this is a huge one, an i am also watching on this one.
ability to setup a totally seprate domain, with its own seprate users, would be a great feature. trust there are even single companies, complex enough that require this.
even sometime, i can be running a small business, with my home users, but also use the same server for my personal home domain users and emails…
Since Let’s Encrypt queries only the authoritative nameservers, it shouldn’t be anywhere close to this long–if it is, you should really consider a different DNS provider.
That will definitely be a problem.
Let’s Encrypt doesn’t issue certs for IP addresses, only for public fully-qualified domain names. And unless NS8 supports DNS validation out of the box (which I haven’t seen evidence of), those public FQDNs will need to be accessible from the public Internet.
I registered the relevant DNS records on my public DNS Provider.
NS8 no longer reports an error when generating the certificates.
However, the server delivers only the default certificates.
The same applies to the TLS certificate of the node1 NS8Beta.home.dargels.de
Not quite sure about question 3. With underlying debian 12 in virtualbox and NS8 alpha I made the experiance that modules which need mariadb will not be installed correctly if mariadb is not already installed. I started over and before anything doing else (after the post-install steps) I installed mariadb. Then nginx and after this nextcloud. No errors at all. Can’t tell why… just report.
Your fqdn can be joigned from outside ?
Do you have opened tcp80 port in your firewall and pointed to the ip of your ns8 ?
Web migration won’t be supported yet at least we cannot know what is the database you use for your website. This is the main reason. Mysl which version, postgres, others
The best practice would be to get one mariadb instance for each website but the contrary could be good also one mariadb for all.
I see no issue to get vhosts to store wordpress at all, the only difference is the concept of mariadb containers. To upload websites you can use directly sftp or sftpGO if you need a UI
To ease the migration the mailserver works like NS7 for now
Normally, I pointed port 80 and port 443 to my NS7-Installation. For test purposes, I changed it to the NS8-IP.
At the upstream DSL router the ports were forwarded to OPNSense. I have checked this again.
But the requesting of the TLS-Certificate still fails.
{"context":{"action":"set-certificate","data":{"fqdn":"NS8Beta.home.dargels.de","sync":true},"extra":{"description":"Processing","eventId":"1bdeb310-2f02-4384-8ecb-2073af1951ee","logs":{"instance":"traefik1","path":"?searchQuery=&context=module&selectedAppId=traefik1&followLogs=false&startDate=2023-09-19&startTime=08%3A23&autoStartSearch=true"},"title":"Request certificate for NS8Beta.home.dargels.de"},"id":"bb71a2eb-27aa-4066-a4eb-cee1b514a700","parent":"","queue":"module/traefik1/tasks","timestamp":"2023-09-19T06:23:14.400807858Z","user":"admin"},"status":"aborted","progress":99,"subTasks":[],"validated":true,"result":{"error":"","exit_code":2,"file":"task/module/traefik1/bb71a2eb-27aa-4066-a4eb-cee1b514a700","output":{"obtained":false}}}
And although the generation of the TLS certificate failed, I tried Dokuwiki and NextCloud.
Oh wonder: there the LE certificates are provided correctly.
And although the generation of the TLS certificate apparently failed, I called the NS8beta-URL.
Oh wonder, the LE certificate was provided correctly after all.
Even after refreshing the web pages of the cluster admin page, the TLS certificate deployment is declared as unsuccessful.
Since I run both NS7 and NS8 in parallel in PVE, however, I now have a higher-level question.
How do I deal with the fact that I can only ever assign a single IP to the port, although several servers must be accessible on port 80/443.
Now I am unsuccessfully looking for ways in the UI to create vhosts, customize memory allocation, PHP versions, etc. as one is used to in NS7.
Am I overlooking something or does the UI need to be developed first?
Am I right: it is mandatory that I use ngix as web server? It is not possible to use Apache?
this was already present with NS7, a port can be opened to only one IP, if you want several server web, you need to put a reverse proxy in front, in charge to ask and retrieve ssl certificate
LE challenge verify on the FQDN you reclaim a certificate that a server web is reachable on 80, if not the certificate is not build and sent to you
actually the server web is nginx, no plan for apache but a fork could be done, however all the configuration templates must be changed
hum did you installed webserver ?, did you check the advanced menu inside each virtualhost ?
I had nginx at all not on the radar, since I had always worked with Apache so far. In the meantime, I have seen the module flashing on my radar screen and have just installed and configured it.
Without really being able to estimate the consequences for my existing web servers and WordPress projects in the context of a migration, I see some headache coming my way.
It may be worthwhile to develop, test and document a separate use and migration case. I don’t think I’m the only one who has a lot of questions about this that I don’t know the answer to.
@michelandre what do you mean?
…and promptly I fell into the trap.
I changed the administrator PW and at the same time restricted the IP whitelist to my local LAN, since the login page is accessible from the Internet. Now I am locked out.
login from IP 10.0.2.100 not allowed
Would it be possible to configure not only within SFTgo-WebAdmin, but also in cluster-admin directly?
Please reformulate your issue and steps you did I do not understand
Yep it should be good to write some documentations on it but also develop a postgres container
I have no access to my vhost and cannot change the IP-white list to get access again.
Therefore, I thought it would be helpful to be able to do the configuration from “outside”.
