WEBVTT

00:00.000 --> 00:08.000
Okay, hello and we're here at Foster at the Lighting Talks.

00:08.000 --> 00:12.000
I want to introduce to you Gabriel Casette.

00:12.000 --> 00:18.000
He's talking to us about the Nef Server 8 solid foundation for the safe hosting web application.

00:18.000 --> 00:24.000
Give him a warmer blouse and have fun with the talk.

00:24.000 --> 00:27.000
Thank you very much.

00:27.000 --> 00:30.000
As I was introduced, my name is Gabriel Casette.

00:30.000 --> 00:34.000
I grew up in Quebec and I come here from Canada, though.

00:34.000 --> 00:38.000
But now I live in Western Canada in Calgary, Alberta.

00:38.000 --> 00:43.000
And I'm a really, really fan of self hosting software and platforms.

00:43.000 --> 00:54.000
And today I want to present to you my latest discovery, which is Net Server 8, which I think is a real solid foundation for self hosting applications.

00:55.000 --> 00:59.000
And yeah, so my background is I'm a new system administrator.

00:59.000 --> 01:02.000
And as I said, I live in Western Canada.

01:02.000 --> 01:05.000
I work for not-for-profit called Cyberra.

01:05.000 --> 01:12.000
Cyberra is focused on providing IT services in the Alberta region in Canada.

01:12.000 --> 01:17.000
So we provide services to schools, to the municipal government, provincial government.

01:17.000 --> 01:25.000
And it can, it's a range of, for example, compute resources for students, security,

01:25.000 --> 01:28.000
a person's center for schools and stuff like that.

01:28.000 --> 01:32.000
And I'm a long time fan of open source, as I said, and self hosting.

01:32.000 --> 01:35.000
So in a nutshell, what is self hosting?

01:35.000 --> 01:39.000
Self hosting is really about having your own server.

01:39.000 --> 01:46.000
And that this server can be either in at home, like on the Raspberry Pi or something else.

01:46.000 --> 01:48.000
And or it can be in the cloud.

01:48.000 --> 01:53.000
And in the cloud, it can be either a private, I mean, a virtual or a dedicated server.

01:53.000 --> 01:56.000
And it's really about managing the whole stack.

01:56.000 --> 02:00.000
So basically from the operating system up to the application.

02:00.000 --> 02:05.000
And also sometimes the networking related to that, if you all start home, for example.

02:05.000 --> 02:10.000
So it's really about adding the full control of your hosting environment.

02:11.000 --> 02:18.000
And oftentimes you can, you can do it via containers, be it Docker or Kubernetes as well.

02:18.000 --> 02:25.000
So that's the easiest way to do it nowadays and a good, manageable way as well.

02:25.000 --> 02:34.000
Some advantages of stealth hosting in any depends on your situation, because some providers do provide good privacy.

02:34.000 --> 02:44.000
But of course, whenever you all set yourself and that end you use open source software, you are guaranteed to have good privacy.

02:44.000 --> 02:49.000
Because you control other data is being used and eyes been shared and everything.

02:49.000 --> 02:57.000
And it can be useful for yourself or but also for let's say your family or your association that you're working at.

02:57.000 --> 03:05.000
So or even your city, you could say, okay, well, I want to stand up a new email sharing platform for the city.

03:05.000 --> 03:09.000
And people can become members for example.

03:09.000 --> 03:24.000
So yeah, and privacy is really a big consideration into this, because as we know, many of the big tech companies are referring, you know, like email services or email sharing services.

03:24.000 --> 03:29.000
But the privacy is within that there and that's that's in the business model, of course.

03:29.000 --> 03:38.000
And also more flexibility, because as we all know, using open source, you can really customize it, you can tweak it to your liking.

03:38.000 --> 03:44.000
You can contribute new features as well if you are skilled to do so.

03:45.000 --> 03:57.000
As well, I, your performance. So let's say you sell all applications for your business and you have a 50 users, then you can really scale it up, you know, you can add some more resources to the server.

03:57.000 --> 04:01.000
You have full flexibility on the performance aspect as well.

04:01.000 --> 04:11.000
And lower costs, again, using open source, you can have less licensing costs, of course.

04:11.000 --> 04:18.000
But when we sell for the application and I talk with my hat of the assessment, there's boring details you need to think about.

04:18.000 --> 04:28.000
So, for example, the backups, really important, you want to have a good way to backup each applications and be able to restore them, you know, if needs be.

04:28.000 --> 04:40.000
And another aspect is to add a good isolation between applications, because some set was in platforms allows you to install software and web applications.

04:40.000 --> 04:51.000
But if there's not a good isolation between them, there's a chance that you could break by installing a new web application, you could break one that's already existing.

04:51.000 --> 05:01.000
So that's why I think running in containers really helps you to isolate your applications and it also relates to security as well, right.

05:01.000 --> 05:21.000
And another consideration that is not in us that posting platforms are the common authentication between apps, because, okay, so I installed one app to app, and then, and if all the users are, you know, in each of their own apps, then it's becoming difficult to say, okay, I want to add a new user.

05:21.000 --> 05:36.000
By the way, you need to create an account in each of the apps, right. And if the employee and the employee leave the company, then it's more complicated to delete the account in different apps compared to having a common authentication system.

05:36.000 --> 05:46.000
Also, the aspect of multi server, because, okay, yeah, I'm growing, you know, the number of apps that I have, well, at some point I may need a second and a third server, right.

05:46.000 --> 05:54.000
So I think that that possibility of moving apps between servers or scaling it up can be really useful.

05:54.000 --> 06:01.000
And of course, the rest like security, the support as well and everything.

06:01.000 --> 06:09.000
And there are many great existing solutions, and I've been a fan of looking at what's coming, you know, and what's being released.

06:09.000 --> 06:21.000
For example, you know, it's a really mature and long time solution. It's based on DBN, and it's really awesome. It checks almost all the boxes.

06:21.000 --> 06:36.000
The only thing is that there's not really a focus on containers in, in, you know, and that can be a bit more risky, because you need to look at all the application is being installed to be sure that it doesn't conflict with anything else on the server.

06:36.000 --> 06:42.000
I mean, it can work really well, but you need to make some more checks when you run it.

06:42.000 --> 06:46.000
But the community is great in this great project as well. I run it as well, you know, so.

06:46.000 --> 06:55.000
And the other solutions that some are more nasty oriented or storage oriented, some are more like UI oriented.

06:55.000 --> 07:02.000
But in my view, they all have, like, something that doesn't, that doesn't check all the boxes.

07:02.000 --> 07:08.000
So, but they are a great project as well, I'm not saying, but it's something that you can, you can compare it.

07:08.000 --> 07:20.000
But, but when I discovered Net Server 8, and a bit by mistake, I would say, I was really surprised, like I say, wow, what is this, you know, it's an hidden gem or it's something that, you know,

07:20.000 --> 07:25.000
that I think should be maybe more well known, so that's why I'm presenting here, you know.

07:25.000 --> 07:36.000
And so much features it has, so you can install it on different distributions, like VBAN and a bunch of red apps or sent to us based ones.

07:36.000 --> 07:43.000
It doesn't easy to use when you're face, so you can easily, you know, that getting to the app store and style, move the apps and everything.

07:43.000 --> 07:49.000
And I'll show you a few screenshots later on, and it has the possibility of multiple app stores.

07:49.000 --> 08:00.000
So there's, like, an official app store that is being, where the team from Net Teases are satisfying the applications and everything.

08:00.000 --> 08:06.000
But you can create your own app store, and you can also connect app stores from the community.

08:06.000 --> 08:11.000
So it's really, somebody is easy to get started, you know, and to start to packaging applications.

08:11.000 --> 08:14.000
And it has also a common authentication for apps.

08:14.000 --> 08:22.000
So you have an LDAP server that you can connect to, and your apps can authenticate through this LDAP server.

08:22.000 --> 08:31.000
So as long as the app has a support for that, there's also some third-party apps where you, that are SSO are oriented.

08:31.000 --> 08:40.000
So single sign-on. So you could install the single sign-on application, and then use that single sign-on application to authenticate to the LDAP.

08:40.000 --> 08:47.000
And your, and your, and your web applications could use that instead, you know, if you want a more modern way to authenticate.

08:47.000 --> 08:53.000
And it has support for multiple nodes. So you can easily add new nodes, so new servers.

08:53.000 --> 08:57.000
And those servers don't have to be on the same network.

08:57.000 --> 09:09.000
They can just connect to the internet, and there's a, a VPN network being set up between the nodes, so that they can all talk to each other and you can manage everything.

09:09.000 --> 09:18.000
And it has supports for backups, so encrypted backups. So the backups are encrypted client side, so from the server.

09:18.000 --> 09:21.000
And they are being sent to a remote storage.

09:21.000 --> 09:29.000
It can be one that is compatible with the S3 API, but it can also, they also supports for other storage providers as well.

09:29.000 --> 09:32.000
And of course it's open source, GPLV3.

09:32.000 --> 09:39.000
As far as the architecture goes, I found it very modern, because the team decided to use Podman.

09:39.000 --> 09:47.000
Podman is a container engine that doesn't require by default to run containers as route.

09:47.000 --> 09:57.000
And, and also, there's no demand running, so, so, so with Podman, you can create system services for your applications, for your containers,

09:57.000 --> 10:02.000
so that's a really clean way and secure way to run containers.

10:02.000 --> 10:11.000
And as well, the VPN that is being networked is being set up between the nodes is based on why your guard, which is also very modern.

10:11.000 --> 10:14.000
And there are actually two add-up implementations.

10:14.000 --> 10:18.000
You have either the choice of Samba or open-up for authentication.

10:18.000 --> 10:23.000
And one cool thing is that the authentication works across nodes.

10:23.000 --> 10:27.000
So, basically, let's say you install your LDAP on Node1.

10:27.000 --> 10:30.000
And you install an application on Node2.

10:30.000 --> 10:35.000
The Node2 application can authenticate against the LDAP server of Node1.

10:35.000 --> 10:39.000
And it doesn't require any different configuration.

10:39.000 --> 10:42.000
It just works a lot of the box.

10:42.000 --> 10:46.000
The response is traffic, which is very well known for containers.

10:46.000 --> 10:54.000
And there's a cluster database, so, basically, radius synchronizes the database across all nodes.

10:54.000 --> 11:04.000
So, so, so, so, basically, the configuration is replicated between each nodes and also the user account for the administrator's and whatnot.

11:04.000 --> 11:08.000
Some screenshots, so, basically, that's the view of the app stores.

11:08.000 --> 11:14.000
So, you can see all the apps that from the software repositories that you have added.

11:14.000 --> 11:18.000
And, and recently, they added a way to certify applications.

11:18.000 --> 11:25.000
So, you have between level one and five, and each applications that are being submitted are certified, you know,

11:25.000 --> 11:36.000
and each level have some more, you know, requirements, or, you know, for example, if the applications is connected to the LDAP by default,

11:36.000 --> 11:39.000
it will have a different level than one that is not.

11:39.000 --> 11:44.000
So, basically, the level of maturity of the package application that is in there.

11:44.000 --> 11:52.000
You have the multiple server aspects, so, basically, air, you see all of the nodes that you added, you know, and a bit of statistics on memory and CPU and whatnot.

11:52.000 --> 11:55.000
And, you can easily add a new node to the clusters.

11:55.000 --> 12:00.000
And, when you click, it is plain to you what to do on the new server, but it's really straightforward.

12:00.000 --> 12:04.000
I was really presently surprised.

12:04.000 --> 12:07.000
Also, you have, you can add different app instances.

12:07.000 --> 12:12.000
So, basically, from this, the certification can be installed multiple times.

12:12.000 --> 12:17.000
And, then, you can easily clone it, you can move it to a different node.

12:17.000 --> 12:24.000
And, when you move it, the application and the data is all being moved, you know, as containers on the other node.

12:24.000 --> 12:33.000
The only thing you need to do is, of course, to update your DNS, because most likely, the IP, the public IP of the other node will be different,

12:33.000 --> 12:35.000
than the IP of the first node.

12:35.000 --> 12:43.000
So, you need to change that, but otherwise, it's really easy to migrate applications and to manage them.

12:43.000 --> 12:56.000
For the backups, you have an interface when you can add, as I said, any S3 API providers or specific back storage providers that have been supported.

12:56.000 --> 13:04.000
And, you have some basic monitoring, as well, that you can see, you know, of the specific node, you know, and what's happening as well.

13:04.000 --> 13:09.000
So, that was my talk in the nutshell. You got my contacts there.

13:09.000 --> 13:16.000
And, I put the link of the different, of the project below. By the way, the project has really good documentation.

13:16.000 --> 13:20.000
I've been surprised at the, you know, the level of detail is 40.

13:20.000 --> 13:28.000
It's an administrator guide, and also a dev guide, and the dev guide is the one that you use to create a new application, basically.

13:28.000 --> 13:34.000
To package, an existing containerized application into a net server.

13:34.000 --> 13:38.000
And, and also the community is very, very helpful, and fairly.

13:38.000 --> 13:41.000
So, I recommend that you go there.

13:41.000 --> 13:54.000
There's also a community, a contributed application list. So, from there, you can see different community reports, you know, for the, the application repositories.

13:54.000 --> 14:01.000
So, you can go there, and you can add them to your net server, you know, server, and then you can add more applications available.

14:01.000 --> 14:08.000
So, I'll be outside if you, if you want, you know, to talk more, and I hope you have a pleasant, a pleasant. Thank you.

14:08.000 --> 14:13.000
Thank you very much.