the power of the Cloudron. Everything you do in a Cloudron is trivially relocatable.

For new customers, simply follow the instructions when creating a new Cloudron (FAQ).

Seeing is believing

Our very own chat server runs on a Cloudron :-) You are welcome to register and talk to us there.

How it works

The Cloudron Smartserver contains an implementation of the Acme specification. We use the Simple HTTP validation approach to get certificates from Let's Encrypt. (For the curious, when we started writing the code, DVSNI was not supported).

We also require your domain to be hosted on Route53. This allows us to automate the DNS management of your domain.

When you install a blog app at say, we automatically setup the DNS records, and provision the Cloudron to validate against Let's Encrypt. Once validated, we get the certificate and install it. Lo and behold, you have a blog which is completely HTTPS (the Cloudron does not support HTTP anyway).

Certificate Renewal

Let's Encrypt certificates are only valid for 3 months. The Cloudron will automatically track all your certificates and renew them as required.

Certificate Reuse

If you delete an app, the certificates for the subdomain are still retained so that they can be reused (see certificate limits below). This is useful if you started out with an app in a subdomain but changed your mind and want to use another app in the same subdomain. For example, can be switched over from Lets Chat to Rocket.Chat keeping the cert.

Certificate limits

Let's Encrypt only issues 5 certificates for a domain per week. This means that if you install more applications on your Cloudron, you will be unable to get certificates. For such situations, you can provide a fallback certificate to use in the settings page. Alternately, wait out a week so you can get more certs :-)

App Spotlight - Tiny Tiny RSS

By Girish on Monday, January 11th 2016

Tiny Tiny RSS is now available in the Cloudron Store.


Tiny Tiny RSS is RSS feed reader started by Andrew Dolgov in response to the shutting down of Google Reader. Interestingly enough, our Cloudron story has roots in the closing of Google Reader as well.


Public Beta

By Girish on Thursday, January 7th 2016

A month ago we started the private beta program and we are now comfortable opening up the product to a larger audience.

We are happy to announce that Cloudron has entered Public Beta and invitations are no longer necessary.

Sign up here.

What's a Cloudron?

The Cloudron is a managed Smartserver designed to run web applications.

Say you want to run Wordpress, Mediawiki,, or Gogs on your own server. This involves reading installation manuals, provisioning databases and configuring the server. You then need to configure the DNS, install SSL certificates and secure your server. And we haven't even talked about how to backup and update all this configuration and data that are specific to each app.

It's no wonder the world is very happy with SaaS. Maintaining web applications is unrewarding and we are happy to let someone else do it. We, at Cloudron, want to fix just that!

When you sign up, you can create a server with a domain name of your choice. From there on, installing web apps from our Cloudron Store is just a click away. Backups, updates, SSL certificates, security fixes are all taken care of.

Pics or it didn't happen

We have something better than pics!

Here's a live demo (username: cloudron password: cloudron).

Also, a video to show you how simple it is.

There's a lot more to it

We didn't stop there. You can add your family or team members to your server easily. The icing on the cake is that Cloudron Apps can integrate with one of the many authentication strategies allowing the users to use the same credentials in all the apps.

It's a platform

The Cloudron runs the Smartserver platform. Among other things, the platform implements a heroku-style PaaS for your server.

We don't have an army of Dobbys managing your server! The server software is smart enough to take care of itself most of the time. Manual intervention is sometimes required and this is what makes the Cloudron a managed Smartserver.

We will have some announcements about our platform later this month.


Anyone can develop apps for the Cloudron. We have made some apps on our own and you can see the initial app list at the Cloudron Store. If you are a developer, be sure to view the docs and the app code.

We are buzzword compliant: Docker, NoSQL database, Let's Encrypt, we have it all :-)

Exciting times

While there are many use cases for the Cloudron, our personal vision is a world where families and teams can have their own Smartserver. We would love to have you on board.

Sign up today!

We are in Private Beta

By Girish on Monday, December 7th 2015

We are happy to announce that Cloudron has entered Private Beta. We have been testing the product for months with close friends and we consider the product stable for general use.

We started Cloudron to make it simple for anyone (by which we mean anyone. and yes, we tested this product with our moms) to run web applications on their own server. Think blogs, chat applications, wikis, code hosting, syncing photos and contacts and of course, email.

Running your own server can be very intimidating. Setting up domains, purchasing certificates, installing applications reading complicated READMEs and of course, keeping them backed up and updated is all too much work and most of us would rather let someone else do it. The Cloudron intends to solve all that. We want anyone to be able to get a domain and install apps.

Here's a video to show you how simple it is.

Here's a live demo (username: cloudron password: cloudron).

We have started out small and you can see the initial app list at the Cloudron Store. Anyone can develop apps for the Cloudron. If you are a developer, be sure to view the docs and the app code. You need an account to get started, just email us at to get an invite immediately.

What can you expect as a beta customer?

  • The Cloudron is a paid product. We expect you to use your Cloudron everyday and give us input on what areas we should improve on. We dogfood our product and our code hosting (gitlab), chat (Rocket chat and palava), wiki (gollum), files (owncloud), scrum (kanboard), pastebin (hastebin and pasteboard) is all hosted on a Cloudron.

  • The Cloudron is a team/family product. You can add users and they can access your apps.

  • We need feedback on what apps you are looking for. We will work with app developers to make these available.

  • We need feedback on what features to prioritize. Once you sign up, you will be able to join our chat channel to talk with us directly. Your suggestions will go a long way towards helping us build our product.

These are exciting times. Imagine a world where everyone can have their own Smart Server just like everyone has a Smart Phone. We would love to have you on board. You can sign up for the beta invite on our website.