NS8beta2 | MArtin: my experiences and suggestions for imporvements

Openstack VM

1 Vcpu, 2 GB RAM 20 GB HDD



Alma Linux 9 standard installation ssh
curl https://raw.githubusercontent.com/NethServer/ns8-core/ns8-stable/core/install.sh | bash

Backup Encryption PW


Installation Minio

Setting Minio hostname with http:// or / after the fgdn causes these errors

Minio LE cert is not reflected immediately, is a reboot or login/logout required for main cluster admin for this to be visible?


API server host name:

Web interface host name:

NO LE and LE,
LE takes long to reflect.

Api host server name, redirects to :9001

Create a new Bucket and upload files.,

Share link for file is in format of :

instead of the defined api hostname

the fact that you can define an external/attached storage is a welcome and nice to have feature.

Notification Panel:
i think it would be great if it was possible to clear individual completed cards on this panel.
Also Ability to clear all.
currently only mark as read is available

Samba AD Installed
Much easier to install and configure than on NS7

Adding a second Provider of Samba, on the same domain possible on the same host, but configuring gives config error.

Adding AD domain and OpenLdap Domain on the same domain is possible (),interesting :thinking:

The Edit Domain user Interface is so Huge, i think it can be reduce, since there are not many parameters. ( )


No, there is an error that prevents the certificate request from being issued: failed validation from set-route. It smells like a bug!

Try with another TLD, if possible.

We already planned a Notification panel rework.

An active directory domain controller binds to some well known port numbers (like DNS, kerberos LDAP and so on…), so it is not possible to start two DCs on the same node.

Do you mean to compact the fields layout? We have to ask @andre8244 !

1 Like

This App can not be enabled becaue it makes the server unstable.

i keep gettign this error whenever i download and enable apps from the apps page on NExtcloud.

I am not sure why this error is received for literally all apps i try, could there be somethign wrong?

I have discovered that the cluster admin interface does not autologout a user after some time, it can continue in a loggedIn state for weeks.

is this by design?

Yes the current token lifetime is about 15 days.

is there a settings place to reduce this token to a lower value, so that someone can define it.

its important for cloud facing instances and or those managed on shared machines

The value is hardcoded in Golang code (middleware.go), but I guess it is possible to define a configurable value with a simple PR /cc @edoardo_spadoni

Consider that if you log out, the token is removed from the browser local storage and hopefully there is no way to recover it.

what repercussions does having the token removed have, if the user would just be able to login back again,

Are there other background processes dependant on the token?

No, as said the token has limited lifetime and is used only to obtain cluster-admin usage authorization.

1 Like

I think i might have Encountered a Bug, But i am not sure, could someone help me test this scenario.

WHile Nextcloud interface is open, go to any application instance settings page (dokuwiki, collabora) or others, create configs and save the settings,

While the Update of the settings is still running, try loading anything inside the nexctloud instance, or even load the cluster admin console on a seprate tab, and try running commands.

the Server Freezes, Tieouts, and Gives websockets connetion error
this has happened 2 times already.


I have updated my instance to RC1, it was running both Ldap and Active directory, and so far so goo, all works well

I have been testing the webserver module and i must say, its implementation is extremely interesting, very very interesting.

it has an smtp settings for the sftpgo, could you consider pre-implementing default admin email on the smtp settings, if mail has been implemented on the server?

Under settings, we have HTTP Routes


i am curious about the ports defined, are those internal ports, or external ports.

if they are external ports, does it not then mean on a server sitting behind a firewall, all those ports will have to be whitelisted?

Please see nodes > select nodes, 3 dots upper right → firewall = overview of e.g. all external ports recognised by the firewall on that node.

1 Like

my question is if the VM itself is behind another firewall.

Say youre on proxmox, and using opnsense as firewall, and not all ports are open.

or youre on a cloud provider, with whom you have to open ports to have the server accessible on the open web.

You mean node1 is on proxmox on your location and node2 is in the cloud with a provider on a VPS, and node3 is in another location?

not its just one node.

I am just anticipating a scenario like the one that ports needs to be opened on firewall.

i currently dont have an ns8 instacne with those requirement, but my ns7 instances do have those

Those high ports per app on 1 node do not need any attention from any firewall.

1 Like

Setting a good default timeout isn’t easy; the TrueNAS folks are having problems there as well. But 15 days seems excessive.

1 Like


Can we not make it a setting?