Server for a Teen Community

I’m working with a community that supports about twenty teenagers with various social problems.
I need to implement a network to run basic courses on PC in a professional context simulating their use in companies.

Given the nature of the community, no Internet access is permitted, except for strictly technical reasons such as the time needed to update the systems.
Given my limited time, I can’t dedicate much of it to implementing servers, firewalls, and other services.

So, I was thinking of implementing an “SMB” server that natively incorporates:

• folder management to simulate the sharing of files saved by students
• a mail and chat server to simulate communication between offices
• possibly a web server to simulate and manage internal documentation between departments.

Although I have thirty years of experience with Debian and Ubuntu servers and CMS, I need something “out of the box” that only requires configuring services, users, folders, etc.

I don’t have a budget I can rely on right now.
The four PCs are all Xubuntu, while for the server I’m evaluating something extremely inexpensive on which to install the “SMB system.”
I only have a small server with an older ASrock FM2A85X with a dual-core AMD CPU, 16GB DDR3 RAM, 7 SATA ports, 1 SSD, and 4 WD 1TB HDDs.

As I mentioned, the Internet will always be disabled in the classroom, but the presence of a firewall will allow me to run a simulated In/Out protected access with VLANs and user group rights.
I was thinking of installing OPNSense separately, but if it can be managed with an integrated firewall, my job would be easier.

I’ve worked with SMEServer on CentOS in the past, but that was over 10 years ago.

I’d also appreciate advice on which apps to install.

The course will last approximately 4-5 months, and there will be no more than 6 PCs connected to the network.

Thanks in advance.

Hi @DarkCorner ,

welcome to NethServer Community!

What’s the size of the SSD?
NethServer 8 usually needs fast disks (at least SSD), see System requirements — NS8 documentation
HDDs for data volumes can be used additionally but it needs to be setup manually, see also NS8 Add storage path setting like in minio to other apps - #10 by davidep

NS8 itself needs internet access to be able to pull the app packages.

The NS8 firewall is a basic protection for the services running on NS8 so I don’t think it will fit your needs.
There’s also NethSecurity, a separate firewall product that’s simple to setup (in comparison to opnsense), see Introduction — NethSecurity documentation

NS8 has a different design, it’s a containerized application server using podman now, see also Introduction — NS8 documentation

• Install a Samba user domain including fileserver (enable “Provide file shares and authentication to Windows clients”), see User domains — NS8 documentation
• Install Mail, see Mail — NS8 documentation
• Install Ejabberd as chat server, see Ejabberd — NS8 documentation
• A multi-site web server based on Nginx is available, see WebServer — NS8 documentation. If you prefer Apache, there’s also ns8-lamp. As it is about documentation, you may also like Dokuwiki.

The apps can easily be installed via Software Center and configured in the Web UI (cluster-admin)

There’s also a Wordpress app if you need a CMS too.

If questions arise, feel free to ask.

I’m sorry for delivering unpleaseant evaluation.

With that computational power, NS8 is not a good choice.
Ram quantity is quite good, but the FM2-era AMD CPUs are far from being powerful or efficient, so the container approach of NS8 will consume a lot of computational power and a lot of disk space.
Also, with NS8 you must deliver a separate firewall device, and with a dual core CPU virtualization seems not the best choice.

However, if you are in the situation for have a separate firewall system, OPNSense or NethSecurity, your current hardware could manage quite well NethServer 7, using the “install on CentOS 7” approach.

This should deliver the opportunity to create the array before, and mount it as the default nethserver folder mountpoint (i don’t remember which one is). This suggestion works only if you’re installing in a server-only role

Remember: the software and underlying OS is out of support since july 2024! In no way this system should be accessible directly from internet.

While NethServer 7 could run almost on 15-year-old hardware, NethServer8 needs more grunt in any aspect:
-computational power (quad core is closer to default than reccomended)
-ram availability (containers while requiring less ram than VMs, need way more ram than services/packages)
-disk space (containers while requiring disk occupation than VMs, need way than services/packages)

So if you can harvest a “not that old” PC that cannot run Windows 10 (4-5th gen Core) could be a good alternative; I would not choose any Ryzen-1000 generation because… are quite rough on the edges, while being a completely different sport compared to previous AMD CPUs.

Keep us posted, if you can

Thanks for your reply, I’ll try to answer my own.

First, I’d like to clarify the context.
They’re teenagers (and therefore it’s already difficult to manage them), but they also have several previous problems.
The community doesn’t want them to be able to interact with the outside world without some sort of filtering from the operators. For this reason, they’re not allowed to use a smartphone or access the internet.

However, I can manage the classroom with limited access for technical reasons only. I could also envision a more sophisticated management system where the connection is always present but with filters to prevent the boys from using it.
However, I find it easier to activate it only when needed for installations and updates, disabling it completely when not needed.

The community’s request is for simple “office” courses.

My proposal is to create a corporate context instead, with shared folders, personal mailboxes, and group chats.
This way, training wouldn’t just be provided on the application package (we’ll use LibreOffice), but on how to use it professionally.

A firewall could teach students that not everything in companies is “open” and that some people can do more (for example, a marketing department) and others can do much less.

The web server could therefore simulate an external server that some can access and others cannot.
A web server that is always accessible (a Wiki or a second CMS) could instead teach them how to build something together.

The server I currently have is a TrueNAS SCALE that isn’t being used; it has the OS on a 128GB SSD and 5 HDDs with ZFS in RAIDZ1, and another free slot for an additional disk.

Given the expected low usage, I hope the hardware specifications are sufficient.

In that case, I’ll have to reset everything and install NS8 Community.

It’s not a problem to then install Samba, mail, and other services.
However, I’d like to limit myself to configuring users, rights, folders, mailboxes, etc.
I don’t have the time to configure Samba, Postfix, etc. like I would on a Debian/Ubuntu server.

Where are you/they located in this world? (where does the server live)

The requirements are 2 vCPU/cores, x86-64 architecture, see System requirements — NS8 documentation

I still have an old HP Microserver G7 with some AMD CPU where I could test NS8, do you think a test on it is valid for this case? See https://www.hpe.com/psnow/doc/c04111672

I installed and configured the needed software on a test server and it needs 17 GB (of course without data) so I think disk space is no issue at all:

Software:

[root@node ~]# ls /home
dokuwiki1  ejabberd1  ldapproxy1  loki1  mail1  mattermost1  metrics1  samba1  traefik1  webserver1  webtop1  wordpress1

Used disk space:

[root@node ~]# df -h /
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda5        39G   17G   23G  43% /

Do you want to use mail clients like Thunderbird?
Following webmail clients are available in NS8: Roundcube, SOGo and Webtop.
Webtop can integrate Ejabberd, see WebTop groupware — NS8 documentation
Also Nextcloud supports webmail via an app, see Mail - Apps - App Store - Nextcloud
It’s also possible to use Mattermost for chat but it doesn’t support the Samba user domain so you need to create the users…

Proxmox and VMWare ESXi 8+ are supported if you like virtualization.

You can install NS8 and all apps without needing to go to CLI. The apps are preconfigured to each other. Dokuwiki, Ejabberd and Webtop are using the Samba AD so users just can login.

@mrmarkuz thanks for sharing your experience.

I don’t know how much you’re satisfied with this setup, how many users it serves and how are the performances evaluated.

Because the OS and NS8 are just the … roads for make the applications run.

Benchmarks are not the most real thing for measure performances, however…

while delivering an excellent (for the time) power efficiency, Turion are a “bit underpowered”, in my opinion.
Works for your environment? I’m really glad! Consider the opportunity to write some article about what this solution achieved, which problems solved and which envirnonment are not fit that hardware.

Thank you for your answer.

Maybe I didn’t formulate well but it’s not about my environment at all. I don’t use the HP G7 anymore.
I’d like to help @DarkCorner with his environment.

In my point of view you are a hardware expert so I just wanted to know if it’s a valid test scenario when I test NS8 on my old G7 to check if it can work for @DarkCorner

But I checked it now for myself and I think it’s not a good test because for example the AMD A4 5300 seems faster and newer than the AMD Turion II

Hardware expert is a bit of overstatement for my knowledge.

For A4-5300, like many other silicon from that time of AMD, issue is… this.

Cores: 2 (in 2 physical modules)

Ad that time, AMD tried to deliver two CPUs in the same package selling them as “dual core CPU", but unfortunately the interconnection and the process optimization of that kind of arrangement needed to be improved for performances (interconnection) and the branch prediction needed optimization not big… huge time.
Switching from Windows 7 to Windows 8 mean a lot for APU users, but still an underpowered CPU.

At that time, Intel started deliver Haswell, 4th gen Core, and at begginning of 2012 Ivy Bridge was the new kid on the block.

Comparing A4-5300 with two i3s of that microarchitecture well… could be painful.

Anyway, the integrated GPU of AMD APU was far better than the one provided by Intel, but the rest… not the same league.

Gear shift of AMD started with Ryzen, and in three generation Santa Clara was… in trouble.

I found another G8 Microserver which I think is comparable, so I tested to install Proxmox 9 and NS8 and I think it’s workable for your needs @DarkCorner

HP ProLiant MicroServer System G8 BIOS J6 04/04/2019
CPU: Intel(R) Celeron(R) CPU G1610T @ 2.30GHz
Disk: Samsung SSD 870 QVO

image2289×733 140 KB

RAM: 8 GB

image2436×1237 278 KB

Installation notes:

• Prepare Proxmox USB boot stick with etcher or dd
• Install Proxmox 9
• Add no-subscription repo and update Proxmox 9
• Install NS8 on Proxmox and set the VM to 2 cores and 4 GB RAM

  PRXVMNAME=NS8Test
  PRXVMID=100
  PRXSTORAGE=local-lvm
  PRXRAM=4096
  PRXCORES=2
  wget https://tinyurl.com/ns8-rocky-qcow2
  qm create ${PRXVMID} --name "${PRXVMNAME}" --cpu host --scsihw virtio-scsi-pci --ostype l26 --cores ${PRXCORES} --memory ${PRXRAM} --net0 virtio,bridge=vmbr0 --agent 1
  qm importdisk $PRXVMID ns8-rocky-qcow2 ${PRXSTORAGE}
  qm set ${PRXVMID} --scsi0 "${PRXSTORAGE}:vm-${PRXVMID}-disk-0"
  qm set ${PRXVMID} --boot order=scsi0
  

• Setup (wildcard) DNS record for the NS8 domain name
• Setup user to access via SSH: useradd -G wheel markus; passwd markus
• Create single node cluster
• Enable NethForge repo for webserver

Install and configure following apps:

• Samba User Domain and create users/groups and a share
• Mail
• Ejabberd
• Mattermost and create a user
• Webserver and create a virtualhost and upload phpinfo.php for testing
• Webtop
• Dokuwiki
• Lamp
• Wordpress

Video of booting and a working NS8:

@DarkCorner many people are putting a lot of efforty. You seem to be non responsive?

i think this sentiment, echoes a message i raised ealier, there is need for a full on Setup walkthrough video for NS8, from installing on cli, setting up repos, installing and configuring, core apps like mail, etc.. very necessary

I think @DarkCorner just wanted to point out that he needs some simple-to-configure server like NS8 without needing to go through the whole setup of every single service like in other distros so I’m not sure if it was a wish for a video.

BTW, no one’s stopping you from creating a video

Just for the fun of it, I just asked deepseek this:

”Give me an example on how to start installing and configuring Nethserver 8 up to the point where a user can login to their mail”

And it came up with this. Refining the prompt will get better results.

My point being that one can be a little creative and come a long way easily. Video’s are soooo 80-ties

If the OP was happy with an original SME server, IMVHO he should not switch to the orchestrator NS8. Totally different. Discussed many, many times in this forum.

Take the NS7, freeze it, you’ll be happy. Last SME from nethesis. Easy to setup and maintain. I’m still running several NS7 in production. Easy, fast and reliable. In front install an OPNsense. Fits exactly to your needs.

EDIT: if you have doubts read this: Replacing NethServer-7 (maybe it answers your original question also)

Everybody is free to use whatever (s)he likes, it’s just a recommendation and it seems to work on the old hardware.

I also have some NS7 still running but I think that a fresh installation of an EOL system is not a good way.

For example I’m currently fighting to make clamav work again on NS7 as the virus database update doesn’t seem to work anymore. A current clamav version doesn’t work anymore due to old glibc of CentOS 7 so I’m trying it with docker…

We actually have them in the pipeline, watch out this space.

yet billions spent on ai video slop, some are actually great.

Very true, ussually you keep and maintain a working system, but if its EOL, dont do a fresh install, unless its absolutely necessary.

I think, the most pain for most people is, with NS8, once you isntall NS8 on the server, you cant use it for anything else,
i doubt that to be the case, and maybe we can showcase that, some other os level needs can still be catered for on he same server, with NS8 involved, potentially, if they are fornt facing, ability to roue using NS8 traefik, to the installed items..

Ofcourse, the user must absolutely know what they are doing.

It’s still possible to install software on Rocky/Debian as long as it doesn’t conflict with podman and doesn’t require web ports 80/443 as they’re in use by traefik. As you said, if you install webapps, traefik can be used for certs/routing.

Of course it would be a better approach to install scratchpad or one of your nice docker/podman management apps and run custom services the podman way to keep the host system clean and manage software with NS8/podman only.

If I may…

Considering you are a small medium enterperise - SME - NS8 is like shooting with a bazooka on pigeons.

I guess that > 80% of small medium companies don’t need, and don’t want

• IT professionals for maintaining
• to be dependend on a permanent internet connection
• bigger and newer hardware as necessary
• more than only the fundamental needs to be covered for (by) their IT
• …

Things you can’t do for your own, you have to pay for. SME’s are not listed on the NYSE, DAX, Nikkei, etc… In this small companies usually IT is covered form only one person (often the CEO or the entrepreneur). It’s not a department. It’s not a full time job. There are other things to do. It has to be simple stupid and fool prooved. Shoot and forget. Money is made elsewhere. Surely not with IT. No money “to waste” for external consulting in IT.

Now what I see - nethesis is a company and is offering a free community NS8 orchestrator. They don’t have to. Probably the try to catch as much as possible use cases and bugs form the community for their real business. That’s o.k. for me. You take and you give back while testing and reporting. To be fair, using such a software (for me NS7) for free is not o.k. in business. Therefore subscribe to a plan which fits to you. That’s fair.

I guess you are your own IT company and you are offering your services to anyone who is willing to pay for.

My use case is different: I don’t want to be a customer for any IT service. For my company it’s enough to deal with M$ and any software (pretty much licenses to buy) I need to have on the desktop PC’s.

And here we are: in a forum like this you have private home family users, in former times I guess more SME admins for their (own) companies, some re-sellers or partners, and professional IT consultants (from nethesis). In other words - be careful who’s advice you buy. It always depends on your needs…

Back to the OP. I understood he spents very little time maintaining the SME server. I understood money and resources are limited. I understood he did it without an IT professional. BUT - it worked.

Can he do this in the same way with NS8?

AFAIK - no.

Yes - everybody is free to choose.