Base system (new)¶
The documentation of the Server Manager is available at Base system.
This chapter describes all available modules at the end of installation. All modules outside this section can be installed from the Software center page.
The default installation includes the following main modules:
While the root user can see all configuration pages, access of each section and application may be also delegated to specific users. See Role delegation.
Many Server Manager applications use netdata to display useful charts. Since netdata is not installed by default, you can install it from Software center.
The System page is the landing section after a successful login. The page will display the status and configuration of the system.
From the system dashboard, the administrator can:
- change the machine FQDN and server Alias
- set upstream DNS servers
- configure Date and time
- customize the organization details
The basic system includes also:
- Server certificate
- Users and groups
- TLS policy
- DHCP and PXE server
- Trusted networks
- Disk analyzer
Besides all features available in the old Server Manager (see Network), this page allows to:
- check network status with integrated diagnostic tools like ping, trace route and name lookup
- create a logical network interface without a role: such an interface can be used later in other modules like Dedalo hotspot
A service is a software running on the firewall itself.
Each service can have a list of “open” ports accepting local or remote connections. To control which zones or hosts can access a network service, see Firewall and gateway.
Existing services can be started and stopped directly from the Services page.
The storage section configures and monitors disks. The administrator can mount new local or remote disks, manage RAID arrays and LVM volumes.
The ssh page displays the number of current SSH connection. From this section the administrator can change the OpenSSH listening port, disable root login or password authentication.
The settings page allows the configuration of some options which could impact multiple system applications.
Many system applications, like cron, can generate mail notification. If the server can’t directly deliver those mails, the administrator can configure a SMTP relay. When the smarthost is enabled, all mail messages will be delivered to the configured server.
As default, notifications are sent to the local root maildir. The administrator can change the root forward address adding one or more mail address to the Destination field.
It’s also a good practice to set a custom Sender address: messages from the root user (like cron notifications)
will be sent using the specified address.
A good value could be:
<domain> is the domain of the server).
If not set, messages will be sent using
root@<fqdn> as sender address.
As default, access to the Server Manager is granted from all firewall zones. From this section the administrator can restrict the access to the Server Manager only to a list of trusted IP addresses.
All log files are managed by logrotate. Logrotate is designed to ease administration of a large numbers of log files. It allows automatic rotation, compression, and removal of log files. Each log file may be handled daily, weekly, monthly.
The administrator can set logrotate defaults from this page. The configuration will apply to all applications. But please note that some applications can override such configuration to meet specific needs.
Most Server Manager pages can display some configuration hints to help guide the administrator on a better system configuration. Hints are just suggestions and can be disabled from this menu.
The settings page also includes a panel to let users change their password, including the root user.
The system provides an indexed log named journal. Journal can be browsed from this page: messages can be filtered by service, severity and date.
The Applications page lists all installed applications. An application is a Server Manager module usually composed by multiple pages including a dashboard, one or more configuration sections and the access to application logs. A click on the Settings button will open the application.
There are also simpler applications which include only a link to an external web pages. To access such applications click on the Open button.
The administrator can add shortcuts to applications which are frequently used. Applications with a shortcut, will be linked to the left menu.
Only root user has access to this feature.
Add to home page¶
Launcher is an application of the new Server Manager available to all users on HTTPS and HTTP ports.
The launcher is accessible on the server FQDN (eg.
https://my.server.com) and it’s enabled if
there is no home page already configured inside the web server (no index page in
Installed applications can be added to the launcher by clicking on the Add to home page button. All users will be able to access the public link of the application.
Only root user has access to this feature.
To remove an installed module click Remove button on the corresponding application.
When removing a module other modules could be removed, too! Read carefully the list of affected packages to avoid removing required features.
This feature is not available in NethServer Enterprise.
Execute a standard shell inside a terminal directly accessible from the browser. The shell and the processes will run with the user privileges.
On complex environments, the root user can delegate the access of some section to specific groups of local users.
A local user can be delegated to access:
- one or more pages of the System section
- one or more installed applications
- one or more main sections between Subscription, Software Center or Terminal
Role delegation is based on local groups, each user belonging to the group will be delegated. Users inside the domains admins are automatically delegated to all panels.
To create a new delegation, access the User & Groups page under the group section, then edit an existing group or create a new one. Select one or more items from the System views and Applications menus.
Even if a user has been delegated, it must be explicitly granted the shell access before being able to log into the Server Manager.