I am now trying to install ns8 in a debian 13 vm that’s behind a nethsec vm, both on proxmox. I am trying to follow the installation instructions from the ns8 doc, using curl from the debian command line. The db13 installation didn’t come with curl installed. So, I had to add the debian repository to the source list, since the iso installation of db13 configured the repo to look at a cdrom image. Afterwards, I was able to apt install curl at shell.
Now, when trying to do a curl install of ns8, it fails with the prompt ‘failed to connect to raw.githubusercontent.com port 443. I added an ‘accept’ outbound rule for https with WAN as the destination, in the nethsec firewall, after a google AI search recommended it.
Is this not the right url anymore, to install the latest stable release of ns8? Thanks for any advise you can offer.
I experienced the same thing sometimes if all Blocklist feeds in the Threat shield IP are enabled. Never found which Blocklist feeds is causing it.
At and some point thought it is because of my experimental setup, especially because it is not consistent; however: with Threat shield IP turned off (or only the blocklist feeds of the first page turned on) never experience this problem.
Just got back to the office this morning. I disabled Threat Shield on the Nethsecurity VM and then had to stop apache2 on the Deb VM, in order to do the curl install of NS8. After installation and a reboot of the Deb VM, I tried accessing the NS8 GUI from a Raspberry Pi VM on the same vlan. I can ping the Debian 13 VM, but I can’t access cluster-admin using the IP address of the Debian VM. I even tried accessing the NS8 GUI in the desktop environment of the Debian 13 VM, with both its IP address and using https://127.0.0.1/cluster-admin, to no avail. Dunno what I’m missing. Apache2 is running and port 443 is actively listening.
Update: I enabled the default Allow-HTTPS-from-WAN rule in Nethsec and afterwards, was warned on a remote Windows desktop browser about NS8’s public IP being an unsecure site, so I accepted the risk and it went to a 404 Not Found page nginx/1.26.1. Tried it from Firefox and Chrome, getting the same result.
Please remove apache2 from the Debian installation. With NS8, traefik needs to listen on ports 80 and 443 so it conflicts with apache2.
When traefik is running, the cluster-admin should be available again.
I recommend to use a minimal Debian installation without UI and servers except SSH.
Okay, uninstalled. I can get to the login screen now, from a VM on the same vlan. I can also get to the login screen using OpenVPN through nethsec. I use the default credentials of admin and Nethesis,1234 and it says ‘Cannot log in Something went wrong. I figure it can’t be a port problem, since I got to the login screen of NS8. I thought the credentials above were the ones to use after a new install?
Trying to do api-cli run alter-user --data '{"user":"admin","set":{"password":"Nethesis,1234","2fa":false}}'from the debian vm command line says ‘authenticationError: Invalid username-password pair or or user is disabled’
If I do api-cli list-actions I get ‘module/traefik1/node/1/cluster/’ Should I be running the above script from a certain directory? Do I need to add the user? I don’t know the command for that.
I installed NS8 using curl from the Debian VM’s command line, logged in as root.
It seems the default cluster-admin user wasn’t created.
Maybe something went wrong at installation.
I think the cleanest approach is to reinstall Debian 13 minimal (this time without any servers) and then NS8.