Now that ClearOS 7.6 has been released to Home and Business, it is time to start looking at the next round of fixes and updates. Please list here your pet bugs and features you'd like to see fixed in the immediate future. Features should really be limited to product tweaks or minor enhancements and not massive new packages.
Here are a few for starters (in no particular order):
This thread will become an agenda item for Saturdays' Community Meetings
Here are a few for starters (in no particular order):
- In OpenVPN, give the downloaded ovpn file the option of having certificates embedded in it.
- Update Nextcloud Complete to Nextcloud 17, under development for Nextcloud 18
- Sanitise logging (some work has been done for 7.6 but there is more to do) - OpenLDAP, general PAM requests, arpwatch bogons and "bad hardware format" etc (which others?) Some done, (arpwatch bogons and "bad hardware format") - which others are needed?
- Review configuration backup - many settings are missing and the restore does not work in some cases/ for some items (flexshare and webserver folders not created, AD Connector) I have pushed some updates and am pushing more as I come across them.
- ClearGLASS does not see renewed Let's Encrypt certificates Complete
- Add update for postgrey_whitelist_clients Complete (now releasing app-greylisting updates)
- Add Attack Detector option to whitelist LAN's
- Kopano Update (including z-push) - from Patrick de Brabander Done
- SASL Authentication through the SMTP Mail Server - from Richard George. +1 from me!
- Docker/Podman support - from Marcel van Leeuwen
- OverlayFS support - from Marcel van van Leeuwen
- Enhanced Account Manager app - from Patrick de Brabander
- One-click push default gateway for OpenVPN - from Patrick de Brabander and Eric Anderson In testing
- More configurable Kopano backup location - from Patrick de Brabander
- Fixed Client IP's in OpenVPN - from Sandbo Chang
- Easy way to change WAN MAC address - from Sandbo Chang
- Commonise list of files to backup in app-bmbackup and app-configuration-backup - from Richard George Complete
This thread will become an agenda item for Saturdays' Community Meetings
Share this post:
Responses (79)
-
Accepted Answer
Update Kopano packages and z-push and keep it updated regular. (Or use the Kopano repos)
Adding the z-push repos was already planned i believe (https://www.clearos.com/clearfoundation/social/community/kopano-basic-upgrade-to-8-4-5-0-and-webapp-3-4-2-available#reply-235341) -
Accepted Answer
SASL authentication to the SMTP server - it's uncontionable there's no remote secure authentication for mobile devices! I have it working in a COS6 box but ...!
I use DuoCircle as the provider side of my mail (kopano) server, and I want passwords to be passed between mobile devices (iPhones etc), my SMTP server and DuoCircle's server encrypted! It used to be possible with a COS6/SMTP/Zarafa setup, so why is it broken in COS7??!! I purchased kopano as a direct replacement for Zarafa to upgrade my COS6 server - never for one second did I expect to be taking a massive step backwards(!) - so much so that I'm now actually thinking of sticking with the old server and asking for a refund on the kopano licence as -at the moment- it's completely useless if I can only RECEIVE emails securely, and not send them without risking sending unencrypted passwords over the net.
Needs looking at and fixing immediately. Yes I can go straight to the DuoCircle servers if everything is setup as IMAP/POP/SMTP, but the whole point of Zarafa/Kopano was to retain AirSync/ActiveSync access, and to leave those accounts with IMAP/etc access as they are and just accept new certificates. As it stands, I've got to go round a couple of dozen devices completely reconfiguring them.
Not particularly impressed at this point. -
Accepted Answer
@RIchard, I agree authenticated relaying through an ISP or external SMTP provider should be available through the webconfig - especially as I use it.
Please can I suggest you open a thread with your issues as it should be possible to solve them through the command line. Relaying SMTP with authentication is a Postfix/SMTP function and should have nothing to do with Zarafa/Kopano as they use Postfix to send e-mails. If you could do it in 6.x the set up is the same in 7.x. See this HowTo.
It is easy to send e-mail from a mobile/external device securely. SMTPS is operational by default on port 465 and it is trivial to set up STARTTLS on 587 as well. See More anti-spam and e-mail defence measures.
It is possible to take things one stage further and implement Let's Encrypt certificates for Postfix and Kopano. -
Accepted Answer
My wishes are scheduled for ClearOS 8.
My 2 big wishes are Podman/Docker support. Also some kind of overlay filesystem which merge directories together. With this I can convert my unRAID server to a ClearOS server.
Edit: OverlayFS is merged into the kernel at version 3.18. RHEL 8 use kernel version 4.18?
Based on Fedora 28 and the upstream kernel 4.18, Red Hat Enterprise Linux 8.0 provides users with a stable, secure, consistent foundation across hybrid cloud deployments with the tools needed to support traditional and emerg
-
Accepted Answer
-
Accepted Answer
@Patrick, not so easy, I think. App Policies are just groups so by going in by App Policies is a way of adding users to groups. The Extensions are not Groups and are separate sections in the User Manager, often with different configurable items. I'd guess each app with an extension would need a separate widget which presented, for example, a table with the username on the left then the configurable features of the policy across the top. -
Accepted Answer
More options in OpenVPN setup GUI. I would like to be able to set the network and mask, set route vs nat, etc.
The options mentioned in the help guide: https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/ -
Accepted Answer
Eric Anderson wrote:
Thanks for your input.
More options in OpenVPN setup GUI. I would like to be able to set the network and mask, set route vs nat, etc.
The options mentioned in the help guide: https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/
As I understand it, OpenVPN currently routes and there is already an feature request to NAT at the click of a button.
Currently OpenVPN selects all LAN subnets (LANIFS) and anything in EXTRALANS in /etc/clearos/network.conf. What are you looking for? Are looking to be able to select the subnets routed? Or are you looking to be able to select the subnet OpenVPN uses for its own traffic? -
Accepted Answer
Nick Howitt wrote:
@Patrick, not so easy, I think. App Policies are just groups so by going in by App Policies is a way of adding users to groups. The Extensions are not Groups and are separate sections in the User Manager, often with different configurable items. I'd guess each app with an extension would need a separate widget which presented, for example, a table with the username on the left then the configurable features of the policy across the top.
Hi Nick,
I think it can be easy.
Look at the other apps which you can enable or disable
When you check at the users page, you can enable of disable Kopano, Owncloud, etc...
So a check box in account manager can be linked to this (or some thing....) -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Richard George wrote:
What is the criticality on this? is it that you don't want to use normal connections to the ical server or is it that normal connections do not work any more?
There is a (minor but important) bug in Kopano - ICALS is not enabled.
Line 26 in ical.conf needs changing to ...
# whether ssl connections can be made to the ical server
icals_enable = yes
-
Accepted Answer
Normal (I assume you mean 'clear' or 'unencrypted') connections work (the port 8008 option), but the secure port (8443) as advertised on the app's configuration page (see pic) doesn't work because this option is disabled (the fix). Disabled incidentally, is the default. I discovered this back in C6/Zarafa days, but never raised the observation. I mention it only because you asked about 'bugs' - although I agree it's an arguable one.
As far as criticality is concerned, it can be argued that as the app gives this option, it should be enabled, but from a security viewpoint, I think it's an important consideration. Like I say, it's a one word change. I've already enabled it in my configuration, so all my back/forth between PC etc and server is encrypted. -
Accepted Answer
-
Accepted Answer
Eric Anderson wrote:
More options in OpenVPN setup GUI. I would like to be able to set the network and mask, set route vs nat, etc.
The options mentioned in the help guide: https://openvpn.net/vpn-server-resources/reach-openvpn-clients-directly-from-a-private-network/
Maybe a nice feature to add is : Routing all client traffic through the VPN on client side
https://forums.openvpn.net/viewtopic.php?t=21476
I've addded this option manually, but would nice if this was an option in the webconfig menu -
Accepted Answer
Patrick de Brabander wrote:
Already a feature request
Maybe a nuce feature to add is : Routing all client traffic through the VPN on client side
https://forums.openvpn.net/viewtopic.php?t=21476
I've addded this option manually, but would nice if this was an option in the webconfig menu -
Accepted Answer
Here is my list based on things I have done for people;
1. Out Of Office setting in email settable by the user.
2. Hardware RAID monitoring and email notification (ClearOS 5 had this).
3. 10gig network card support.
4. Web management of Virtual Servers.
With Virtual Servers the use case is when the client has an old machine that they insist has to be kept running because it's the only one that can run some old program they still use, typically accounts. Accounts such as SAGE only run properly on Windows machines. I could either set up SAGE in a Windows VM or have a VM running as a Windows file server just for Sage.
I know it's a bit cludgy but it looks neater to the client if their fancy new server can eliminate the need for these old bits of hardware cluttering up the office.
Oh yes a vote for Docker but only if it's really simple from the front end like Marketplace. -
Accepted Answer
Wayland Sothcott wrote:
4. Web management of Virtual Servers.
With Virtual Servers the use case is when the client has an old machine that they insist has to be kept running because it's the only one that can run some old program they still use, typically accounts. Accounts such as SAGE only run properly on Windows machines. I could either set up SAGE in a Windows VM or have a VM running as a Windows file server just for Sage.
.
I've already got this on one of my COS7 servers (built specifically as a VM host) - I've got VirtualBox installed, and a website running phpVirtualBox; the server runs another COS7 VM acting as a mail server, a Windows 10 machine, an XP VM (for an oldish MS Office), and a couple of Linux VMs (the mail server is the only one running all the time and is configured to start up on host boot). I've also got the desktop installed to make registration of imported machines and addition of extensions easier. Work fine with no issues so far. -
Accepted Answer
Wayland Sothcott wrote:
For that you need something which supports sieve rules such as Roundcubemail if you use cyrus-imap. I would expect Kopano to support it as well but I have not checked.
Here is my list based on things I have done for people;
1. Out Of Office setting in email settable by the user.
2. Hardware RAID monitoring and email notification (ClearOS 5 had this).
I've never tried it but what does app-raid bring you? It certainly has an e-mail setting. Also, coming soon, I hope, is app-storage, a storage manager. This is not finished and bits keep getting added and changed but I think it is reasonably stable. I think Patrick de Brabander is having a look at it. You can test it with:
It is also worth updating it every couple of working days or even daily in case there are changes.yum install app-storage --enablerepo-clearos-updates-testing
3. 10gig network card support.
We get whatever the upstream kernel provides. Referring to your other thread, later kernels give greater support for new cards but can deprecate old ones. I can also make available anything from ElRepo, but these are generally deprecated drivers rather than the latest and greatest.
4. Web management of Virtual Servers.
Have you had a look at ClearGLASS? It has a couple of issues but can do all sorts of things. There is even a demo server you can try out at https://my.clear.glass:9443/. It is fully functional but best if your target servers are internet facing. -
Accepted Answer
Richard George wrote:
Or you could install libvirt/kvm in ClearOS.
Wayland Sothcott wrote:
4. Web management of Virtual Servers.
With Virtual Servers the use case is when the client has an old machine that they insist has to be kept running because it's the only one that can run some old program they still use, typically accounts. Accounts such as SAGE only run properly on Windows machines. I could either set up SAGE in a Windows VM or have a VM running as a Windows file server just for Sage.
.
I've already got this on one of my COS7 servers (built specifically as a VM host) - I've got VirtualBox installed, and a website running phpVirtualBox; the server runs another COS7 VM acting as a mail server, a Windows 10 machine, an XP VM (for an oldish MS Office), and a couple of Linux VMs (the mail server is the only one running all the time and is configured to start up on host boot). I've also got the desktop installed to make registration of imported machines and addition of extensions easier. Work fine with no issues so far. -
Accepted Answer
Nick it looks like some of what I am after is available. I did not know what ClearGLASS was because it's name is not descriptive. ClearVirtual might have been better. It might be what I need or overkill.
The RAID monitor from the Market Place is just for MDADM not hardware. It used to monitor 3Ware cards in ClearOS 5 but nolonger. I reckon ClearOS 5 was the best one, I only switched because it's dated.
Getting the new 10gig network card to work is important. I am hoping when my test server picks up the latest kernal it will start working. -
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
Or you could install libvirt/kvm in ClearOS.
I did look into that, but the (in particular) Windows 10 VM was already in existance and I didn't want to go to the hassle of rebuilding it under a different Hypervisor - I had enough problems creating it as the licence isn't registered under my MS account so I spent hours on the phone getting it reactivated! -
Accepted Answer
Ok, I now have a serious bug that needs fixing (only found it today). I'm unable to connect to Webconfig on port 81, and the graphics console is reporting "one or more installed addons cannot be verified and have been disabled". The Normal webserver appears to be ok, it's the sandboxed version that appears to have a problem. The only thing I've done that's changed anything is to install Let's Encrypt and tell Webconfig to use the certificate. SSH access is unaffected. A google hunt tells me that it's possibly a Firefox bug - it seems to be a common theme from the beginning of this month. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Something like 4 times so far - last was after removing all the language packs (the server has the development environment in addition to being a straight file server).
I now know that -for some reason, the sandboxed apache has stopped running(!) - no idea why. I've two other C7 servers (one is a VM) that are working ok. Why this one has stopped is odd ATM, as it was running a couple of weeks ago (the last time I had cause to visit the config to check something). ATM, it won't start. -
Accepted Answer
Fixed; problem was the earlier discussion re: Let's Encrypt behind a proxy (which TBW, can be fixed by using certbox with the DNS plugin rather than standalone) and the porting across of certificate. I'd deleted the certificates, forgetting that I'd configured webconfig to use them - and as they were no longer present, startup failed as the certificates were 'empty'. Somewhere in there, there must have been a restart in the background that killed apache. -
Accepted Answer
Hi,
A small issue which makes the overview a bit more clear.
Within the Kopano-basic app there is an option for backup the malboxes. Here in you can choose the destination "Backup Destination Folder" and choose a flexshare location.
Perfect solution, but the backup of mailboxes are dropped in the root of the flexshare. Is it possible to group the mailboxes is a subdirectorie which is created by the app, for example a subdir "Kopano" or "Backup" and then store the mailboxes in this subdir -
Accepted Answer
-
Accepted Answer
Marcel van van Leeuwen wrote:
If the app must create directories for the backup locations I suppose it's out of the hands of ClearCenter then this is a feature request for the Kopano guys..
It is a ClearOS app and you choose a location within this app.
Nothing to do with Kopano to my opinion -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Marcel van van Leeuwen wrote:
Oh, my bad. I think that is a nice request! You can make a feature request on Gitlab but if you don't know how to do it I can do it for you.
If you can do this for me, would be great
I also want my own mail server. I have absolute no experience with Kopano. A good backup solution or enhancements are always welcome.
Working with ClearsOS/Zarafa for many years and now Kopano and it works great.
Kopano is grown up and the backup features are good.
Even outlook .pst restore works perfect -
Accepted Answer
Okay I made the request for you! You can click this link to check.
I walking around with the idea to place a ClearOS server in a data center for mail and to host a website. I'm member of ColoClue. -
Accepted Answer
Marcel van van Leeuwen wrote:
Okay I made the request for you! You can click this link to check.
I walking around with the idea to place a ClearOS server in a data center for mail and to host a website. I'm member of ColoClue.
Thanks.
Nice initiative, but also expensive.
My own server is running nicely at home with all ClearOS features. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »