Originally published at: http://www.nethserver.org/nethserver-7-final-released/
Although past year was one of the most exciting, energizing and also exhausting of NethServer history we’ve reached the first milestone along our path.
Today, we’re thrilled to announce that NethServer 7 has been released and is publicly available.
NethServer 7 is a big step forward on the path of innovation, now we can take full advantage of the power of CentOS 7.
We’re confident that it will be the best NethServer ever and it will achieve our mission. Making sysadmin’s life easier with Open Source. This is thanks to the most vibrant, supportive and friendly community in the Open Source space (and not only Open Source).
We’ve got a lot of news to share with you, so let’s jump right into it.
Samba 4 Active Directory Controller
NethServer is now able to act as a Samba Active Directory Controller.
- NethServer can replace a Microsoft Active Directory Domain Controller
- Native MS-Windows management tools, like RSAT tools and AD PowerShell are compatible with NethServer
- Group policies can be deployed through native MS-Windows tools Windows workstations can seamlessly join the AD Domain, no more registry tweaks are needed.
NethServer 7 brings a centralized account management (so-called “multi-site”) supporting authentication and authorization against either a local or remote accounts provider.
Supported providers are:
- Local OpenLDAP running on NethServer itself
- Remote LDAP server with RFC2307 schema
- Local Samba 4 Active Directory Domain Controller
- Remote Active Directory (Microsoft or Samba)
Nextcloud (https://nextcloud.com/) is a new open source project that makes a private cloud platform at your home, it was born as a fork of the well-known OwnCloud project to reboot it in a better way. Read more in this post
Certificate Management panel
An updated Server certificate panel allows to edit the default self-signed certificate or upload a custom certificate file bought from SSL certificate provider.
The same panel allows you to request a new Let’s Encrypt certificate.
For those of you who are unfamiliar with Let’s Encrypt Client, it is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol) that can automate the tasks of obtaining certificates and configuring service daemons to use them (like web servers).
Transparent HTTPS Proxy
We changed the behavior of the Transparent HTTPS proxy dropping the MITM (Man In The Middle) feature that inspects all the encrypted traffic, substituting it with a new implementation that sniffs only the beginning of the connection to discover the destination website (for filtering purposes).
Basically, it means that we peek at the beginning of the connection to discover the destination website (and block it if desired) and then** let the traffic flow unaltered from the client PC to the secure website**.
Some improvements introduced with this solution:
- No certificate to install on browsers
- No untrusted certificate warning
- No sniffing on sensitive information
- Seamless filtering of unwanted web sites, both HTTP and HTTPS
The web UI hasn’t been modified (only the certificate download button has been removed) because the behavior has changed under the hood.
Deep Packet Inspection
A major feature of the new firewall is deep packet inspection using nDPI.
This feature allows the administrator to create firewall rules like “only the boss computer can access Facebook” or “nobody can download torrents”.
New interface for the Traffic shaping
A better implementation of traffic shaping with a brand new interface allows the creation of complex rules.
For example, during office hours facebook traffic has low priority.
The “Firewall rules” page supports creating rules for “low priority” or “high priority” traffic. Bandwidth configuration of red network interface has been moved inside the “Network” page, leading to the removal of the “Traffic shaping” panel.
New time conditions on firewall rules
The firewall now supports rules based on time. Administrators should be able to create rules like these:
- Block Facebook during working hours in the working days
- Allow Facebook only during lunch time
Suricata is the new IPS
We have replaced Snort with Suricata (https://suricata-ids.org/) for better performances and improved support for newer hardware.
The reverse proxy feature is useful when you want to access internal sites from the outside network and host on an internal web server. Developed time ago, we added a handy WebUI to easily configure this feature.
Mail server received a lot of love from our developers, adding new enhancements like:
- all users automatically have a valid mail address: username@domain
- mail alias page has been refactored and now you can create distribution lists with internal and external mail addresses
- you can now create shared mailboxes and associate them to a custom mail alias
Improved full-text search for IMAP
The upstream dovecot package provides the Lucene-based FTS (Full-Text Search) plugin. We have enabled it by default, therefore the speed of searches performed by IMAP clients (and webmail) is now vastly improved.
New pop3 connector module
We replaced Fetchmail with the much more promising Getmail application.
It’s written in Python, easy to extend or customize thanks also to a flexible and extensible architecture.
MultiWan configuration is now merged into Network page
Internet Service Providers configuration has been moved to the Network page, consequently, MultiWAN fields are added to the Red interface parameters.
Simplified Network Service panel, Zones and new Firewall rules
The implementation of remote network access to system services has been removed from the Network services panel because it’s now possible to create Firewall rules to add access restrictions. Network services appear as not removable rules on the Firewall panel and using the Firewall itself as source or destination of firewall rules is permitted.
DHCP mode available for Green
It’s now allowed to configure a Green interface in DHCP mode, now DHCP on VPS is a scenario.
New Upstream proxy panel
If NethServer can’t browse the Internet directly but has to go through a proxy server, there is now a global HTTP proxy settings page (in the Network panel) to configure all access details for the upstream proxy. The configured proxy will be used for all HTTP and HTTPS traffic originating from the server. The global proxy settings can be overridden for the web proxy (squid) traffic.
Main DNS Servers configuration moved on Network panel
With the aim of having a single place for all Network configuration options, we have moved the DNS Servers page in the Network panel.
Advanced static routes
We have improved actual configuration of static routes, now it’s possible to implement routes
- with a specific selection of device and metric
- to force a default gateway
This improvement makes our firewall more versatile, especially in a VPS environment.
New look for NethServer 7
We needed a new look for our next release to differentiate release 7 from the old NethServer 6.
We have also refreshed the First Configuration Wizard and the Network Panel with an eye towards usability and readability.
New landing page
A new landing page for the web server has been added for helping new users to find some “getting started” information.
Handle service by WebUI
Each service can now be started/stopped/restarted pushing a button.
New bandwidth monitoring module
Our community asked for a simpler tool to monitor bandwidth usage, so we added a new module called: BandwidthD
BandwidthD is a solid tool that has a proven track record, widely adopted and better integrated into our WebUI.
Web applications integrated into WebUI
The following web applications are now integrated into the Server Manager:
- CGP ( collectd graphs ), installed by default with collectd
- Samba audit
- Lightsquid (web proxy statistics), installed by default with Squid
First Configuration Wizard improved
The improved Wizard adds an option to set a smart host to deliver emails even if the system is not a full featured mail server. It checks also that the hostname syntax follows the DNS rules.
Shared folder refactoring
We have refactored the “Shared Folder” page with Virtual Hosts and AD Domain Controller role in mind. The “Shared folder” page configures only Samba shares and the “Web access” panel has been moved to the “Virtual hosts” page. User authentication, Extended ACLs and group ownership are enforced only if the server is a member of an Active Directory domain.
New Virtual Host panel
This new panel permits to simplify management of the web server configuration, thanks to some new features:
- FTP access to the vhost web root
- Folders permissions can be set from FTP
- SSL/TLS certificate selection
The UI module has a plugin architecture, so more features can be added by other packages.
“Reload page” button in Software Center
After installing/removing a module from Software Center, a button will invite to “Reload page” to update the dashboard menu.
New web interface to restore data from old backups
In the past, the list of files to restore shown in the interface was created reading only the last backup.
Now, the user is able to select from which backup files should be restored.
SCL repository is now enabled by default
Software Collections, also known as SCLs, allow you to run the default software version of some applications (PHP, Python, etc…) that come with CentOS. They also allow a newer version of them to be installed alongside the default version for creating and running software with newer requirements.
Now we can use all the power of SCL repository since it’s now enabled by default and users can install applications from SCL repository using the yum command.
NethForge is now enabled by default
NethForge is the place where you can find extra modules built by the community. The release RPM is now inside the default distribution, so it’s enabled by default and a new “NethForge” category will be available inside the Software Center.
Thank the overall NethServer community
As usual, we’d like to first thank the overall community for contributions toward these improvements — whether it was in feedback, bug reports and suggestions or our personal favorite, feedback based on participation in our very own NethServer community.
Download and Test
Who wouldn’t want all these fantastic new features?
- You can install NethServer on a virtual machine or on a bare-metal server using a DVD or USB stick
- Upgrade from 7 RC versions are supported through the Software center
- Upgrade from 6.8 will be available soon
If you find a bug, please report it here – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing beta testers team will be called upon to give its support on that!
Ready to check it out? Then head to the docs and download:
- Direct ISO download, 740MB nethserver-7.3.1611-x86_64.iso
- Torrent link: nethserver-7.3.1611-x86_64.iso.torrent
- Technical Release Notes: http://docs.nethserver.org/en/v7/release_notes.html
- Administrator manual: http://docs.nethserver.org/en/v7/
- Developer manual: http://docs.nethserver.org/projects/nethserver-devel/en/v7/