So, why reinvent the wheel? NethServer is a partial rewrite of the original code, focusing on maintainability, extensibility and standard compliance with CentOS.
- Simplified configuration
- Highly modularized
- New dynamic interface for desktop and mobile
- Use standard tools (bye bye runsv, welcome chkconfig)
- Extensive documentation
- LDAP authentication
- …many more
Technical differences from SME
Everything is a module
The base system includes only this functions:
- Remote access (SSH )
- Base firewall
- Template and event API
- PHP interface running on a special Apache instance
Anything else must be explictly installed. For example, if you are configuring a firewall, you don’t need Samba or even the system users (nethserver-directory) and backup.
The web UI istelf is a simple module and can be optional.
Use CentOS minimal ISO+ kickstart file: no anaconda patches required.
Two kind of installations:
- interactive: choose RAID, hostname, network, etc
- fully unattended
Network is configured using a network db, with standard CentOS options, handles ethernet, bridge, bond, alias and ipsec.
Text-based console is still present but deprecated: anything can be configured from the web interface.
Use CentOS standard service tool. Runsv has been replaced with standard CentOS tools (like chkconfig). When special service behaviour is needed, upstart is used (see nethserver-hylafax, nethserver-httpd-admin or nethserver-directory).
Web UI is PHP based. It’s totally replaceable, just remove nethserver-httpd-admin See: Creating web UI module tutorial
Firewall module can be replaced. Now we use CentOS standard (/etc/sysconfig/system-config-firewall) in server-only mode and Shorewall in server and gateway mode.
E-smith db, ibays and user’s homes moved from /home/e-smith/db to /var/lib/nethserver. We aim to have only one growing directory.
E-smith perl libraries moved to /usr/share/perl5/vendor_perl/esmith/ to respect CentOS 6 conventions.
Users are stored in LDAP database. The ability of adding and removing users has been moved from nethserver-base to nethserver-directory.
Filesystem permissions changed to owning group + POSIX ACLs.
Optional packages provide access services: sftp (nethserver-openssh), httpd (nethserver-httpd), samba (nethserver-samba) with extended attributes (ACL).
When accessing via http, ibays are configured as virtual host with optional HTTP Basic Authentication. No system user needed to avoid security problems when simple password are used.
Samba 3.x uses LDAP as backend for users, added join to Active Directory mode.
Nethserver is available only for 64-bit CPUs.
All modules (except nethserver-base and nethserver-lib) are now optional. Here a list of features and the respective package:
- Users: nethserver-directory
- DNS server and DHCP server: nethserver-dnsmasq and nethserver-hosts
- HTTPD: nethserver-httpd (add also ibay httpd access); configuration can be done via template or /etc/httpd/conf.d directory (preferred way)
- Mail server: nethserver-mail-server (postifx + dovecot2)
- Mail filtering: nethserver-mail-filter (amavis + spamassassin)
- NTP server: netherver-ntp
- Ibays: nethserver-ibays
- SSH: ssh server is installed and accessibile by default, nethserver-openssh add shell access for users
- Samba: nethserver-samba
- MySQL: nethserver-mysql
- Jabber: nethserver-ejabberd
- Printers: nethserver-cups
- Fax server: nethserver-hylafax
- Groupware: nethserver-sogo. Porting Horde to nethserver, should be a quick job.
- Backup: nethserver-backup- data uses duplicity for data backup, nethserver-backup-config automatically create a configuration-only small backup in tar.gz format.
- Statistics: collectd collects and graphs system statistics
- Bandwithd monitor: nethserver-ntopng
- Advanced firewall: nethserver-firewall-base (and nethserver-shorewall)
- External mails: nethserver-fetchmail
- Web proxy: nethserver-squid, nethserver-lightsquid, nethserver-squidclamav, nethserver-squidGuard
- Owncloud: nethserver-owncloud
- Roundcubemail: nethserver-roundcubemail
- Selinux is permissive not disabled. We plan to add a nethserver-kvm addon, maybe we’ll need to change selinux policy to ‘enforcing’
- New special System validators, can available from the the web UI or via command line.
- Strong conventions for modules (contribs) rpm format. See: Package rules, YUM plugin and Event API