NethServer 7.5 released


pablo (26) I'm excited to announce that NethServer 7.5 has been released and is publicly available. We're confident that it will be as always a great release and it will achieve our mission: making sysadmin's life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source).

About NethServer

NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices, medium enterprises and home users. It’s simple, secure and flexible. NethServer helps sysadmins being successful in the IT space by leveraging all the power of a Linux server without complexity NethServer supports the community of sysadmins, be they home or business, with a powerful package of software to serve everyone, that will be free, open, dependable and sustainable for the long term. NethServer is ready to deliver your messages, to protect your network with the built-in firewall, share your files and much more, everything on the same system.

Release highlights

Many new features were added since the last NethServer ISO was released, they are all available today with NethServer 7.5! Let’s see the most important improvements:

Subscription: Stable Updates Repository + Professional Support Services

The NethServer Subscription by Nethesis enables exclusive access to the Stable Updates repository, monitoring tools and immediate professional support services for your NethServer deployments. The NethServer subscription module is available by default in new installations. Let's subscribe your NethServer now following this guide! ba9c205e644e08a5fca8fabed19091aae4b32cb4_1_443x500 png  443×500 |314x271

Rspamd

A new email server and filter alternative based on Rspamd has been released and is now available from software center. What's new? New antispam engine, DKIM signature, Greylist threshold, Rspamd web UI. rspamd screenshot

OpenDKIM signature for outbound messages

Signing outbound mail messages with a DKIM key increases the trust of other mail servers with ours! It is now available from Email > Domains page image|504x500

Software center configuration and system upgrade panels

We have deployed a new panel to manage the Software center. It allows to select how NethServer deals with upstream updates and configures automatic software updates image|641x500 The "Locked" policy is selected automatically when CentOS releases a new minor version. It limits updates to repositories specific to the current version When NethServer is ready to upgrade, the new upgrade procedure can be started: The Software center section of the Admin's manual was updated accordingly. Read it carefully!

Icaro Hotspot

Hotspot main goal is to provide internet connectivity via wi-fi to casual users. Users are sent to a captive portal from which they can access the network by authenticating themselves via social login, sms or email. Icaro is complete Hotspot written in Go and Vue.js. It uses CoovaChilli as access controller which can be configured and installed inside NethServer.

Fail2Ban is now part of the core

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs – too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. image|626x500

Backup data: include log files

The useris now able to add system log files inside the data backup. This behavior is useful when the sysadmin must complain to strict rules about log retention policy GDPR

NextCloud 13.02

Latest version is now integrated in NethServer. Some improvements has been added to improve performance and security: new php 7.1 version, "Strict-Transport-Security” HTTP header, opcache and others..

Mattermost

Open source, private cloud, Slack-alternative is now included in NethServer. Workplace messaging for web, PCs and phones. Increase productivity while reducing shadow IT with a secure, configurable, scalable enterprise messaging solution on an open source platform.

NethServer HotSync

NethServer HotSync aims to reduce downtime in case of failure. Normally users are able to start working again with data from the night before failure after a few hours/days. Using hotsync, time 1 and 3 are 0, 2 is 5 minutes (time to activate spare server). Users are able to start working again in few minutes, using data from a few minutes before the crash.

Improved Quality of Service (QoS)

We improved current QoS implementation for better incoming and outgoing bandwidth control. You're able to limit and reserve the bandwith for specific host or protocol, examples:
  • 1Mb/s reserved for SIP protocol
  • 10Mb/s maximum speed for HTTP downloads
image|690x254

Wildcard DNS record

This is a new DNS override rule that matches the given host name (domain) and any sub-domain of it. image|690x258

Manage TLS Security

TLS security can be hardened easily with the new policy selector image|690x146 Each policy is described in detail in the Admin's manual: TLS policy.

Windows File server page

Essential shared folder priviliges are now manageable via the web interface. grafik|690x373

And so much more

These are just the major highlights in 7.5 RC1— there are literally hundreds of other tiny improvements, refinements, and bugfixes that we aren’t covering here like:
  • MX DNS record override for LAN hosts has been removed. Removed postfix/MxRecordStatus prop
  • Host name aliases are converted into hosts DB records. See Additional host name aliases
  • /etc/fstab is no longer an expanded template. See Requirements and User home directories for details
  • Default Server Manager session idle timeout is 60 minutes, session life time is 8 hours
  • The WebVirtMgr project is no longer maintained and the corresponding module has been removed along with nethserver-libvirt package.

Thank the overall NethServer community

Thanks to the greater Community community for posting support / bug request / feedback topics on community.nethserver.org.. All your suggestions make NethServer better, not only for your community, but all of us. Just mentioning a few of them: @ibinetwork @mrmarkuz @compsos @danb35 @GG_jr @indra @fausp @dz00te @pfornara @zimny @ohifra @stephdl @robb @m.traeumner @saitobenkei @flatspin We had a remarkable number of translators in 2018 as well, who contributed their time and effort translating NethServer into dozens of languages with more than 15k words translated.

Download and Install

  • You can install it on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Upgrade from Beta1 or RC1 is supported through the Software center
  • For installations with Subscription enabled, 7.5 gonna be available over the next week
If you find a bug, please report it here – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that! Ready to check it out? Then head to the docs and download:
NethServer 7.5 (993MB)
Hashes * md5 002228c20d0702b98568aff67319d5eb * sha1 cdb9e302d563d5abb500286946e88e33ec81058d Torrent * Torrent link: nethserver-7.5.1804-x86_64.iso.torrent * infohash 50109f72fe394e2baed8378612859aa4261aeab4 Documentation * Technical Release Notes * Administrator manual * Developer manual

Read more

NethServer 7.5 RC1 released


pablo (26) I'm excited to announce that NethServer 7.5 RC1 as been released and is publicly available. We're confident that it will be as always a great release and it will achieve our mission: making sysadmin's life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source).

About NethServer

NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices and medium enterprises. It’s simple, secure and flexible. NethServer is ready to deliver your messages, to protect your network with the built-in firewall, share your files and much more, everything on the same system.

Release highlights

Many new features were added since the last NethServer ISO was released, they are all available today with NethServer 7.5 RC! Let’s see the most important improvements:

Subscription

The NethServer Subscription by Nethesis enables exclusive access to the Stable Updates repository, monitoring tools and immediate professional support services for your NethServer deployments. The NethServer subscription module is available by default in new installations ba9c205e644e08a5fca8fabed19091aae4b32cb4_1_443x500 png  443×500 |314x271

Rspamd

A new email server and filter alternative based on Rspamd has been released and is now available from software center. What's new? New antispam engine, DKIM signature, Greylist threshold, Rspamd web UI. rspamd screenshot

OpenDKIM signature for outbound messages

Signing outbound mail messages with a DKIM key increases the trust of other mail servers with ours! It is now available from Email > Domains page image|504x500

Software center configuration and system upgrade panels

We have deployed a new panel to manage the Software center. It allows to select how NethServer deals with upstream updates and configures automatic software updates image|641x500 The "Locked" policy is selected automatically when CentOS releases a new minor version. It limits updates to repositories specific to the current version When NethServer is ready to upgrade, the new upgrade procedure can be started: image|641x500 The Software center section of the Admin's manual was updated accordingly. Read it carefully!

Icaro Hotspot

Hotspot main goal is to provide internet connectivity via wi-fi to casual users. Users are sent to a captive portal from which they can access the network by authenticating themselves via social login, sms or email. Icaro is complete Hotspot written in Go and Vue.js. It uses CoovaChilli as access controller which can be configured and installed inside NethServer. image|641x500

Fail2Ban is now part of the core

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs – too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. image|626x500

Backup data: include log files

The useris now able to add system log files inside the data backup. This behavior is useful when the sysadmin must complain to strict rules about log retention policy GDPR

NextCloud 13.02

Latest version is now integrated in NethServer. Some improvements has been added to improve performance and security: new php 7.1 version, "Strict-Transport-Security” HTTP header, opcache and others..

Mattermost

Open source, private cloud, Slack-alternative is now included in NethServer. Workplace messaging for web, PCs and phones. Increase productivity while reducing shadow IT with a secure, configurable, scalable enterprise messaging solution on an open source platform.

NethServer HotSync

NethServer HotSync aims to reduce downtime in case of failure. Normally users are able to start working again with data from the night before failure after a few hours/days. Using hotsync, time 1 and 3 are 0, 2 is 5 minutes (time to activate spare server). Users are able to start working again in few minutes, using data from a few minutes before the crash.

Improved Quality of Service (QoS)

We improved current QoS implementation for better incoming and outgoing bandwidth control. You're able to limit and reserve the bandwith for specific host or protocol, examples:
  • 1Mb/s reserved for SIP protocol
  • 10Mb/s maximum speed for HTTP downloads
image|690x254

Wildcard DNS record

This is a new DNS override rule that matches the given host name (domain) and any sub-domain of it. image|690x258

Manage TLS Security

TLS security can be hardened easily with the new policy selector image|690x146 Each policy is described in detail in the Admin's manual: TLS policy.

Windows File server page

Essential shared folder priviliges are now manageable via the web interface. grafik|690x373

And so much more

These are just the major highlights in 7.5 RC1— there are literally hundreds of other tiny improvements, refinements, and bugfixes that we aren’t covering here like:
  • MX DNS record override for LAN hosts has been removed. Removed postfix/MxRecordStatus prop
  • Host name aliases are converted into hosts DB records. See Additional host name aliases
  • /etc/fstab is no longer an expanded template. See Requirements and User home directories for details
  • Default Server Manager session idle timeout is 60 minutes, session life time is 8 hours
  • The WebVirtMgr project is no longer maintained and the corresponding module has been removed along with nethserver-libvirt package.

What does the RC release mean?

A release candidate (RC) is a testing version with potential to be a final product, which is ready to release unless significant bugs emerge. RC releases can be used in production, especially if new features are not used on mission critical systems. Upgrades to the final release will be supported

Feature freeze phase

This release is already in a core feature freeze phase, all work on adding new core features is suspended, shifting the effort towards fixing bugs and improving the stability and user experience. This RC1 release contains all the exciting features of NethServer 7.5 in a form that anyone can help test. This testing, guided by the NethServer team, helps us target and identify bugs.

Future release

No new modules will be added or modified before the final release, we invite to stay tuned with our community for fresh news and updates about the forthcoming Stable Release

Thank the overall NethServer community

As usual, we’d like to first thank the overall NethServer community for contributions toward these improvements — whether it was in feedback, bug reports and suggestions or our personal favorite, feedback based on participation in your very own NethServer community.

Download and Test

We need your help to make NethServer 7.5 the best release yet, so please take some time to download and try out the Beta1 and make sure the things that are important to you are working.
  • You can install it on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Upgrade from Beta1 is supported through the Software center
If you find a bug, please report it replying to this topic – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that! Together, we can make NethServer rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as possible, and your feedback will help improve not only NethServer but Linux and free software as a whole. Ready to check it out? Then head to the docs and download:
NethServer 7.5 RC1 (784MB)
Hashes * md5 82a4357c7fc8f0d9a331975ded7048a8 * sha1 278f03bd56cba9049ba26ea3cfc34d60a9a04b48 Torrent * Torrent link: nethserver-7.5.1804-rc-x86_64.iso.torrent * infohash DB86D56E0132D7C07AF9558544AB15BD7812FF68 Documentation * Technical Release Notes * Administrator manual * Developer manual

Read more

Do you need professional support on NethServer?


Hey NethServerians, I’d like to keep you updated about our latest initiative. Over the past few months our community members have asked a lot about professional support service on NethServer. Even if our community support is amazing,they have pointed out problems like these:

  • I need professional support when I don’t have anyone to call
  • I need support when I’m in a rush and I can’t wait.
  • I’m managing a critical infrastructure and community support is not enough for my needs
  • my boss doesn’t trust open source /nerds without a company behind them
  • I need to assure management that there is a certain level of official support if and when its required.
Attempting to resolve these problems, Nethesis is going to offer a NethServer subscription that will give you exclusive access to the Stable Updates repository, monitoring tools and immediate professional support services for your NethServer deployments. The NethServer Subscription will cover:
  • critical installations
  • installations with multiple users
  • issues that need direct access to the server (via SSH or webUI)
  • issues that need prompt and decisive solutions
If you want to successfully deploy, monitor and manage your NethServer instances, complimenting your IT resources and increasing the efficiency and reliability of your service

Check our subscription plans out

Read more

NethServer 7.4 released


Today, we're thrilled to announce that NethServer 7.4 has been released and is publicly available. We're confident that it will be as always a great release and it will achieve our mission: making sysadmin's life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source).

About NethServer

NethServer is an Open Source operating system for the Linux enthusiast, designed for small offices and medium enterprises. It’s simple, secure and flexible. NethServer is ready to deliver your messages, to protect your network with the built-in firewall, share your files and much more, everything on the same system.

Highlights

The new release automatically updates the domain controller and warns on upstream updates. Proxy, web content filter, antivirus and IPS were updated and got an improved web user interface. In addition, it contains some enhancements (Speedtest in diagnostics panel, new bandwidth measuring, prevent intrusions with rule categories). Last but not least we are proud to present an up-to-date cloud and VoIP server.

Account provider improvement

The local Active Directory account provider is now able to apply updates to the Samba DC instance automatically. The latest provided Samba DC version is 4.6.8. More features: * Besides local active directory NethServer supports remote AD and LDAP(local/remote). * IP changing possible * Account provider changing from LDAP to AD and vice versa is supported

Upstream updates awareness

The Software center page warns when a new upstream release is available.
  • Be warned of upstream updates which may harm a productive system
  • Improved stability

VoIP server update

Freepbx was updated to 14.0.1.8, providing almost all features you need for small medium enterprise telephony. Underlying Asterisk is now version 13.17.0-3. More features: * Out-of-the-box web manageable VoIP PBX * Backup/restore * Supports AD and LDAP * Unlimited trunks * Voicemessages * Feature codes * Call detail records database * Hardware is the only limit

Patched web proxy

Squid has been patched for a smoother web navigation experience when using SSL transparent proxy. More features: * transparent/hidden web filtering with or without SSL * AD/LDAP authentication * secure browsing for the whole network * cache big files to have them available in a fast way

Bandwidth measurement

Ntopng 3 replaces Bandwidthd, the Server Manager has a new “top talkers” page which tracks hosts network usage.

Enhanced IPS module

Suricata may be configured with multiple rule categories directly from the web interface. Evebox is used to analyze or report traffic anomalies detected by Suricata.

Updated cloud storage

Nextcloud has been upgraded to latest [[https://nextcloud.com/blog/nextcloud-updates-12.0.3-11.0.5-are-here/|upstream release (12.0.3)]].

Web antivirus

Web antivirus is now based on ICAP instead of ECAP.

Web content filter

ufdbGuard was updated to 1.33.4 and additionally the web UI got some small improvements.

Diagnostics panel with new speedtest

We added a speedtest to our already feature-rich diagnostics panel. It supports servers all over the world to test internet speed with. More features, all available in web user interface:
  • Network information
  • Routes
  • Mail test
  • DNS lookup
  • Ping
  • Network scan
  • Traceroute

Enhanced restore/upgrade procedure

You may now restore a NethServer 6 config on a NethServer 7.

Webtop got some new features

Webtop was upgraded to 5.0.13 and supports Nextcloud and XMPP client integration. The mail module was extended with mail tag and archive feature.

Other improvements

For further information, all closed issues are reported on our bug tracker.

Thank the overall NethServer community

As usual, we’d like to first thank the overall community for contributions toward these improvements — whether it was in feedback, bug reports and suggestions or our personal favorite, feedback based on participation in our very own NethServer community.

Download and Test

Who wouldn’t want all these fantastic new features?
  • You can install NethServer on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Upgrade from 7 versions are supported through the Software center
If you find a bug, please report it here – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that! Ready to check it out? Then head to the docs and download:

Read more

NethServer 7.4 beta 1 released


We are proud to announce a new NethServer release. NethServer 7.4 beta1 is here, just 7 days after CentOS 7.4 release thanks to the amazing work of this wonderful community!

What is the Beta release?

The Beta release contains all the features of NethServer 7.4.1708 in a form that anyone can help test. This testing, guided by the NethServer team, helps us target and identify bugs. This release is still not ready for production servers!

NethServer 7.4.1708 changes from 7.3.1611

  • Squid has been patched for a smoother web navigation experience when using SSL transparent proxy
  • Ntopng 3 replaces bandwithd, the Server Manager has a new "top talkers" page which tracks hosts network usage
  • Suricata can be configured with multiple categories rules
  • EveBox can report traffic anomalies detected by Suricata
  • Many updates from upstream:
    • https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
    • https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7

Download or upgrade

Please take some time to download and try out the Beta and make sure the things that are important to you are working. If you find a bug, please report it. This is a great opportunity for non-programmers to contribute back to NethServer.

New installations

  1. Download the ISO
  2. Install on a VM on a physical machine
Please test it with hardware RAID and UEFI bios.

How to upgrade

  • Make sure to have a fully updated 7.3 system:
    yum clean all && yum update
    
  • Install the new nethserver-release package:
    yum install http://packages.nethserver.org/nethserver/7.4.1708/updates/x86_64/Packages/nethserver-release-7-3.1.ge457d21.ns7.noarch.rpm
    
  • Update remaining packages:
    yum clean all && yum update
    

Help us

Testing the new version and commenting this discussion

Read more

NethServer 7.3 update 1 Released


Another new milestone in NethServer history. Today, we're thrilled to announce that NethServer 7.3 update 1 has been released and is publicly available. We're confident that it will be as always a great release and it will achieve our mission: making sysadmin's life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source). The new release improves the installation process and the first system configuration. In addition, it contains some improvements (Accounts provider page, diagnostic tools) that are very important, especially for people that install NethServer for the first time.

Configuration backup enhancement

Starting from @Ctek's work and straight from our meeting at FOSDEM17, @davidep has developed a configuration backup enhancement. The goal is:
  • "restore from backup" at first system boot (FirstConfigWiz UI module)
  • configuration backup history
  • history length customization
  • upload an item to the history
  • restore from history
More info New backup panel

OpenvPN: improve net2net tunnels

The main goal of this refactoring is to simplify the creation of tunnels to connect 2 remote networks using a VPN. (Kudos to @giacomo) More info about the new workflow here Other features:
  • Tunnel status is displayed on the configuration page:
OpenVPN page has been split in two pages:
  • OpenVPN roadwarrior
  • OpenVPN tunnels
  • Tunnel client can be now enabled and disabled
The administrator is able to add extra push options to roadwarrior server like:
  • select if the client must receive all configured static routes or only routes for green networks
  • push extra DHCP options such as:
    • Domain
    • DNS server
    • WINS server
    • NBDD server

WebTop 5.0.7 (first upgrade pack)

Thanks to our @webtop_team these are the new features introduced in the last update:
  • Support complex filters (multiple conditions and actions) and Sieve script selection
  • Support to paste-image inside html editor
  • New view management IMAP folders
  • Improved the view of new mail in discussions
  • New interactive search, using ctrl+enter on search field or selecting "interactive" as the search field
More info

Backup data: basic WebDAV support for backups and storage stats

Thanks to @dnutan we have implemented WebDAV as backend for backup data and the dashboard now displays backup storage utilization statistics

UI tweaks for IPSec tunnels

We have improved the web interface, now you can:
  • allow IP addresses and host names in the "Remote IP" field
  • enable and disable tunnels from the table view by adding two new actions

Web proxy: support divert and priority rules

Firewall rules for routing traffic to a specific provider, or decrease/increase priority, are applied only to network traffic which traverses the gateway. These rules don't apply if the traffic goes through the proxy because the traffic is generated from the gateway itself. The new web interface for the web proxy, will allow to create rules like:
  • HTTP/S traffic from host badpc has low priority
  • HTTP/S traffic from CIDR service_net has high priority
  • HTTP/S traffic from myprinter diverted to myslownet provider (automatic failover)
  • HTTP/S traffic from mywebserver forced to myfastnet provider (no switch if the WAN goes down)

NextCloud 12

Nextcloud has been upgraded to latest upstream release (12.0.0).

Accounts provider update

After a few (re)iterations of development/testing/fixing, the new UI for accounts provider management is available. Main features:
  • Both AD and LDAP local accounts provider can be installed/uninstalled from Accounts provider page
  • LDAP remote accounts provider: connection parameters are probed automatically
  • AD remote accounts provider: NetBIOS domain name and LDAP connection parameters are probed automatically
  • AD local accounts provider: you can assign any DNS domain/Realm to AD. It is no longer bound to the host domain name. This fixes many issues with mail server configurations
  • Change the IP of the nsdc Linux Container: available with a shell script

Nethserver network diagnostic tools

When it's time to check the network expert system administrators are used to open the terminal and type some commands. But there are a lot of people who are not really at ease working on a terminal, for this reason, our amazing @stephdl has developed a network diagnostic tool for NethServer

Other improvements

For further information, all closed issues are reported on our bug tracker.

Thank the overall NethServer community

As usual, we’d like to first thank the overall community for contributions toward these improvements — whether it was in feedback, bug reports and suggestions or our personal favorite, feedback based on participation in our very own NethServer community.

Download and Test

Who wouldn’t want all these fantastic new features?
  • You can install NethServer on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Upgrade from 7 versions are supported through the Software center
If you find a bug, please report it here – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that! Ready to check it out? Then head to the docs and download:
NethServer 7.3 update 1 (740MB)


Read more

NethServer 6.9 released


We're happy to announce that NethServer 6.9 has been released and is publicly available. We're confident that, as always, it will achieve our mission: making sysadmin's life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not just Open Source).

Based on CentOS 6.9

Based on the recently released CentOS 6.9 operating system,

Support traffic shaping and port forwarding on red VLANs

The Traffic shaping web UI doesn't list VLAN reds interfaces, but it's possible to assign the RED role to a VLAN. Now it's possibile to add trafic shaping to red VLANs. Also, creating a port forward, VLAN reds now are listed in the WAN IP (red interface) section.

Backported some Enhancements from 7 version

We added the restore from old backups on 6.9 too and NethServer 6.9 permits access to CGP graphs and lightsquid reports through the usual server-manager port (980).

Enabled NTLMv2 authentication within Samba

Enabling NTLMv2 authentication allows Samba to work with Windows networks where NTLMv2 is the only enabled authentication protocol.

Other improvements

  • Avoid certificate generation on Let's Encrypt renewal
  • Avoid certificate generation in certificate-update event
  • NethServer joined to AD fail Kerberos ticket renewal
  • Update to shorewall 5
  • Collectd 5: avoid rrd write problems on overloaded machines
  • Webtop: import contacts from Outlook 2016
  • ipsec tunnel: properly reject unencrypted traffic
List complete

Thank the overall NethServer community

As usual, we’d like to first thank the overall community for contributions towards these improvements — whether it was in feedback, bug reports and suggestions or our personal favorite, feedback based on participation in our very own NethServer community.

Upgrade from version 6.8

Start the update as usual from the Software Center page. It is recommended to reboot the system at the end of the update procedure. updates_nethserver

Download

Read more

NethServer 7 Final released


Although past year was one of the most exciting, energizing and also exhausting of NethServer history we've reached the first milestone along our path. Today, we're thrilled to announce that NethServer 7 has been released and is publicly available. NethServer 7 is a big step forward on the path of innovation, now we can take full advantage of the power of CentOS 7. We're confident that it will be the best NethServer ever and it will achieve our mission. Making sysadmin's life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source). We’ve got a lot of news to share with you, so let’s jump right into it.

Samba 4 Active Directory Controller

NethServer is now able to act as a Samba Active Directory Controller.
  • NethServer can replace a Microsoft Active Directory Domain Controller
  • Native MS-Windows management tools, like RSAT tools and AD PowerShell are compatible with NethServer
  • Group policies can be deployed through native MS-Windows tools Windows workstations can seamlessly join the AD Domain, no more registry tweaks are needed.
NethServer 7 brings a centralized account management (so-called "multi-site") supporting authentication and authorization against either a local or remote accounts provider. Supported providers are:
  • Local OpenLDAP running on NethServer itself
  • Remote LDAP server with RFC2307 schema
  • Local Samba 4 Active Directory Domain Controller
  • Remote Active Directory (Microsoft or Samba)

Nextcloud 10

Nextcloud (https://nextcloud.com/) is a new open source project that makes a private cloud platform at your home, it was born as a fork of the well-known OwnCloud project to reboot it in a better way. Read more in this post

Certificate Management panel

An updated Server certificate panel allows to edit the default self-signed certificate or upload a custom certificate file bought from SSL certificate provider. The same panel allows you to request a new Let's Encrypt certificate. For those of you who are unfamiliar with Let’s Encrypt Client, it is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate the tasks of obtaining certificates and configuring service daemons to use them (like web servers). letsencrypt_ssl Example Org   Server certificate

Transparent HTTPS Proxy

We changed the behavior of the Transparent HTTPS proxy dropping the MITM (Man In The Middle) feature that inspects all the encrypted traffic, substituting it with a new implementation that sniffs only the beginning of the connection to discover the destination website (for filtering purposes). Basically, it means that we peek at the beginning of the connection to discover the destination website (and block it if desired) and then** let the traffic flow unaltered from the client PC to the secure website**. Some improvements introduced with this solution:
  • No certificate to install on browsers
  • No untrusted certificate warning
  • No sniffing on sensitive information
  • Seamless filtering of unwanted web sites, both HTTP and HTTPS
The web UI hasn't been modified (only the certificate download button has been removed) because the behavior has changed under the hood.

Firewall

Deep Packet Inspection

A major feature of the new firewall is deep packet inspection using nDPI. This feature allows the administrator to create firewall rules like "only the boss computer can access Facebook" or "nobody can download torrents".

New interface for the Traffic shaping

A better implementation of traffic shaping with a brand new interface allows the creation of complex rules. For example, during office hours facebook traffic has low priority. The "Firewall rules" page supports creating rules for "low priority" or "high priority" traffic. Bandwidth configuration of red network interface has been moved inside the "Network" page, leading to the removal of the "Traffic shaping" panel.

New time conditions on firewall rules

The firewall now supports rules based on time. Administrators should be able to create rules like these:
  • Block Facebook during working hours in the working days
  • Allow Facebook only during lunch time

Suricata is the new IPS

We have replaced Snort with Suricata (https://suricata-ids.org/) for better performances and improved support for newer hardware.

Reverse proxy

The reverse proxy feature is useful when you want to access internal sites from the outside network and host on an internal web server. Developed time ago, we added a handy WebUI to easily configure this feature.

MailServer

Mail server received a lot of love from our developers, adding new enhancements like:
  • all users automatically have a valid mail address: username@domain
  • mail alias page has been refactored and now you can create distribution lists with internal and external mail addresses
  • you can now create shared mailboxes and associate them to a custom mail alias

Improved full-text search for IMAP

The upstream dovecot package provides the Lucene-based FTS (Full-Text Search) plugin. We have enabled it by default, therefore the speed of searches performed by IMAP clients (and webmail) is now vastly improved.

New pop3 connector module

We replaced Fetchmail with the much more promising Getmail application. It's written in Python, easy to extend or customize thanks also to a flexible and extensible architecture.

Network Management

MultiWan configuration is now merged into Network page

Internet Service Providers configuration has been moved to the Network page, consequently, MultiWAN fields are added to the Red interface parameters. multi_wan_provider

Simplified Network Service panel, Zones and new Firewall rules

The implementation of remote network access to system services has been removed from the Network services panel because it's now possible to create Firewall rules to add access restrictions. Network services appear as not removable rules on the Firewall panel and using the Firewall itself as source or destination of firewall rules is permitted. services Firewall rules

DHCP mode available for Green

It's now allowed to configure a Green interface in DHCP mode, now DHCP on VPS is a scenario.

New Upstream proxy panel

If NethServer can't browse the Internet directly but has to go through a proxy server, there is now a global HTTP proxy settings page (in the Network panel) to configure all access details for the upstream proxy. The configured proxy will be used for all HTTP and HTTPS traffic originating from the server. The global proxy settings can be overridden for the web proxy (squid) traffic. proxy2

Main DNS Servers configuration moved on Network panel

With the aim of having a single place for all Network configuration options, we have moved the DNS Servers page in the Network panel. dns_proxy

Advanced static routes

We have improved actual configuration of static routes, now it's possible to implement routes
  • with a specific selection of device and metric
  • to force a default gateway
This improvement makes our firewall more versatile, especially in a VPS environment.

General Improvements

New look for NethServer 7

We needed a new look for our next release to differentiate release 7 from the old NethServer 6. We have also refreshed the First Configuration Wizard and the Network Panel with an eye towards usability and readability.

New landing page

A new landing page for the web server has been added for helping new users to find some "getting started" information. New landing page

Handle service by WebUI

Each service can now be started/stopped/restarted pushing a button. services

New bandwidth monitoring module

Our community asked for a simpler tool to monitor bandwidth usage, so we added a new module called: BandwidthD BandwidthD is a solid tool that has a proven track record, widely adopted and better integrated into our WebUI.

Web applications integrated into WebUI

The following web applications are now integrated into the Server Manager: Collectd

First Configuration Wizard improved

The improved Wizard adds an option to set a smart host to deliver emails even if the system is not a full featured mail server. It checks also that the hostname syntax follows the DNS rules. smarthost check_hostname

Shared folder refactoring

We have refactored the "Shared Folder" page with Virtual Hosts and AD Domain Controller role in mind. The "Shared folder" page configures only Samba shares and the "Web access" panel has been moved to the "Virtual hosts" page. User authentication, Extended ACLs and group ownership are enforced only if the server is a member of an Active Directory domain.

New Virtual Host panel

This new panel permits to simplify management of the web server configuration, thanks to some new features:
  • FTP access to the vhost web root
  • Folders permissions can be set from FTP
  • SSL/TLS certificate selection
The UI module has a plugin architecture, so more features can be added by other packages.

“Reload page” button in Software Center

After installing/removing a module from Software Center, a button will invite to "Reload page" to update the dashboard menu.

New web interface to restore data from old backups

In the past, the list of files to restore shown in the interface was created reading only the last backup. Now, the user is able to select from which backup files should be restored.

Additional Repositories

SCL repository is now enabled by default

Software Collections, also known as SCLs, allow you to run the default software version of some applications (PHP, Python, etc..) that come with CentOS. They also allow a newer version of them to be installed alongside the default version for creating and running software with newer requirements. Now we can use all the power of SCL repository since it's now enabled by default and users can install applications from SCL repository using the yum command.

NethForge is now enabled by default

NethForge is the place where you can find extra modules built by the community. The release RPM is now inside the default distribution, so it's enabled by default and a new "NethForge" category will be available inside the Software Center.

Thank the overall NethServer community

As usual, we’d like to first thank the overall community for contributions toward these improvements — whether it was in feedback, bug reports and suggestions or our personal favorite, feedback based on participation in our very own NethServer community.

Download and Test

Who wouldn’t want all these fantastic new features?
  • You can install NethServer on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Upgrade from 7 RC versions are supported through the Software center
  • Upgrade from 6.8 will be available soon
If you find a bug, please report it here – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that! Ready to check it out? Then head to the docs and download:
NethServer 7 Final (740MB)


Read more

NethServer 7 RC3 "Tiramisù" released


Time is gone in a rush since our last Release Candidate and we're approaching very quickly the final release, but as you know we're still fixing bugs and sorting out some issues that came up. Now, after a few weeks of hard work, we're finally ready for NethServer 7 RC3 "Tiramisù" and it's time to get it off the ground.

Overview

The RC3 release of NethServer 7 introduces some new features and aims to fix bugs from previous releases.

Transparent HTTPS Proxy

We have changed the behavior of the Transparent HTTPS proxy dropping the MITM (Man In The Middle) feature that inspects all the encrypted traffic, substituting it with a new implementation that sniffs only the beginning of the connection to discover the destination website (for filtering purposes). We can do this now because CentOS 7.3 introduced squid 3.5 which has a new function to intercept HTTPS connections, called peek and splice. Basically, it means that we peek at the beginning of the connection to discover the destination website (and block it if desired) and then let the traffic flow unaltered from the client PC to the secure website. Some improvements introduced with this solution:
  • No certificate to install on browsers
  • No untrusted certificate warning
  • No sniffing on sensitive information
  • Seamless filtering of unwanted web sites, both HTTP and HTTPS
The web UI hasn't been modified (only the certificate download button has been removed) because the behavior has changed under the hood.

Replaced squidGuard with ufdbGuard

Due to the recent upgrade to version 3.5, Squid is no longer compatible with squidGuard, so we had decided to replace it with ufdbGuard which is one of the best URL filters that can be found on the internet.

Simplified configuration of remote account providers

The SSSD configuration is now always available:
  • on a new system, page "Domain accounts" shows a "Configure" button that points to SSSD Configuration
  • on a new system, page "Users and groups" shows a "Configure" button that points to SSSD Configuration
Once an account Provider has been configured, it's always possible to switch it off, and on again or choosing a different one. The "Advanced settings" section under SSSD Configuration page displays library defaults as input fields "watermarks" according to the currently selected account provider. We recommend reading the new manual page about Account Providers that explains the supported scenarios.

DPI module now works on upstream kernel

CentOS 7.3 comes with a new kernel version (3.10.0-514), which is compatible with the nDPI kernel module. Users in need of Deep Packet Inspection no longer need the custom kernel-lt.

Administrators group

While the old management interface hid the system "administrators" group, now the new version supports the AD concept of "subgroups", where a group member can be a group itself. Also "Domain Admins" is visible and its members can be modified (a common practice in AD world). The Dashboard panel that counts the system users now reflects the number of users and groups listed on the "Users and groups" page.

Rebased on CentOS 7.3

This release has been rebased on CentOS 7.3 which is the current release for CentOS Linux 7 and is tagged as 1611, derived from Red Hat Enterprise Linux 7.3. As always, read through the Release Notes at http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 - these notes contain important information about the release and details about some of the content inside the release from the CentOS QA team.

And so much more

These are just the major highlights in 7 RC3 but there are other tiny improvements, refinements, and bugfixes that we aren’t covering here like:
  • Nextcloud has been updated to release 10.0.2 (#5155)
  • The web interface now lists remote users and groups in real time (#5168)
  • LDAP and Samba AD both have the same administrative built-in users and groups (#5157)
  • Handle built-in administrators groups from Server Manager (#5168)
  • Samba shares support both NTLM and Kerberos authentication (#5160)
  • Always enable LDAP secure protocols when connecting to remote account providers (#5161)
  • Better certificate management (#5174)
  • Support UEFI bios (#5148)
  • Boot partition size has been increased to 1GB
Full RC3 issues list is available on github

What does the RC release mean?

A release candidate (RC) is a testing version with the potential to be a final product, which is ready to be released unless significant bugs emerge. RC releases can be used in production, especially if new features are not used on mission critical systems. Upgrades to the final release will be supported.

What needs test

Even in RC3, the most notable new feature that needs a good amount of testing is the AD Domain Controller setup, with a particular focus on the depending functions such as email, shared folders and user authentication.

Feature freeze phase

This release is already in a core feature freeze phase, all work on adding new core features is suspended, shifting the effort towards fixing bugs and improving the stability and user experience.

Future release

No new modules will be added or modified before the final release, we invite to stay tuned with our community for fresh news and updates about the forthcoming Stable Release.

Thank the overall NethServer community

As always, we want to take a moment to say thank you to everyone who makes NethServer possible! When you download a copy of NethServer or participate in your very own NethServer community, you enable us to write good Open Source software that many thousands have downloaded.

Why Tiramisu?

Tiramisu (from Italian, spelled tiramisù [tiramiˈsu], meaning "pick me up", "cheer me up" or "lift me up") is a popular coffee-flavoured Italian custard dessert. It is made of ladyfingers dipped in coffee, layered with a whipped mixture of eggs, sugar, and mascarpone cheese, flavoured with cocoa. The recipe has been adapted into many varieties of cakes and other desserts. Its origins are often disputed among Italian regions such as Veneto, Friuli Venezia Giulia, Piedmont, and others. Being a dessert would be indicative of the end of the development cycle. It's one of the favorite dishes of our best RC3 contributors @indra @gerald_FS @transocean @hunv and @hucky so that would be a special tribute to the men who helped us test NethServer over the past month

Download and Test

We need your help to make NethServer 7 the best release yet, so please take some time to download and try out the RC3 and make sure the things that are important to you are working.
  • You can install it on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Although upgrade from RC2 is supported through the Software center some manual operations are needed, please read these notes

How to report bugs

If you find a bug please report it opening a new topic in our community and tagging it with v7-rc3 label – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing quality team will be called upon to give its support on that! Together, we can make NethServer rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as possible, and your feedback will help improve not only NethServer but Linux and free software as a whole.

Download

Ready to check it out? Then head to the docs and download:
NethServer 7 RC3 (776MB) (from SourceForge.net)
Torrent link: nethserver-7.3.1611-rc3-x86_64.iso.torrent

Read more

NethServer 7 RC2 "Gnocchi" released


pablo-3 We're approching very quickly the final release but we're still knee deep in fixing bugs and sorting out some issues that came up since the last release. Now, after a few weeks of hard work, we're finally ready for a new release of NethServer and it's time get it off the ground. Today, I'm excited to announce that NethServer 7 RC2 "Gnocchi" has been released and is publicly available. In the past, we asked for help from our members to make NethServer 7 the best release yet and this is happening!

Overview

The RC2 release of NethServer 7 introduces no new features but aims to fix bugs in previous releases.

Changes from RC1

Legacy short user name support

By default, NethServer 7 enables the @domain suffix in user and group names, this new convention confuses the system user, and force to reconfigure his account credentials on any network client. Moreover, some applications require a configuration adjustment and such default is quite different from the previous NethServer version 6.x approach. We have defined an additional option to support both name forms (short, long) and keep all data consistent.

And so much more

These are just the major highlights in 7 RC2 but there are other tiny improvements, refinements, and bugfixes that we aren’t covering here like:
  • SMB filesystem ACLs are not applied
  • Guest cannot write to shared folder
  • SambaAudit: "Reload" button doesn't work
  • Virtual host inline help does not include plugins
  • Missing home dir on RSAT-created accounts
  • Useless Password policy page
  • Missing inline help in Password policy page
Full RC2 issues list is available on github

What does the RC release mean?

A release candidate (RC) is a testing version with the potential to be a final product, which is ready to release unless significant bugs emerge. RC releases can be used in production, especially if new features are not used on mission critical systems. Upgrades to the final release will be supported.

What needs test

Even in RC2, the most notable new feature that needs a good amount of testing is the AD Domain Controller setup, with particular focus on the depending functions such as email, shared folders and user authentication.

Feature freeze phase

This release is already in a core feature freeze phase, all work on adding new core features is suspended, shifting the effort towards fixing bugs and improving the stability and user experience. This RC2 release contains all the exciting features of NethServer 7 in a form that anyone can help test. This testing, guided by the NethServer team, helps us target and identify bugs.

Future release

No new modules will be added or modified before the final release, we invite to stay tuned with our community for fresh news and updates about the forthcoming Stable Release.

Thank the overall NethServer community

As always, we want to take a moment to say thank you to everyone who makes NethServer possible! When you download a copy of NethServer or participate in your very own NethServer community, you enable us to write good Open Source software that many thousands have downloaded.

Why Gnocchi?

Gnocchi are thick, soft dough dumplings that may be made from semolina, ordinary wheat flour, egg, cheese, potato, breadcrumbs, cornmeal, or similar ingredients, with or without flavourings of herbs, vegetables, cocoa, or prunes. The dough for gnocchi is most often rolled out, then cut into small pieces of about the size of a cork. As RC2 could be used as an alternative to the upcoming final release, Gnocchi is eaten as a first course (primo piatto) as an alternative to soups (minestre) or pasta. It's the favorite dish of our best RC1 contributors @JeffBales @saitobenkei and @rolf so that would be a special tribute to the men who helped us test NethServer over the past month

Download and Test

We need your help to make NethServer 7 the best release yet, so please take some time to download and try out the RC2 and make sure the things that are important to you are working.
  • You can install it on a virtual machine or on a bare-metal server using a DVD or USB stick
  • Upgrade from RC1 is supported through the Software center
If you find a bug, please report it replying to this topic – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing quality team will be called upon to give its support on that! Together, we can make NethServer rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as possible, and your feedback will help improve not only NethServer but Linux and free software as a whole. Ready to check it out? Then head to the docs and download:
NethServer 7 RC2 (784MB) (from SourceForge.net)
Torrent link: nethserver-7.2.1511-rc2-x86_64.iso.torrent

Read more