NethServer 8 container wishlist

Opening this thread for… collecting suggestion (user side currently) for “things that you’d love as modules/container into NethServer”.

As far as devs shared, NS8 will be “heavily” podman-related. So if you’re willing to suggest or express preference for something that in your opinion could be a really interesting add-on to the distro, please, assure yourself that containerized installation is at least supported by the project, better if already avaliable as option/documentation explained about setup. If is podman-ready well… it will be a huge plus for the interest of the projects and of the users of NethServer.

Consider also to propose something… really different than things already available.
I mean… from RoundCube to Crypht there’s not so much difference. I can understand and respect different tastes about that, but WebTop (currently the “most NethServer’s dev loved Webmail”) currently is a different kind of package (closer to a groupware than a simple webmail+calendar)

Do your things, dudes :wink:


Some of these are going to be obvious, and are quite probably on the roadmap anyway, but…

  • Mail
    • SMTP/IMAP (and I guess POP, but that should have died the death many years ago)
    • Virus scanning
    • Spam filtering
    • Webmail (I love Horde, but it’s looking increasingly like abandonware)
  • DNS
    • Feature parity with NS7 would be a minimum, but a full-fledged DNS server would be better
    • Option, at least, to be the public authoritative DNS server for your domain
    • Integrate with Mail to add the dozens of DNS records a proper mail server really needs
    • …and if it’s the public, authoritative DNS server, it can also be used for ACME validation
    • Technitium would seem to fit the bill here.
  • SSO
    • LemonLDAP::NG is available as a Docker container and seems to be working well
    • Though really, IMO, if used, this ought to be part of the core distro, and then configure other applications to authenticate against the SSO provider, rather than against whatever LDAP server that SSO provider is using.
  • Nextcloud is already there. Assuming that Collabora/OnlyOffice are also available, all good there.
  • Matomo
  • I run mine on a separate VM, but Zabbix.
  • General web hosting with the LAMP stack
  • CMSs

DNS, by AD perspective, it’s quite a tangled mix.
Should also have

  • DHCP (but it’s not on the GREEN or other segments, if it’s containerized… so it’s useless. I’d love to see the reverse sommersault for provisioning of PBX clients…)
  • Samba. Yes
  • The other samba… the DC
  • tools for a better DNS management
  • the tools for being authoritative (which it will never be for public networks, IMO)
  • the SSO jargon. Ok… Wireguard could be still a path for exchanging sensitive data in some secure way but… it could put strict constrains on inter-container dialog and firewal… oh sorry, firewall not designed for this :expressionless:

DHCP can since more than 20 years easily handle “other networks”, eg networks your DHCP server isn’t directly connected to, see DHCP forwarding in this context.
Support for DHCP forwarding can also make sense here…

My 2 cents


Wireguard is specifically designed also for hosted VMs, without any real firewall or UTM, to be able to communicate securily over an existing Internet connection - just like OpenVPN… Only Wireguards much, much faster!

Communication of two hosts via VPN does not need any Firewall / UTM.
There’s always a firewall running on Nethserver, even without installing the firewall module, but this is besides the point.

My 2 cents

I’m not at all sure how you see Wireguard affecting SSO. The users sign in to the SSO system using HTTPS, which is of course secure. The SSO system authenticates to the LDAP server using LDAP+TLS, which is also secure. The SSO system gives its credentials to the client application via HTTPS, which continues to be secure. Even if we assume that all three of those systems will be running on different computers, there’s no real need for a VPN among those computers in order for the process to be secure.

Why not? Other folks have their own reasons for wanting this; I have two: (1) ACME validation, and (2) email. The former would make acme-dns moot. In the latter case, properly setting up DNS for a mail server calls for dozens of records. Sure, you can set those up manually–but why?

Yeah, so the DNS server should be set up to forward queries for ad.$DOMAIN to the AD server. This should be transparent to the users.

1 Like

A document management system like this will be good.



1 Like

As far as i can understand, Wireguard will be unavoidable for allowing dialogue amongst containers. All the communications will be transparently tunneled via Wireguard adapters among the containers.
So is needed? IDK
It will be present? I’m assuming that it will be, no matter what.
Which will make me ask: could the simplified container management be borked by erroneus bridging among containers?

I have to apologize.
This kind of … “loud thinking” is deranging the topic from the “wishlist” core.

Crypht looks cool! We have multiples mail clients also on NS7, would you try to run it on NS8? It shouldn’t be too hard following the tutorial, at least I hope so :crossed_fingers:

Indeed we are going to implement both.

ecoDMS doesn’t seem to be Open Source …

This is not true. Containers will use wirguard if, and only if, configured to do so.

It takes from HastyMail left…

What kind of DNS implementation do you have in mind? I don’t mean “which software” necessarily, but what capabilities? Is it going to be comparable to what’s in NS7, or do you expect to expand it?

I’d like to have all features you already mentioned: so an authoritative server which can also act as cache.
It should provide APIs for other modules to automatically create records upon requests like SPF or just simple CNAME and A records.

I looked into Technitium, but I’m not sure it fits well. As an alternative, I was looking also to PowerDNS with PowerDNS-Admin.

That’s fine with me; I’m certainly not married to it–it’s just one I knew of that would seem to do what I was proposing, and comes in a Docker container.

Maybe Alfresco Community Edition can be a possibility.



1 Like

-Stephdl’s NFS share system works really well, but getting it added is a pita to do each time a new server is stood up.
-Better drive management, including the ability to grow disk drives when new storage is added, be it through VMware expansion of a vmdk, or bare metal raid.
-Pi-hole integration, especially as there is a lot of talk regarding DNS in this thread.
-Better interface for the proxy server, with more detail on what’s being blocked/allowed, bandwidth utilization (could be integrated with existing bandwidth report tool), top talkers, and clearer instructions to include how different networks are treated (red, green).
-Simple Plex server installation and gateway to that web interface would be amazing, but likely not something for every server.
-Fail2ban would be almost required for servers exposed to the internet.
-FreePBX might also be out of scope, but installing a NethServer and installing a FreePBX with minimal hassle would go a long way for some small shops struggling with their IP phone systems that vendors aren’t supporting due to age.

Just some thoughts and suggestions, thrown out there to the proverbial dart board.

1 Like

I’m sorry, I can’t see the use of Plex into companies. Would you please try to enumerate some nice ways for using Plex?

Nethserver is used in a lot of homes, too (including mine). I wouldn’t run Plex on mine–mine is running on a VPS on another continent; I run it on my TrueNAS box instead–but I could see why some might.

Thanks @danb35, for the “domestic media server” i got that. But I asked into companies…


I’d really like to see a decent RADIUS implementation built in, as an option for admins to use.

RADIUS is a very old protocoll, very stable and is used a lot globally, and it’s also fairly secure.

It would allow not only the integration of WLan APs. but also:

  • Account Providers (RADIUS can support both)
  • QOS
  • Speed limiting
  • Source / Target limiting
  • Time limits
  • VPNs
  • SSH
  • RSync
  • and much more!

Would be great to have this as an Option, integrated with services (similiar to the way fail2ban on NethServer does it), and the option to choose which services or all get covered with RADIUS…
If not needed, no one needs to install / use it.

RADIUS has strong logging / reporting options, which can also be used in the newer Cockpit / Dashboard, but also eg for Zabbix / Nagios or directly in Grafana, for nice Graphs…

My 2 cents


Hospitals/anything with waiting rooms that play/shuffle movies or other business propaganda/media, and small businesses that won’t pay for Pandora (or want tighter control of the playlist), so they use plex to do music. My dentist and my doctor both could use plex. My wife’s office has a waiting room with powerpoint playing an endless loop because her coworkers couldn’t make the smarttv do what they wanted, and it’s rare to see a tv model with a dvd built in.

But, yes, it would be great on a home server, like me and @danb35.

1 Like