NethServer 8: planning an evolution

We what to keep it, but probably not on the same base system.

We can overcome the shorewall issue, but the hardware is the real problem. In the future firewalls will probably be smaller machines (arm based?), and CentOS 8 doesn’t quite fit well on tiny hardware (/cc @Conan_Kudo).

But you had to manually configure every applications and this is what NethServer is doing for you out-of-the-box. I think that @pike described such process very well.

Containers could be just a different implementation of NethServer modules but we still need all the glue to keep many pieces together as correctly highlighted by @danb35 and @robb.
I just want to reassure @Andy_Wisme: all the network mess should be hidden from users eyes :wink:

Regarding the container engine, probably the choice will be podman since it is already integrated in RHEL.

3 Likes

This should not be an issue in the near future. There is active work to slim down and better support ARM SBCs with CentOS by the AltArch SIG. Pablo Greco in CentOS has been doing that work, and it’s making decent progress.

2 Likes

Personally speaking, I think switching to nftables would be worth it, given how it improves handling complex rule sets and integrates functionality that was split across a range of different netfilter interfaces, but if you’re already not using an abstraction that makes that easy to do, I could see you wanting to keep the older way with iptables, ipsets, and so on.

Out of curiosity, is that for anything beyond PHP? Because Remi Collet still offers SCLs for PHP for CentOS 8. Python Application Streams are parallel-installable already, and the Developer Toolset for C/C++ still uses SCLs.

1 Like

IMO; Nethserver should be a one fit all solution but smarter than other.

Nethesis understand the SME; it should stay in that scope: firewall, file server, mail, chat, collaboration, backup, VoIP, …

Container

  • All applications should be relay to container (LXC, PodMan, Docker, CRI-O, Kata, …)
    Perhaps, something like Kubernetes seams to be more futuristic-proof since is allow SUSE, RedHat and Google look that way. It also remove a lot of PoF.

Cluster

  • Focussing of Decentralization and Hybrid infra such as easy to make inter-site-connection, cluster and failover. Maybe something like WireGuard or IPSec, Gluster-FS or CEPH.

Security

  • Something like NethSecurity aka Gateway functions such as UTM, ThreathShield

I read earlier, multi tenancy. That was often a show stopper for me, that and Apache.

4 Likes

I think that multi tenancy/multi domain/multiple user base will never be considered as an option for development.
This will be ideal for service providers, but won’t fit most of end users. Adding a multi layer maze of complications due to mix and match userbases, domains, applications, modules that should be accessible for one but not for other, branded in one way on one side and in another way on others. And with “tenant level” administrative users, if requested.

Do you remember old phone switchboards?


If you can image that in nine dimensions, you’re way smarter than me. In any case, this complexity must be strained in two, maximum three dimensions for allowing “server owner”, “tenant admin” and “user” to access without parkouring internet. And believe me, someone will ask you in few days to sub-sell a part of the product they buy. Billing as detonating cherry on top? :wink:

With IPv6 support, multiwan, full fledged NAT and containers (or virtualization), you can have quite the same level of segmenting the product. If you agree with me, a real hypervisor with a powerful firewall can make NethServer a pure application server, with enough public IP address.
Again: v6. Or the next generation will be the last.

6 Likes

57 posts were split to a new topic: CentOS Linux to Centos Stream discussion

Please stay ontopic: features for NS8
Discussion on Centos becoming a rolling release and stopping LTS from Dec 2021 can take place in the CentOS Stream topic

1 Like

I disagree with this choice of splitting.
Until CentOS Stream NethServer 8 was intended as founded on CentOS 8 and the extend of the product would be the support of the distro. Now think that Nethesis is quite puzzled for most of the development wasted on CentOS 8.
So here’s the thing: announcement, unless the words from Filippo who said something “Go for CentOS Stream” is already the announcement.
I had a project for bring into a company a suite of internet services (Mattermost, Zammad, NextCloud) and internal services (Zabbix). It would be a huge job for the organization an the sake of success (email as internal instrument was quite rejected) that should not last only 3-4 years to fully extend. So with Neth 7 would not be enough, and i were not worried on Neth 8.
But now i am. And managing by myself the new flavour of Armonk wild run is not interesting.

This is part of Neth 8. How it will be?

1 Like

I disagree. IMO the features that make NS, can perfectly / should be OS agnostic. The discussion what OS, (IMO at least with the same properties as CentOS Linux, with stability and 10 year support as the most important) can be done in the CentOS stream topic.

5 Likes

I’m probably going to get shot by proposing this but, what about Ubuntu Server? It is based on Debian but I think they have long release support time. Debian would be best but if they change everything every two years it is kind of crazy.

@tessierp

Hi

Debian and Ubuntu both have 5yrs LTS.
Debian doesn’t change everything every two years…
Ubuntu has Snap - not really open source, and the snap store is NOT open source at all!
Uncontrollable “blobs” on your server?
And - Canonical - behind Ubuntu, is a corporation, just like Red Hat.
Why does Linux Mint - based of Ubuntu now for so many years - develop a fully running look alike based on Debian?

My 2 cents
Andy

Dont’ think so :grinning: also have a look at the above mentioned discussion:

IIUC this topic relates more to the what the future NS should be/do and a top level look on how. What is the place of a small business server in the furture?

@tessierp, from this perspective I’m curious why you decided (relative recently) to setup a Nethsever ?
Having gone trough this experience, what would be your needs say 4 years from now?

Gtrz Mark

2 Likes

I would say, it is not because there is something available that you have to use it. It is there for those who want to use it. And I know people who like them and use them and are happy.

And in the strict sense of the term “not really open source” but freely available, you are right it is not open source but makes use of open source software and builds on it. The advantages of having a company supporting a project, it has more resources. For example, Google and Angular compared to Vue.JS. I guess that point depends on the perspective. Or C# and .NET CORE which is now fully open source but has a huge maintainer behind it, making it evolve very fast, Microsoft. They have the funds.

I’m not against Debian. I was just throwing out a question out there and see what people thought. We will not all reach a consensus on the first round. We are having this discussion to have all the points, collective understanding and hopefully take the best decision.

Just to be clear, it is not because I believe only corporations can do things right. I’m not totally for the style of economy we are running world wide. It is not sustainable. And the common argument that I hear, “well people would be lazy otherwise”, lazy people would be lazy anyways. Just look at the Open Source community, it is a great example of people doing work to help because they have a passion for it and love what they are doing, they are helping themselves and others at the same time, sharing knowledge. That is how progress is measured in my books. Not through a cartel of corporations controlling everything. But, because of the funds access it drives certain projects faster. I’m not closed to Debian and want to push Ubuntu only, I was merely exposing a thought and there is some sense into what you are saying, Ubuntu could die or the company could say, “Hey you need to pay!”. Probably best to go Debian.

2 Likes

Hi Mark,

My needs are still very small compared to those who setup big systems. Nethserver, so far, has been awesome, offering packages to install and a very intuitive and easy to use UI and system. The community also has been super helpful, one of the best I have seen around especially in this type of industry where there is, at times, a lot of elitism and whenever someone new comes around asking questions that seem to make “no sense” to them or not with the right terminology, you just don’t get an answer.

So why did I decide to install Nethserver. Well this started a few months ago. I’ve been working in the IT industry for 20 years doing Software Development but was always interested in learning how to set my own things, just did get quite the chance or the time. With the pandemic, I really needed to get my own things setup. I decided to learn. One of the first drivers to set Nethserver was I got tired of always having to configure a new off the shelf router each time, not being able to import my previous configuration. It took time and not only that, the functionalities were very limited. So my first try was to install Nethserver as a Firewall / Router, DNS (of course) and VPN. The latter was very important. There were times I would want to get access to my network internally while I was away. I did experience some issues initially with an AD, it didn’t work out well, probably due to my lack of experience, tried to remove it but I realized it was not so easy to go back so I gave up on that.

A few months later, I changed my architecture a bit. I now use OPNSense as my firewall and Nethserver internally as a DNS server (I run a split-brain DNS setup). I also installed the AD which I use for a common user base for some services, right now just Dokuwiki. I have Zabbix installed to monitor the temperatures and health of my systems. I want to setup my own mail server to be a bit more independent from Google for some emails. Thinking of enabling web hosting for a personal project I’m working on and helping a friend test his web pages… There may be other things in the future. Nethserver has just been great. Like I said, super useful community, a lot of documentation, on its own this is worth a lot!!

For anything else, like setting a Plex server (which I did recently on a low powered CPU, actually embedded CPU, J1900), I installed Proxmox, created a Ubuntu Server VM and installed Plex on it. Proxmox is to be able to easily back it up. And it works well! I was amazed especially on a CPU like that and only 8 gigs of memory. I used Ubuntu because I knew that best but probably would try Debian in the future.

I am still learning. In fact I have a lot to learn still. So I guess my needs are, a good community with good support and basically just to have access to an easy to use Server you can add things to when you need just like you have right now. You are covering all the basics (and more) for me at this moment. And if I would need something, because of the community, it is just easy to initiate a conversation. So great job guys and as always thanks for the help and support.

4 Likes

Another thing I forgot to mention is, I’m trying to just have a lab at home while installing services for my home. I already mentioned some of them and there is one I forgot. I am running Home Assistant in a VM on Proxmox. I was just thinking, maybe this could be a future package you could include. Docker can be installed on Nethserver so it could be an option. I mean I could do it myself but if you have a package there to install it automatically, why not. Although, inside Docker, it would only run Home Assistant core, not the full thing. Anyways… Just commenting since you asked for my needs @mark_nl. But I realize this is not really related to the main subject which is the choice of the OS. So I would conclude, with the limited information I have, Debian could be best because it is fully open source, no strings attached. And Ubuntu is based on it and I know Ubuntu best out of all the flavors of Linux out there. But I think the most important point is, it is completely Open Source.

2 Likes

Hi

AFAIK, certain bits of Ubuntu force you to use Snap, like some part of ACME/LE…
So much for Open Source…

My 2 cents
Andy

The first step should be to install it manually and write down a how to at the Howto section at this forum. After some people tested it, somebody can create a package of it.

2 Likes

I certainly don’t like to be forced. Good to know. Like I said, perhaps it makes less sense to use Ubuntu in that case. Ubuntu Server (the stripped down version) is a bit different so not sure if snaps are forced there too… Probably they are. Anyways, Debian is probably best if you don’t want to have to deal with a company who could change things or end a project, imposes certain things like snaps, etc.

1 Like

I’m pretty sure this is a matter of how the packagers/vendors of the software want to provide it, not something inherent to Ubuntu. Or you could always use a less-bloated client like acme.sh…

I did that on my QNAP system when I first tried months ago. It was Home Assistant Core only. Didn’t like it. So I installed the full thing now running on Proxmox.

I mentioned it as an option for those are are starting out.

Talking about this, I am curious, is there documentation on how packages for Nethserver are created?