I agree, we miss them. How can we start? Please suggest me at least 2-3 topics.
The main one that immediately comes to mind is security. I struggled to find enough information to feel comfortable with my setup that would allow me to host more important docs in NS. Using a VPS means that the server is permanently exposed to the public. I’m sure there must be ways to mitigate this - for example, by setting up access only through VPN - but the instructions on how to do this are not very clear. I feel a lot better with the implementation of fail2ban in NS6 (I get a few weekly hits) and this is a major module requirement for me in the new NS7.
I think if there could be a VPS option in the setup which could provide some default options for that environment.
The default options for the VPN environment should include:
- Tighter firewall security and features such as Fail2Ban and dynamically blocking known rogue IP addresses (like the script located in the following post here)
- Include OpenVPN and other VPN options by default and enable SSH on a non-standard port by default.
- Include a setup template which can be customised so new VPSes can be created or spun up dynamically without the need for them to be manually customised. The AWS E3 auto-scaling groups are good reference point for those who are interested. (@alefattorini - you can see where this is going can’t you )
Off the top of my head, these are the 3 main topics or areas which I would consider a good starting point for discussion.
Thanks for your response guys.
Please take a look at http://wiki.nethserver.org/doku.php?id=howto:howto_set_up_a_vpn&s=vpn
Agree, we discussed it there Nethserver-fail2ban needs testers
Not following, can you make some examples?
@alefattorini My apologies for not explaining it properly earlier, so here goes:
At the moment, during the setup process you have to manually specify which packages your would like to have installed, which network interface which be in which zone (ie. Red or Green or Blue), what the IP address config each NIC requires, what the domain name and hostname is, users, user groups, etc, etc.
What would be nice is to have a text file with all of this information which you can specify as a parameter to the setup process so that it can be fully automated.
So essentially, you would turn on the VPS, go take a 30-60 minute coffee break and come back to a fully operational server which does not require any further intervention with regards to configuration
It sounds interesting but I don’t know how it might be doable, improving VPS experience will be one of the main goals of future NethServer versions though.