NS8beta2 | Capote: my experiences and questions

I am starting a separate thread here to document my experiences and raised questions.

Attention: I did not use the manual, I proceeded a pure intuitive installation with one exception: the NS8-Install script


Proxmox 7:

Memory: 8.00 GiB
Processors: 2 (1 sockets, 2 cores) [×86-64-v2-AES]
BIOS: Default (SeaBIOS)
Display: Default
Machine: Default (i440fx)
SCSI Controller: VirtlO SCSI single
CD/DVD Drive (ide2): ISOlmage:iso/debian-12.1.0-amd64-netinst.iso,media=cdrom,size=627M
Hard Disk (scsiO):DiskImage:103/vm-103-disk-O.qcow2,iothread=1,size=32G
Network Device (netO): virtio=6E:4A:AO:8A:68:13,bridge=vmbro


OPNSense: DHCPv4 // “static IP”

6e:4a:a0:8a:68:13 ns8beta.home.dargels.de

OPNSense: Unbound-Overrides:

Host override: ns8beta.home.dargels.de
Host: nextcloud
Domain: home.dargels.de

Host override: ns8beta.home.dargels.de
Host: wiki
Domain: home.dargels.de


Standard Net-Installation with ssh-server and curl



PermitRootLogin prohibit-password

NS8 Installation

curl https://raw.githubusercontent.com/NethServer/ns8-core/ns8-stable/core/install.sh | bash

Install log

Successfully installed Jinja2-3.1.2 MarkupSafe-2.1.3 PyYAML-6.0 aiodns-3.0.0 aiohttp-3.8.4 aioredis-2.0.1 aiosignal-1.3.1 ansible-core-2.15.1 ansible-runner-2.3.1 async-timeout-4.0.2 brotlipy-0.7.0 cffi-1.15.1 cryptography-41.0.1 dnspython-2.3.0 docutils-0.20 frozenlist-1.4.0 hiredis-2.2.3 ldap3-2.9.1 lockfile-0.12.2 multidict-6.0.4 packaging-23.0 pexpect-4.8.0 psutil-5.9.4 ptyprocess-0.7.0 pyasn1-0.4.8 pycares-4.3.0 pycparser-2.21 python-daemon-3.0.1 redis-4.5.5 regex-engine-1.1.0 resolvelib-1.0.1 semver-3.0.1 typing-extensions-4.6.3 yarl-1.9.2
Setup registry:
Add firewalld core rules:
Write initial cluster environment state
Adding id_rsa.pub to module skeleton dir:
Add /etc/hosts entries:
Generate WireGuard VPN key pair:
Start Redis DB:
Created symlink /etc/systemd/system/default.target.wants/redis.service → /etc/systemd/system/redis.service.
Generating cluster password:
Generating api-server password:
Generating node password:
AUTH failed: WRONGPASS invalid username-password pair or user is disabled.
Start API server and core agents:
Created symlink /etc/systemd/system/multi-user.target.wants/api-server.service → /etc/systemd/system/api-server.service.
Created symlink /etc/systemd/system/default.target.wants/agent@cluster.service → /etc/systemd/system/agent@.service.
Created symlink /etc/systemd/system/default.target.wants/agent@node.service → /etc/systemd/system/agent@.service.
Grant initial permissions:
Install Traefik:
<7>podman-pull-missing ghcr.io/nethserver/traefik:2.0.0
Trying to pull ghcr.io/nethserver/traefik:2.0.0...
Getting image source signatures
Copying blob sha256:fe568243fd51854aefa667803a62d00dca43e72012450928dea74ac7dd1a7477
Copying config sha256:bc892b520b5f853d383b1a02e0e9cefaf3da3d1f382b6154de296b95e37b662d
Writing manifest to image destination
Storing signatures
<7>extract-ui ghcr.io/nethserver/traefik:2.0.0
Extracting container filesystem ui to /var/lib/nethserver/cluster/ui/apps/traefik1
{'module_id': 'traefik1', 'image_name': 'traefik', 'image_url': 'ghcr.io/nethserver/traefik:2.0.0'}
Setting default admin password:

NethServer 8 Core

Finish the cluster configuration by running one of the following procedures.

A. To join this node to an already existing cluster run:

      join-cluster <cluster_url> <jwt_auth>

   For instance:

      join-cluster https://cluster.example.com eyJhbGc...NiIsInR5c

B. To initialize this node as a cluster leader run:

      create-cluster <vpn_endpoint_address>:<vpn_endpoint_port> [vpn_cidr] [admin_password]

   For instance:

      create-cluster NS8Beta.home.dargels.de:55820 Nethesis,1234

Finally, access the administration UI at:


For instance, if NS8Beta.home.dargels.de is resolvable


Enter the following credentials:

   User: admin
   Password: Nethesis,1234

initialize this node as a cluster leader

root@NS8Beta:~# create-cluster NS8Beta.home.dargels.de:55820 Nethesis,1234
Copy the following command to a worker node to join this cluster with admin's credentials:

    join-cluster --no-tlsverify https://NS8Beta.home.dargels.de 

Post Installation:

Change Admin PW


Backup Encryption PW


Request TLS Certificate


{"context":{"action":"set-certificate","data":{"fqdn":"NS8Beta.home.dargels.de","sync":true},"extra":{"description":"Processing","eventId":"62a5a745-9819-45e0-ac77-e3f989cdc783","logs":{"instance":"traefik1","path":"?searchQuery=&context=module&selectedAppId=traefik1&followLogs=false&startDate=2023-09-13&startTime=13%3A58&autoStartSearch=true"},"title":"Request certificate for NS8Beta.home.dargels.de"},"id":"6613dbbc-5668-4dec-b9bf-49c1e36394b8","parent":"","queue":"module/traefik1/tasks","timestamp":"2023-09-13T11:58:06.770590368Z","user":"admin"},"status":"aborted","progress":99,"subTasks":[],"validated":true,"result":{"error":"","exit_code":2,"file":"task/module/traefik1/6613dbbc-5668-4dec-b9bf-49c1e36394b8","output":{"obtained":false}}}

Installation DokuWiki

Progess indicator freezes at 100%

… but outdated version

Hotfix release available: 2023-04-04a “Jack Jackrum”. upgrade now! [54.1] (what’s this?)

New release available: 2023-04-04 “Jack Jackrum”. upgrade now! [54] (what’s this?)

Hotfix release available: 2022-07-31b “Igor”. upgrade now! [53.1] (what’s this?)

Hotfix release available: 2022-07-31a “Igor”. upgrade now! [53] (what’s this?)

New release available: 2022-07-31 “Igor”. upgrade now! [52.2] (what’s this?)

New release candidate 2 available: rc2022-06-26 “Igor”. upgrade now! [52.1] (what’s this?)

New release candidate available: 2022-06-26 “Igor”. upgrade now! [52] (what’s this?)

Hotfix release available: 2020-07-29a “Hogfather”. upgrade now! [51.4] (what’s this?)


FQDN: wiki.home.dargels.de
Let’s Encrypt (Cert): yes
HTTP to HTTPS: yes


  • No LE-Cert (DEFAULT CERT for “host-28671.ns8.test”)
  • Webstite starts
  • http to https works

create internal domain (Samba)

Domain: adns8.home.dargels.de (expl.: ad.home.dargels.de still used by also running NS7-VM)
NetBIOS domain: DAHO (expl.: defined within OPNSnse)
Choose Samba admin username: administrator
Choose a password for Samba admin user:
Re-enter Samba admin password:
Hostname: dc1
Provide file shares and authentication to Windows clients: Enabled
Provider IP address: Choose → - ens18 (enp0s18)

the same like cluster node?!

Creating groups:

DokuWiki - to assign Dokuwiki User
NextCloud - to assign NextCloud User

Creating shares

NC-Data ACLs

  • Domain Controllers: Special
  • NT AUTHORITY\SYSTEM: Full access
  • BUILTIN\Administrators: Full access
  • Domain Admins: Read and write
  • Everyone: Read only

Change permissions:


  • Domain Controllers: Special
  • NT AUTHORITY\SYSTEM: Full access
  • BUILTIN\Administrators Full access
  • Everyone: Read and write

NextCloud Installation

Progress indicator freezes also like Dokuwiki


  • change PW: done
  • hoste name was prefilled with nextcloud.home.dargels.de (but I am not sure if only proposed or defined, therefore redefined)
  • Let’s Encrypt Certificate: yes
  • User Domain selected: adns8.home.dargels.de


  • LE-Cert not povided, only default cert host-28671.ns8.test
  • Website reachable, login with admin user possible
  • german localization of the site although english is preset in the admin profile.
  • welcome screen is empty

just give hints or testing tasks

1 Like

Hi Marko,

I will join you.


1 Like

Question1: How to backup if no such backup repository available

…especially on Synology NAS?

Question 2: Which software modules are essential or recommended? Does the old saying still apply “What you don’t know, you don’t need”?
Because I don’t know something about Grafana, Prometheus, CrowdSec and node_exporter and cannot recognize use cases.

Or does the new wisdom “better to have than to need” apply?

i think another question that can be asked about the modules would be.

Is there a given order to installing any of the Module? , or whichever order is ok and all will just align

1 Like

1st Summary:

Installation and initial configuration in a time frame of 2 hours with an intuitive procedure without a manual.



Question 4
How to update Software Modules? Using the internal updaters like in NextCloud or updating via Software center like in NS7?

Question 5: …probably the most stupid question ever… Where is the switch to reboot the node in cluster-admin?


You should go with the “S3 compatible provider”. Maybe your device already provides a S3-compatible service, or it has a Docker add-on and you can run MinIO on it.

There is no exhaustive answer. Core modules already provide the basic platform features to run the modules available in the Software Center. There are still many things to improve, for instance the services monitoring. We are working on it.

Question 3

No ordering is required. You can install many modules at the same time, there is no limit until you find a bug!

Software Center, like NS7 if not permitted otherwise.

As there are no UI managed OS updates, there is no UI reboot button in Beta 2. We are still fighting over that :smile:


Unless you’re a developer, don’t run that command. Go to https://.../cluster-admin/ and follow the UI instructions.

Post-installation steps are documented here. Please read it! Installation — NS8 documentation

:thinking: I also noticed this regression. It is a maybe-bug we must investigate.

Thank you for reporting it!

Edit, card added Trello

But it seems to work. Is it just not recommended or a real mistake that I need to correct, for example by reinstalling?

Yes it works but the UI procedure also guides you through more setup steps:

  • change the default password
  • set fqdn correctly
  • review vpn setup
1 Like

Did you noticed the issues?



  • No LE-Cert (DEFAULT CERT for “host-28671.ns8.test”)



  • LE-Cert not provided, only default cert host-28671.ns8.test

The domain is not registered in public DNS: for sure, Let’s Encrypt can’t provide a certificate for it!

$ host wiki.home.dargels.de
Host wiki.home.dargels.de not found: 3(NXDOMAIN)

See TLS certificates — NS8 documentation


35% of a successful server install is… preparation.
Thus why i suggest to put into “server tasklist installation” as second step: FDQN.
First one is “password”. Not the “personal default one”.

Why first? Because the “i’ll do later” schedule usually fails blatantly.

1 Like

If you have already registered in DNS, some time must pass before it will be seen (from tens of minutes to several hours).

1 Like

You are right. In the public DNS I only registered home.dargels.de

wiki.home.dargels.de are only defined in OPNSense

I have not yet looked into how to generate an LE Cert for an internal IP address. I can’t point to an internal IP in the public DNS.

Question 6: How to set up one (or several different) vhost(s) + related Maria DBs to deploy multiple WordPress sites with different domain names?
I cannot find any Information in the docu.

Question 7: Will it be possible with NS8 to configure the mail server with multiple mail domains properly also with differentiated assigned mail users? Or must be practiced again the work around as in NS7? How to setup it in NS8Beta2?

Question 8: Will the migration script support migration of NS7 installations configured to different vhosts + related DBs with different domain names and different mail domains ?

1 Like