Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic Updates for Self Hosted Element #14760

Closed
the0d0re9 opened this issue Jul 25, 2020 · 1 comment
Closed

Automatic Updates for Self Hosted Element #14760

the0d0re9 opened this issue Jul 25, 2020 · 1 comment
Labels
T-Enhancement

Comments

@the0d0re9
Copy link

the0d0re9 commented Jul 25, 2020
edited
Loading

I've noticed a surge in people self hosting Element web, which is a good thing, but I also noticed that there's no recommended way to keep element up to date, I've been recommended downloading the tarball, extracting it, and changing the /version endpoint output and switching it up a version, which will trigger the cachebusting code to clear the cache and notify the user there's an update.

This is a super nice feature and seems to lend itself to exactly this kind of scenario, however after looking through the code and docs, and speaking to Matthew, what self hosted element users don't currently have is a way to ensure their element is always up to date with the GitHub releases. This is important for security reasons.

My proposal would be something like a bash script, to perform these steps automatically, combined with documentation for best practices on keeping the server up to date which would involve adding a cron job or similar with this bash script, the bash script would also check if the release is signed, etc.

This of course would be optional but recommended for most users.

Currently I'm under the impression (after speaking to several self-hosted element users) that these users believe this functionality already exists, and element-web once set up will keep itself up to date, which does not appear to be the case. This would allow admins to "set and forget" the service (as many do currently) without leaving their users at risk due to security issues in the code that may be patched out routinely, reported or similar.

Obviously this wouldn't be used by people who make large changes to Element as in the case of some matrix.org customers, but for general users and synapse admins who want to set up their own self hosted version of element (possibly to improve privacy, as is the case of privacytools changing the integration services to their own, etc.) this would improve security greatly.

Sorry in advance for any confusing sentences, writing this on my phone!
@t3chguy
Copy link
Member

t3chguy commented Jul 25, 2020

My proposal would be something like a bash script, to perform these steps automatically, combined with documentation for best practices on keeping the server up to date which would involve adding a cron job or similar with this bash script, the bash script would also check if the release is signed, etc.

There are already such bash scripts; e.g https://gist.github.com/MurzNN/ee64f98ab2e71b886c41d55594e5dd9e

The official approach will be #2777 - closing it in favour of that

@t3chguy t3chguy closed this as completed Jul 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
T-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t3chguy @the0d0re9