NS8 custom certificate

maybe is not the correct place to ask, but what will be the process to use a “commercial” (the institute has certificate) wildcard certificate with NS8?

Thanks in advance.

This is still not implemented, but you will be able to upload the certificate from the UI just like NS7.


Hello, has this functionality already been implemented by chance?

Not yet, we plan to postpone it after the beta. But it should work if configured by hand.
See upstream doc: Traefik TLS Documentation - Traefik

This is the package that manages traefik inside NS8: GitHub - NethServer/ns8-traefik: NS8 Traefik configuration

i found this:

But i don’t know which is the path to:



In fact what i want is create one dns register that point to a container running behind nginx proxy manager, the idea is that NS8 works like internal dns server, but i think that is not posible yet right?

You can try like this (just tested):

ssh traefik1@localhost
cd .config/state/
openssl req -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
openssl x509 -signkey domain.key -in domain.csr -req -days 365 -out domain.crt
mv domain.crt selfsigned.crt
mv domain.key selfsigned.key
systemctl --user restart traefik

NS8 doesn’t still have its own DNS module, so you will need an external DNS server to configure the records.



I’ll check it.

And just in case that you don’t know, for the case of the self-signed and own certificates maybe you can use step-ca (https://smallstep.com/docs/step-ca).

I’ve configured a test server in the next way:

git clone https://github.com/dogukancagatay/step-ca-example.git

cd step-ca-example/

mkdir -p "$PWD/data/step-ca"

sudo chown -R 1000:1000 "$PWD/data/step-ca"

docker run --rm -it -v "$PWD/data/step-ca:/home/step" smallstep/step-ca step ca init

echo <password here>| sudo tee "$PWD/data/step-ca/secrets/password"

sudo chown -R 1000:1000 "$PWD/data/step-ca/secrets/password"

docker network create traefik-net

nano docker-compose.yml (edit urls)

docker compose up -d step-ca

curl https://<domain here>:9000/health

docker compose exec step-ca step ca provisioner add acme --type ACME

docker compose restart

step ca bootstrap --ca-url [https://<domain here>:9000] --fingerprint --install

curl https://<domain here>:9000/health

step ca certificate site.myhost.local site_home_local.crt site_home_local.key

docker compose up -d traefik

docker compose up -d whoami

The true is that i don’t remember very good if the instructions are right, but that is what i have in my notes, anyway you can run almost withouth problems following the instructions in: GitHub - dogukancagatay/step-ca-example: step-ca ACME server example with Traefik

In the DNS case, what will be the setup to work with NS8 Samba AD?

  1. Create external DNS server
  2. Create NS8 Samba Domain and point to DNS server
  3. Point DNS clients (domain clients) to NS8
    ??? that right?

Thanks again.

The Samba AD is always an authoritative DNS for its own domain and it’s accessible by clients.
So in this case you do not need an extra DNS server.

What is the password for: ssh traefik@localhost?

You do not need one.
Attention, the user is traefik1 not traefik.

Sorry, was a typo, but yes, i was trying with

ssh traefik1@localhost

but i got:


What am i doing wrong?

Forget it, i will reinstall and try again, i suppose that i did something wrong.