How’s going as ClearOS refugee?

Nice of you to ask. So far I’m very excited about NethServer and look forward to learn much more about it.

At the moment, I have a lot of things to check out and see how NethServer does things. ClearOS provided some services around the OS that were helpful. For example if you use them as your registrar, they provided mail MX backup and DNS. Having a back up MX was handy since our power goes out ever so often and with the backup MX, we didn’t lose any email. Since it is personal email, it probably isn’t so important but it was really nice to have.

ClearOS appears to be a dead distro as it hasn’t had any updates since last summer. Since they stopped adding any security updates in the past few months and no one answers any support tickets, I realized that it’s time to leave a project I spend many hours working on and supporting. I got to know many great people virtually through the project. I spent nearly 20 years running ClearOS and ClarkConnect before ClearOS. So I have to see how I can migrate all my customizations, or find better ways or create new ones on NethServer. This assumes that someone hasn’t already solved the same itch.

I have downloaded the v7 installer which I’ll put on a test box and start working on it this weekend. I have 2 domains on my ClearOS box with static IP and have to figure out how to set up a test installation to mimic this set up. I’m not quite sure how to do that but I’m sure I’ll figure it out.

That’s sad… when a great project like ClearOS fails…

We have a lot of ex-clear users so don’t be afraid to ask
Please share your journey with us, so other refugees can learn from your experience.

Sounds like they went way out of their core business of adapting a Linux distro.

I’m replying to this thread so that I can be part of the discussion. I’ve been using ClearOS since way back in its Clark Connect days. I know Nuke to have been a regular contributor to the COS community forum. It was a superb distro in its hay days. I don’t know that their Clear Care support is necessarily dead in the water, as I got them to respond last month when I noticed a bogus CName record in my DNS records. They helped me sort the matter out.

Having said that, I concur that they haven’t provided updates in a long time. The only reason I keep my COS server alive is because our office and our customers are familiar with using it for file exchange. I regret to have to walk away from COS, but I will not have my business’ hands tied.

I recollected someone mentioning Nethserver in the COS forum, so I looked into it. It needed to have some of the features I’m used to in order for me to make a decent file and web server out of it. I saw where Nextcloud was an available app in their distro (i.e. nethserver-nextcloud), so I grabbed a new domain name and put Nethserver 7 and Nextcloud on a box in the office to try it out.

The old server manager (i.e. port 980) seems to have more accessible features than the newer cockpit (i.e. port 9090), but the cockpit is richer looking and pretty user friendly. I’ve been able to readily maneuver through it. I think to maintain any linux distro you still need to be comfortable working from the command line and editing different scripts (Putty and WinSCP are my favs).

So far, messing around with Nethserver, I’ve added a few apps like Crontab Manager, Collabera Office, and phpMyAdmin. I’ve also added some apps from within Nextcloud, like Nextcloud Office, Welcome, and Cadviewer (demo).

While I haven’t put our Nethserver out there for customer usage yet, it’s alive and working in our office and I’m very pleased with its functionality (for what I need). I’ll cut the cord soon enough with COS, since it’s not well supported anymore. I am really looking forward to keeping a Nethserver and maybe even implementing a website at some point. That’s definitely a nice feature for a distro to offer. I will make our Nethserver available for customer file exchange in the near future.

Thanks for a nice product.

Hi @dalbring . Nice to see you here! Thanks for your comments and help both here and at ClearOS.

The ClearOS forums are getting pretty rickety and slooooowwwww. I tried while on that forum to post my solution to questions so I could find them in the future.

I’ve been shocked in the past when I do a Google search on an issue and find out I had help solving it in that forum years ago. : … Getting old and forgetting stuff …

That got me thinking. I should try to capture my posts so I can refer to them again if ClearOS goes offline. It’s now part of my transition plan.

Now I have to figure out how to that efficiently …

I used to support 4 ClearOS content filter gateways via squid & filter list updates early 2010’s. The support and product at the time was pretty consistent and we hammered out a 4 year pricing deal that worked out well for the computer labs they supported. If approaching the same scenario now Nethserver by far would be the easiest and best drop in replacement. Affordable subscriptions, consistent updates and a great community behind it.

Hi folks,

Since you asked how it was going, I thought I’d add updates as I learn and get up and running. I really enjoy learning about all the tech but my wife gets pissed at me when I spend too much time on my “hobby”.

I’ve been working away slowly on my testing and migration plan. It’s slow because I do this in my spare time. I am a hobby admin running (1) a home gateway server, (ClearOS with email, IPS, IDS, Firewall, webhosting 2 domains, Plex), and (2) a separate baremetal hypervisor server (vmware) that runs a NAS & SuiteCRM instance. With our 2 wired and wifi networks there will likely be a number of complication with routing. But I think NethServer will make some of this easier to set up and manage.

I started out repurposing my old ClearOS 5 server about 3 weeks ago. The power supply died (old age) so I figured I should start with a “newer” PC. Last week I bought a slightly used Lenovo Thinkstation tower. I’ve been using a single SSD over the past week with proxmox and NetServer as a vm for learning and configuration.

So far with NethServer there is a lot of new things to learn because the applications used are different from what I’m used to from ClearOS. So I’m learning about a new firewall, looking and updating Fail2ban config and checking it is working properly, Suricata (I’ve used Snort with pulledpork), Dovecot (used Cyrus), proxmox (used vmware), new spam filter (used Spamassassin) etc etc. All good so far!

This week I am waiting for 2 new SSD drives that will serve as a mirrored raid for the final install. I’m still trying to decide if I will keep the proxmox+NethServerVM configuration when I get the 2 new SSDs or if I should just install NethServer (i.e. no proxmox). It looks like there quite a bit more to learn and maintain with proxmox and NethServer VM together. But I like that I can back up the NethServerVM easier, probably move the NAS and SuiteCRM all onto one server. It should also be easier to backup.

Will migrating NethServer7 to 8 be similar if it is a VM or baremetal install?

There are some posts on the wiki and documents for NethServer 7 that probably need to be updated. I can provide some notes on creating an installer USB from the Mac if it is of interest? I’ve never liked Windows and have avoided it at work. I’m happy to provide other updates as I work through configuring the modules and test. I tried to fix a spelling mistake in the docs but that didn’t take in git. I just started learning git a few weeks ago so I’m sure I didn’t do it right.

First test install.
I downloaded the most recent ISO following the “Download” link. The install on Proxmox went without a problem except that the Server Manager wasn’t installed. Following along the admin manual and user guides say that it would be available once the install was completed. I needed to add the repo and install this separately from the command line. Thanks to the person in the community who had the same problem and nicely documented what needed to be added, I was able to add the repo and get the Server Manager going. (??It looks like the iso didn’t include these server additions in the regular install??)

That’s it for today. I’ll post again when I have some more updates.

I might add something useful here…

Your current migration path is a “translation” from what you used on ClearOS and VMWare to what can be provided to you by NethServer 7 as application server, and ProxMox as virtualizer. More or less “the same kind of thing, but different”. Same job, new tools? I think that the description might fit.

NS8 will be a paradigm shift.

The hypervisor might be thrown away or not, is your call, but if currently you have some “application servers” on the same OS that provide different services, with NS8 you will have a Container Orchestrator to manage, moving applications around multiple (possible) hardware with less effort than current necessary for “study” a feature than reproduce it on the “running” farm.
What could be beatifully and easily do with NS8 is this.

• find a new “toy” to play with (software, application server, feature) which support container space
• deploy it into your “test” hardware
• tinker with it, edit, personalize, brand it, upgrade it, make it final
• once you’re ok with it, move it to the “production” hardware (optional: throw away the obsolete/no more necessary toy)
• back to square 1: find a new toy to play with

Of course the term “toy” might be misleading but in a certain way might fit: before deep evaluation, you don’t know if the software you’re examining or knowing through configuration and customization might be the right one for you. NS8 should help you to move in, go prod, move out this.

Now: is this useful?
Personal opinion mode on
Compared to NS7 a lot more things can be done, but a lot of thing that NS6 was and NS7 is capable, will be lost.
ClearOS and NS7 are “the same, but different”. NS8 will be totally a new beast.

Hmmm. Thank you @pike . Yes, your analogy about ClearOS/VMWare vs NS7/ProxMox make sense.

I have started at the top of the NS7 installed app stack and have discovered this templating thing. Ugh. I did run an e-smith server a very long long time ago. I don’t remember these templates. ClearOS 5 was pretty clean in that you could update the rpm and it wasn’t likely to break anything with the web management console. With ClearOS 7, there is a clearos layer on top of most things that mean that making any configuration changes or customizations difficult. In some ways it looks like this template stuff. For example, my present situation with trying to get clamav updates on ClearOS7. There is a bunch of clearos “goodness” that has to be managed for the update to happen. So you can’t just install the updated rpm. You have to patiently wait for ClearOS to update the official clear implementation. Since there doesn’t appear to be anyone there anymore, there is no way to update something that should be fundamental. Big bummer.

I spent an hour looking at antivirus/clamav and fail2ban. It looks like I have to learn about this template stuff. I have had different ban times for different services in ClearOS. There was a time that I got so many attacks on OpenVPN that I had to reduce the number of attacks from an individual IP to 3 failed attempts with a 1 day/7 day/30 day/forever ban time. Now I get next to zero attacks there. When I look at the fail2ban settings, I think I have to customize the template so I keep the jails. ClearOS7 had a custom layer but it still had a local jail that could be modified and would be used even if the mothership jails were changed.

Another question. Does the “unofficial” antivirus definitions include the clamav database? It looks like the unofficial are add-ons and don’t overlap?

NS8 sounds like it could potentially replace my present NS7/ProxMox virtualizer/application server concept in one. I feel like my head is turning into a pretzel.

Hi @Nuke

A personal welcome as ClearOS refugee.

And: yes, I also used SME Server until 6-7 years ago…
Now, all my clients use Nethserver on Proxmox, OPNsense box as firewall.

A container management suite can’t compare with a Class 1 Hypervisor, which is what Proxmox is.
It won’t provide HA, it can’t aleviate migration of Mac or Windows VMs, and MANY more differences…

It can do so much more than NethServer 7, so let it do what it does best: providing server services.

What it can’t do, which eg Proxmox can, is virtualize the CPU, so even live migrations from Intel hardware to AMD hardware becomes possible.

Like you, I’m not a Windows freak, I only have a ten year old PC and a VM Windows 10. I use Macs, and Linux. Yes, I have clients who use Windows so I have to be able to handle that. Then again, when working 25-30 years ago for E&Y, I was considered a Windows crack - and still am.

And: I only have a single instance where I use NethServer as firewall - the DNS is so crappy that it can’t handle reverse lookups (PTR) correctly. As no CNAMES are possible (except for NethServer itself), any CNAMEs have to use A records, making reverse lookups a random thing, as either A records are valid.

I use OPNsense, usually in hardware as my clients prefer a dedicated box as firewall. Repair, Upgrade or Refit the server, while still having Internet!

If you have any questions, PM me. I’m known here as someone who helps first users here make the first big strides…

My 2 cents
Andy

Small hint for @nuke: before starting with custom templates, take time to tinker with cockpit interface. Maybe settings won’t be as granular or tweakable as you like it, but I must admit that most of the times are common-sense added.
If after enough tinkering you’re still convinced that “old settings” were far better than these… Backup, try some disaster recovery. Then backup configuration. Then custom template.

Thank you @pike and @Andy_Wismer for your suggestions and explanations.

ClearOS had a good firewall, IDS and IPS set up. It worked well so I didn’t need to worry about any other devices or software firewalls. If the NethServer isn’t so good at these tasks, then I’ll have a look at OPNsense. I don’t have the budget to spend another $600+ for a dedicated device so I’ll look at how it would work in a VM on ProxMox. I’m a little familiar with pfsense. I assume it’s similar. I’ll do research on these two distro.

Thanks again for your suggestions and help.

Yep, it would be great.

They’re going to be only different. We won’t lose features, we can’t afford it

this is true.

I think that saying “Nethserver is not good as firewall” is a bit unfair. We have nearly 20k enterprise firewall installations only in Italy and all of them are for businesses Without counting the community side all around the world.
And the next firewall release is going to be even better.

This is not Apple… so that only could mean so many different things.

So there’s already nDPI implementation for NextSecurity? Or Squid reporting?

Here you go. This can be used as a start to add the info in the docs.

The challenge with creating installer disks properly on the Mac is that the tools often screw up burning disk images with .iso extensions. I have tried BalenaEtcher to burn the iso directly but it doesn’t always work properly. I don’t know why this happens but the following procedure works each time.

I learned this originally from the ProxMox documentation site.

Steps:

1. Check iso downloaded. In this example used “installer” as name of installer disk.

shasum -a 256 -c installer.iso.sha256 installer.iso

You should get a good result, otherwise download again.

2. Convert from iso to dmg.

hdiutil convert -format UDRW -o installer.dmg installer.iso

The flag -format UDRW = UDIF read/write image.

3. Plug in the USB HDD target device. You want to make sure you are “burning” the dmg to the right device (USB HDD) so use the command diskutil

diskutil list

shows where the USB HDD is located. For example it might show: /dev/disk2 for this example

4. Unmount the USB HDD so you can write to it without having any other process interfere. Here is the command. We assume the USB HDD is at /dev/disk2

diskutil unmountDisk /dev/disk2

5. then write the new dmg image file to the USB HDD using the following command:

sudo dd if=installer.dmg bs=1M of=/dev/disk2

All done!

There’s no reason an OPNsense box needs to cost anything close to that–entirely suitable hardware from Aliexpress is going for not more than US$250.

The reason sometimes is the bios development (and patch) sidelined with a bit more robust built, from PSU to discrete electronic components like condensers, VRMs, and so on.
Might this be enouth? I think is… really personal.