Versions Compared

Old Version 1

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 2

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

The following steps require root privilege, be make sure that you have the correct access before to continuecontinuing.

  • Extract the distribution file for UDMG Admin UI, under the directory web server root directory, see the NGINX Service configuration above.

...

  • Create a dedicated user for running the UDMG modules and to be the owner of the files that will be transferred by UDMG.

Panel

# groupadd udmg

# useradd mft-g udmg udmg

UDMG Server

  • Create the configuration file /etc/mftudmg/waarpudmg_gatewayserver/server.ini with the following parameters:

Panel

# mkdir -p /etc/mftudmg/waarpudmg_gatewayserver
# vi /etc/mftudmg/waarpudmg_gatewayserver/server.ini


Panel

[global]
; The name given to identify this gateway instance. If the the database is shared between multiple gateways, this name MUST be unique across these gateways.
GatewayName = mft_waarp_gatewayudmg

; Default OS permission for created files
; FilePermissions = 700

; Default OS permission for created directories
; DirPermissions = 750


[paths]
; The root directory of the gateway. By default, it is the working directory of the process.
GatewayHome = /home/mftudmg

; The directory for all incoming files.
; DefaultInDir = in

; The directory for all outgoing files.
; DefaultOutDir = out

; The directory for all running transfer files.
; DefaultTmpDir = tmp

[log]
; All messages with a severity above this level will be logged. Possible values are DEBUG, INFO, WARNING, ERROR and CRITICAL.
Level = DEBUG

; The path to the file where the logs must be written. Special values 'stdout' and 'syslog' log respectively to the standard output and to the syslog daemon
; LogTo = stdout

; If LogTo is set on 'syslog', the logs will be written to this facility.
; SyslogFacility = local0

[admin]
; The address used by the admin interface.
Host = 0.0.0.0

; The port used by the admin interface. If the port is 0, a free port will automatically be chosen.
Port = 18080

; Path of the TLS certificate for the admin interface.
; TLSCert =

; Path of the key of the TLS certificate.
; TLSKey =

[database]
; Name of the RDBMS used for the gateway database. Possible values: sqlite, mysql, postgresql
Type = postgresql

; Address of the database
Address = localhost

; The name of the database
Name = mft_waarp_gatewayudmg

; The name of the gateway database user
User = mft_waarp_gatewayudmg_user

; The password of the gateway database user
Password = mft_waarp_gatewayudmg_password

; Path of the database TLS certificate file.
; TLSCert =

; Path of the key of the TLS certificate file.
; TLSKey =

; The path to the file containing the passphrase used to encrypt account passwords using AES
; AESPassphrase = passphrase.aes

[controller]
; The frequency at which the database will be probed for new transfers
Delay = 300s

; The maximum number of concurrent incoming transfers allowed on the gateway (0 = unlimited).
; MaxTransferIn = 0

; The maximum number of concurrent outgoing transfers allowed on the gateway (0 = unlimited).
; MaxTransferOut = 0

[sftp]
; Set to true to allow legacy and weak cipher algorithms: 3des-cbc, aes128-cbc, arcfour, arcfour128, arcfour256
; AllowLegacyCiphers = false

  • Install the binaries under /usr/local/bin:
Panel

# install -m 755 waarpudmg-gatewayd client /usr/local/bin
# install -m 755 waarpudmg-gateway server /usr/local/bin

UDMG Authentication Proxy

  • Create a directory under /etc/mftudmg/:

Panel

# mkdir -p /etc/mftudmg/auth_proxy

  • Create a configuration file for the service:
Panel

# vi /etc/mftudmg/auth_proxy/config.toml


Panel

# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# Enable Request Track ID, default true
tracker = true
# Enable Request Logguer, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false

# Service 'local' with direct authentication on the waarp gatewaythe UDMG Server
[service.local]
# MFT Waarp Gateway UDMG Server Listen Protocol
protocol = "http"

[[service.local.targets]]
# MFT Waarp Gateway UDMG Server Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway UDMG Server Port
port = 18080

# Service 'mft' with direct authentication on the waarp gatewaythe UDMG Server
[service.mft]
# MFT Waarp Gateway UDMG Server Listen Protocol
protocol = "http"

[[service.mft.targets]]
# MFT Waarp Gateway UDMG Server Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway UDMG Server Port
port = 18080

  • Install the binary under /usr/local/bin:
Panel

# install -m 755 mft_udmg-auth_-proxy_-server /usr/local/bin

Configuration for LDAP Authentication

The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:

Panel

# vi /etc/mftudmg/auth_proxy/config.toml


Panel

# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# Enable Request Track ID, default true
tracker = true
# Enable Request Logguer, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false

# Service 'mft' with LDAP Authentication
[service.mft]
# MFT Waarp Gateway UDMG Server connection protocol(http or https)
protocol = "http"
# This is breaking glass option for admins, 
# the users in the admins list are authenticated directly on the MFT service, not with LDAP
admins = ["admin"]

[[service.mft.targets]]
# MFT Waarp Gateway UDMG Server Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway UDMG Server Port
port = 18080

# Credentials for the synchronisation synchronization from LDAP to MFT service
# this user must have permission to create/update waarp gateway UDMG users
[service.mft.credential]
username = "ldap_sync"
password = "ldap_password"

# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server Port
port = "1389"

The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface:

Panel

waarp_gateway user udmg-client user add -u ldap_sync -p ldap_password -r 'U=rw'

...

  • Create a directory under /etc/mft:

Panel

# mkdir -p /etc/mftudmg/agent_proxy

  • Install the binaries under /usr/local/bin:
Panel

# install -m 755 mft_agent_proxy_755 udmg-agent-proxy-client /usr/local/bin
# install -m 755 mft_udmg-agent_-proxy_-server /usr/local/bin

Agent Configuration

...

Panel

# ssh-keygen -t rsa -q -N "" -f /etc/mftudmg/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/mftudmg/agent_proxy/client

  • Change the agent key permissions:
Panel

# chmod 755 /etc/mftudmg/agent_proxy/agent /etc/mftudmg/agent_proxy/agent.pub

  • Create a configuration file as /etc/mftudmg/agent_proxy/agent.toml:
Panel

# vi /etc/mftudmg/agent_proxy/agent.toml


Panel

[agent]
# MFT Agent Proxy Hostname or IP, and port
hostname = "0.0.0.0"
port = "2222"
# path to the SSH private key file
ssh_key = "/etc/mftudmg/agent_proxy/agent"
# path to the SSH public key file
ssh_key_pub = "/etc/mftudmg/agent_proxy/agent.pub"

# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"

...

  • Create a configuration file as /etc/mftudmg/agent_proxy/client.toml:

Panel

# vi /etc/mftudmg/agent_proxy/client.toml


Panel

[client]
# Target MFT Agent Proxy Hostname or IP, and port
hostname = "localhost"
port = "2222"

# path to the SSH private key file
ssh_key = "/etc/mftudmg/agent_proxy/client"
# path to the SSH public key file
ssh_key_pub = "/etc/mftudmg/agent_proxy/client.pub"

# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"

# Default TTL to Connection Retry
ttl="5s"

[client.api]
# Administrative API port
port="2280"

[gateway]
# MFT Waarp Gateway UDMG Server Hostname or IP, and port
hostname = "localhost"
port = "18080"
# MFT Waarp Gateway UDMG Server Username/Password
username = "admin"
password = "admin_password"

...

Panel

# vi /etc/systemd/system/mft_waarp_gatewayudmg-server.service


Panel


[Unit]


Description=
MFT Waarp Gateway server
UDMG Server

[Service]


Type=simple


User=
mft
udmg
Group=
mft
udmg
WorkingDirectory=/home/
mft
udmg
ExecStart=/bin/sh -c '
exec 
/usr/local/
bin/waarp-gatewayd server 
udmg-server server -c /etc/
mft/waarp_gateway
udmg/udmg-server/server.ini'

 Restart=on-failure
  [Install]

 WantedBy=multi-user.target


  • Enable the new service:
Panel

# systemctl enable mft_waarp_gateway udmg-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/mft_waarp_gatewayudmg-server.service → /etc/systemd/system/mft_waarp_gatewayudmg-server.service.

  • Start the service and check the status:
Panel

# systemctl start mft_waarp_gatewaystart udmg-server
# systemctl status mft_waarp_gateway
● mft_waarp_gatewaystatus udmg-server
udmg-server.service - MFT Waarp Gateway UDMG server
Loaded: loaded ( /etc/systemd/system/mft_waarp_gatewayudmg-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:43:16 -03; 10s ago
Main PID: 24888 (waarpudmg-gatewaydserver)
Tasks: 6 (limit: 3509)
CPU: 11ms
CGroup: /system.slice/mft_waarp_gatewayudmg-server.service
└─24888 /usr/local/bin/waarpudmg-gatewayd server server -c /etc/mft/waarp_gatewayudmg/udmg-server/server.ini

Be Make sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.

...

Panel

# vi /etc/systemd/system/mft_udmg-auth_-proxy-server.service


Panel

[Unit]
Description=MFT UDMG Auth Proxy server

[Service]
Type=simple
User=mftudmg
Group=mftudmg
WorkingDirectory=/home/mftudmg
Environment="MFTUDMG_AUTH_PROXY_CONFIG=/etc/mftudmg/auth_proxy/config.toml"
ExecStart=/bin/sh -c 'exec /usr/local/bin/mft_udmg-auth_-proxy_-server'
Restart=on-failure

[Install]
WantedBy=multi-user.target

  • Enable the new service:
Panel

# systemctl enable mft_udmg-auth_-proxy-server.service
Created symlink /etc/systemd/system/multi-user.target.wants/mft_udmg-auth_-proxy-server.service → /etc/systemd/system/mft_udmg-auth_-proxy-server.service.

  • Start the service and check the status:
Panel

# systemctl start mft_auth_proxystart udmg-auth-proxy-server
# systemctl status mft_auth_proxystatus udmg-auth-proxy-server
● mft_auth_proxy.service - MFT UDMG Auth Proxy server
Loaded: loaded ( /etc/systemd/system/mft_udmg-auth_-proxy-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:58:48 -03; 21s ago
Main PID: 25008 (mft_udmg-auth_-proxy_-server)
Tasks: 3 (limit: 3509)
CPU: 4ms
CGroup: /system.slice/mft_udmg-auth_-proxy-server.serviceservice
└─25008 /usr/local/bin/mft_auth_proxservicey_udmg-auth-proxy-server

Be Make sure that the listen port and network interface is reachable by NGINX Server.

...

Panel

# vi /etc/systemd/system/mft_udmg-agent_-proxy_-server.service


Panel

[Unit]

Description=
MFT 
UDMG Agent
Proxy Server
 Proxy server

[Service]


Type=simple


User=
mft
udmg
Group=
mft
udmg
WorkingDirectory=/home/
mft
udmg
Environment="
MFT
UDMG_AGENT_PROXY_CONFIG=/etc/
mft
udmg/agent
_proxy
/
agent
server.toml"


ExecStart=/bin/sh -c 'exec /usr/local/bin/
mft_
udmg-agent
_
-proxy
_
-server'


Restart=on-failure


[Install]


WantedBy=multi-user.target
  • Enable the new service:
Panel

# systemctl enable mft_agent_proxy_server.serviceenable udmg-agent-proxy-server
Created symlink /etc/systemd/system/multi-user.target.wants/mft_udmg-agent_-proxy_-server.service → /etc/systemd/system/mft_udmg-agent_-proxy_-server.service.

  • Start the service and check the status:
Panel

# systemctl start mft_agent_proxy_start udmg-agent-proxy-server
# systemctl status mft_agent_proxy_status udmg-agent-proxy-server
mft_udmg-agent_-proxy_-server.service - MFT UDMG Agent Proxy Server
Loaded: loaded ( /etc/systemd/system/mft_udmg-agent_-proxy_-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:26:53 -03; 2s ago
Main PID: 25444 (mft_udmg-agent_-proxy-server)
Tasks: 5 (limit: 3509)
CPU: 5ms
CGroup: /system.slice/mft_udmg-agent_-proxy_-server.service
└─25444 /usr/local/bin/mft_udmg-agent_-proxy_-server

Jun 07 16:26:53 localhost.localdomain systemd[1]: Started MFT UDMG Agent Proxy Server.
Jun 07 16:26:53 localhost.localdomain sh[25444]: level=info TS=2022-06-07T19:26:53.624296821Z HostKey=Ok Path=/data/agent

...

Panel

# vi /etc/systemd/system/mft_udmg-agent_-proxy_-client.service


Panel

[Unit]
Description=MFT Agent Proxy Client

[Service]
Type=simple
User=mft
Group=mft
WorkingDirectory=/home/mft
Environment="MFT_AGENT_PROXY_CONFIG=/etc/mft/agent_proxy/client.toml"
ExecStart=/bin/sh -c 'exec /usr/local/bin/mft_agent_proxy_client'
Restart=on-failure

[Install]
WantedBy=multi-user.target

  • Enable the new service:
Panel

# systemctl enable mft_udmg-agent_-proxy_-client.service
Created symlink /etc/systemd/system/multi-user.target.wants/mft_udmg-agent_-proxy_-client.service → /etc/systemd/system/mft_udmg-agent_-proxy_-client.service.

  • Start the service and check the status:
Panel

# systemctl start mft_agent_proxy_start udmg-agent-proxy-client
# systemctl status mft_agent_proxy_status udmg-agent-proxy-client
● mft_agent_proxy_client.service - MFT UDMG Agent Proxy Client
Loaded: loaded ( /etc/systemd/system/mft_udmg-agent_-proxy_-client.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 17:26:53 -03; 2s ago
Main PID: 25445 (mft_udmg-agent_-proxy-client)
Tasks: 5 (limit: 3509)
CPU: 6ms
CGroup: /system.slice/mft_udmg-agent_-proxy_-client.service
└─25445 /usr/local/bin/mft_udmg-agent_-proxy_-client

Jun 07 17:26:53 localhost.localdomain systemd[1]: Started MFT UDMG Agent Proxy Server.
Jun 07 17:26:53 localhost.localdomain sh[25445]: level=info TS=2022-06-07T20:26:53.624296821Z Servers=[]

...