NS7 Virtualhost page proposal going on

@alefattorini, you just did it! :grinning:

As we already announced, me @giacomo and @Stll0 directed our efforts on Shared Folders and this new page, Virtual hosts, trying to follow the advice of our community.

The nethserver-virtualhosts package is now available and we hope you’ll test it and give us your feedback on this work! :checkered_flag:

To install it just go to Software center and select the “Web server” group. Or type

yum install nethserver-virtualhosts

As you can see from the screenshots Virtual hosts are a new kind of object that allows

  • FTP access to the vhost web root. Folders permissions can be set from FTP.
  • SSL/TLS certificate selection. @alefattorini will tell us how to configure them in an upcoming announcement - stay tuned!
  • and other tweaks!

The UI module has a plugin architecture, so additional features can be added by other packages.

You may notice some things we talked about are not present, like:

  • .htaccess interface: AllowOverrides ALL is enabled by default. We think .htaccess file(s) can be uploaded with FTP. Many applications and howtos provide good defaults. Anyway a plugin can be developed.
  • proxypass: we’d release a separate page. It seems a different use case
  • FTP and SSL: we agree it’s safer, but it’s more complex to configure. The FTP daemon does not use system users (and passwords). Ad-hoc credentials are created: we hope this will mitigate the security concerns.
  • customizable webroot path: does not fit well with FTP chroot configuration.
9 Likes

As @davidep said we’re trying to follow the serveral advice of our community, starting from some discussions that I collected here:
How-To: VirtualHost @nas howto
Scared to try to use NS and vhosts
How can i HOST a web domain with nethserver?
Owncloud virtualhost
How-To: VirtualHost
Installing a custom certificate for webserver?

@Hunv @Ctek @johnjervig @jaapvdv @rodmontgt @stephdl @nas @Sebastian @GG_jr @fasttech @dz00te @angelboy please can give your feedback on this new module? :slight_smile:
We are open to other ideas, please suggest enhancements and post a visual mockup of them.

4 Likes

I would add another good suggestion for eventually a v2, ability to manage files with a webui by webdav or ftp, chmod, unzip, edit text files, etc.

Proposal for ns7 VirtualHost page

2 Likes

My first thought was ‘how can this integrate with cms packages?’

For instance, I have an NS instance serving web pages, basic html, from what I see, this lets me manage several different web sites, but, who, other than me, literally hand codes basic html sites anymore, wordpress, joomla, etc, is the way to go.

Is this something to consider, would it be worth considering an official cms package or two for NS?
We have ownCloud, why not Wordpress… ?

1 Like

AFAIK we already have WordPress in NethForge repo which is enabled by default on NS6.8

http://packages.nethesis.it/nethserver/6.8/nethforge/x86_64/Packages/

There are packages for WP 4.1 & 4.2.2

The last WP release is 4.5.3 with many security issues solved.

Maybe @dz00te can create a new rpm after he will read the summer articles that already printed. :wink:

We hope Virtual hosts page is good enough also for those use cases.

  • FTP upload and permissions management
  • upstream-compliant httpd config,
  • Let’s Encrypt certificates

Are the main ingredients of the “Web hosting” support.

We’d like to add a MariaDB/PostgreSQL plugin for DB management. What do you think? Are we missing something important?

3 Likes

I think that phpMyAdmin it’s the de-facto standard tool to manage the sql database.
Some documentation could probably solve the problem of creating a database for an application.

1 Like

I agree it’s good for manage, but I was thinking about creating a DB and initializing an administrative account for it, like we do for FTP.

phpMyAdmin itself allows authentication based on DB accounts. Like FTP, I’d prefer DB accounts on system accounts.

Once the plugin creates the administrative account it’s safe to use it from phpMyAdmin, to generate a restricted DB account or use the administrative account itself to configure a web application… what do you think?

1 Like

@fasttech
I don’t see that wordpress, joomla, etc will be the only one to create a home page. I am working on my home page with HTML5 and CSS only.

So do we have a priority list for new features? I’m seeing S/FTP, and DB features/additions. What about the ProxyPass interface? Is that on the list any where?

Also keep in mind, that not everything is always running on Nethserver or Linux.
For me I primary use Nethserver as a Firewall and configured the Nethserver as a virtual host to forward the different subdomains to different servers based on Windows and Linux.
So for me this is what needs to be managed.
The advanced topic on this is to (auto-)configure SSL-Certificates. You should be able to use your own certificates or click on a button that is named “Use Let’s Encrypt” and don’t take care about certificates anymore because Nethserver is managing this.
BTW: There is also another service like Let’s Encrypt: Start Encrypt. Maybe Let’s encrypt should not be the only focus (but it would be OK for me if it is).
https://www.startssl.com/StartEncrypt

I can draw a picture how I like the interface to be, but I only know exactly the use-case I wrote above so I think I will miss all other cases when I do this.

Yes! Do you want to start a new thread about it?

I think this is an use case for the “Proxy Pass” page. As said, it’d be distinct from Virtual hosts. Moreover , I think Proxy Pass should integrate with Docker too.

I have no objections to a new thread. I just wouldn’t know how to start it off. I’m just excited that it is on the list.

I’m sorry, I’ve just recalled you already did it :laughing:

It seems we can’t decide where to put this feature :confused:

Yes, there was that as well. :smile:

Do we want to separate Proxypass from Virtualhost or not? @davidep are you sure that we need a separate panel? How do other products handle this?

Think about a network firewall: it does not serve web sites directly nor has FTP service to upload contents, it is configured to act as reverse proxy only.

The only place where ProxyPass and VirtualHosts overlap is the virtual host name. A validator could check if a ServerName is already used by another object.

I’d like to hear about other products! Did anyone experiment them?

2 Likes

You had me, it looks more versatile.

I think it must be put as separate submenu in Gateway section: Gateway → Reverse Proxy.

It’s a part of Gateway/Firewall.

Reverse proxy - Wikipedia
What Is a Reverse Proxy? | F5
Forward Proxy vs. Reverse Proxy Servers | JSCAPE

Gabriel

4 Likes