Time is gone in a rush since our last Release Candidate and we’re approaching very quickly the final release, but as you know we’re still fixing bugs and sorting out some issues that came up.
Now, after a few weeks of hard work, we’re finally ready for NethServer 7 RC3 “Tiramisù” and it’s time to get it off the ground.
The RC3 release of NethServer 7 introduces some new features and aims to fix bugs from previous releases.
Transparent HTTPS Proxy
We have changed the behavior of the Transparent HTTPS proxy dropping the MITM (Man In The Middle) feature that inspects all the encrypted traffic, substituting it with a new implementation that sniffs only the beginning of the connection to discover the destination website (for filtering purposes).
We can do this now because CentOS 7.3 introduced squid 3.5 which has a new function to intercept HTTPS connections, called peek and splice.
Basically, it means that we peek at the beginning of the connection to discover the destination website (and block it if desired) and then let the traffic flow unaltered from the client PC to the secure website.
Some improvements introduced with this solution:
- No certificate to install on browsers
- No untrusted certificate warning
- No sniffing on sensitive information
- Seamless filtering of unwanted web sites, both HTTP and HTTPS
The web UI hasn’t been modified (only the certificate download button has been removed) because the behavior has changed under the hood.
Replaced squidGuard with ufdbGuard
Due to the recent upgrade to version 3.5, Squid is no longer compatible with squidGuard, so we had decided to replace it with ufdbGuard which is one of the best URL filters that can be found on the internet.
Simplified configuration of remote account providers
The SSSD configuration is now always available:
- on a new system, page “Domain accounts” shows a “Configure” button that points to SSSD Configuration
- on a new system, page “Users and groups” shows a “Configure” button that points to SSSD Configuration
Once a remote account Provider has been configured, it’s always possible to switch it off, and on again or choosing a different one.
The “Advanced settings” section under SSSD Configuration page displays library defaults as input fields “watermarks” according to the currently selected account provider.
We recommend reading the new manual page about Account Providers that explains the supported scenarios.
DPI module now works on upstream kernel
CentOS 7.3 comes with a new kernel version (3.10.0-514), which is compatible with the nDPI kernel module. Users in need of Deep Packet Inspection no longer need the custom kernel-lt.
While the old management interface hid the system “administrators” group, now the new version supports the AD concept of “subgroups”, where a group member can be a group itself. Also “Domain Admins” is visible and its members can be modified (a common practice in AD world).
The Dashboard panel that counts the system users now reflects the number of users and groups listed on the “Users and groups” page.
Rebased on CentOS 7.3
This release has been rebased on CentOS 7.3 which is the current release for CentOS Linux 7 and is tagged as 1611, derived from Red Hat Enterprise Linux 7.3.
As always, read through the Release Notes at http://wiki.centos.org/Manuals/ReleaseNotes/CentOS7 - these notes contain important information about the release and details about some of the content inside the release from the CentOS QA team.
And so much more
These are just the major highlights in 7 RC3 but there are other tiny improvements, refinements, and bugfixes that we aren’t covering here like:
- Nextcloud has been updated to release 10.0.2 (#5155)
- The web interface now lists remote users and groups in real time (#5168)
- LDAP and Samba AD both have the same administrative built-in users and groups (#5157)
- Handle built-in administrators groups from Server Manager (#5168)
- Samba shares support both NTLM and Kerberos authentication (#5160)
- Always enable LDAP secure protocols when connecting to remote account providers (#5161)
- Better certificate management (#5174)
- Support UEFI bios (#5148)
- Boot partition size has been increased to 1GB
What does the RC release mean?
A release candidate (RC) is a testing version with the potential to be a final product, which is ready to be released unless significant bugs emerge. RC releases can be used in production, especially if new features are not used on mission critical systems. Upgrades to the final release will be supported.
What needs test
Even in RC3, the most notable new feature that needs a good amount of testing is the AD Domain Controller setup, with a particular focus on the depending functions such as email, shared folders and user authentication.
Feature freeze phase
This release is already in a core feature freeze phase, all work on adding new core features is suspended, shifting the effort towards fixing bugs and improving the stability and user experience.
No new modules will be added or modified before the final release, we invite to stay tuned with our community for fresh news and updates about the forthcoming Stable Release.
Thank the overall NethServer community
As always, we want to take a moment to say thank you to everyone who makes NethServer possible! When you download a copy of NethServer or participate in your very own NethServer community, you enable us to write good Open Source software that many thousands have downloaded.
Tiramisu (from Italian, spelled tiramisù [tiramiˈsu], meaning “pick me up”, “cheer me up” or “lift me up”) is a popular coffee-flavoured Italian custard dessert. It is made of ladyfingers dipped in coffee, layered with a whipped mixture of eggs, sugar, and mascarpone cheese, flavoured with cocoa. The recipe has been adapted into many varieties of cakes and other desserts. Its origins are often disputed among Italian regions such as Veneto, Friuli Venezia Giulia, Piedmont, and others.
Being a dessert would be indicative of the end of the development cycle.
It’s one of the favorite dishes of our best RC3 contributors @indra @gerald_FS @transocean @hunv and @hucky so that would be a special tribute to the men who helped us test NethServer over the past month
Download and Test
We need your help to make NethServer 7 the best release yet, so please take some time to download and try out the RC3 and make sure the things that are important to you are working.
- You can install it on a virtual machine or on a bare-metal server using a DVD or USB stick
- Although upgrade from RC2 is supported through the Software center some manual operations are needed, please read these notes
How to report bugs
If you find a bug please report it opening a new topic in our community and tagging it with v7-rc3 label – every bug you uncover is a chance to improve the experience for thousands of NethServer users worldwide, also our amazing quality team will be called upon to give its support on that!
Together, we can make NethServer rock-solid. We have a culture of coordinating new features and pushing fixes upstream as much as possible, and your feedback will help improve not only NethServer but Linux and free software as a whole.
Ready to check it out? Then head to the docs and download:
NethServer 7 RC3 (776MB) (from SourceForge.net)
Torrent link: nethserver-7.3.1611-rc3-x86_64.iso.torrent