Versions Compared

Old Version 3

changes.mady.by.user Olivier Michaut

Saved on

compared with

New Version 4

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

# unzip -d /srv/www/mftudmg/ udmg_admin_ui-<VERSION>.zip

  • Validate that the service is working properly:
Panel

# curl http://localhost:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 06 Jun 2022 17:33:19 GMT
Content-Type: text/html
Content-Length: 7788
Last-Modified: Fri, 03 Jun 2022 14:07:05 GMT
Connection: keep-alive
ETag: "629a1589-1e6c"
Accept-Ranges: bytes

...

  • Create a dedicated user for running the UDMG modules and to be the owner of the files that will be transferred by UDMG.

Panel

# groupadd udmg

# useradd -g udmg udmg

UDMG Server

...

Panel

# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# Enable Request Track ID, default true
tracker = true
# Enable Request LogguerLogger, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false

# Service 'mft' with LDAP Authentication
[service.mft]
# UDMG Server connection protocol(http or https)
protocol = "http"
# This is breaking glass option for admins, 
# the users in the admins list are authenticated directly on the MFT service, not with LDAP
admins = ["admin"]

[[service.mft.targets]]
UDMG Server Hostname or IP
hostname = "localhost"
UDMG Server Port
port = 18080

# Credentials for the synchronization from LDAP to MFT service
# this user must have permission to create/update UDMG users
[service.mft.credential]
username = "ldap_sync"
password = "ldap_password"

# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server Port
port = "1389"

...

Panel

# vi /etc/udmg/agent_proxy/agent.toml


Panel

[agent]
# MFT UDMG Agent Proxy Hostname or IP, and port
hostname = "0.0.0.0"
port = "2222"
# path to the SSH private key file
ssh_key = "/etc/udmg/agent_proxy/agent"
# path to the SSH public key file
ssh_key_pub = "/etc/udmg/agent_proxy/agent.pub"

# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"

...

Panel

# vi /etc/udmg/agent_proxy/client.toml


Panel

[client]
# Target MFT UDMG Agent Proxy Hostname or IP, and port
hostname = "localhost"
port = "2222"

# path to the SSH private key file
ssh_key = "/etc/udmg/agent_proxy/client"
# path to the SSH public key file
ssh_key_pub = "/etc/udmg/agent_proxy/client.pub"

# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"

# Default TTL to Connection Retry
ttl="5s"

[client.api]
# Administrative API port
port="2280"

[gateway]
UDMG Server Hostname or IP, and port
hostname = "localhost"
port = "18080"
# UDMG Server Username/Password
username = "admin"
password = "admin_password"

...

Panel

# systemctl start udmg-auth-proxy
# systemctl status udmg-auth-proxy
mft_udmg-auth_-proxy.service - UDMG Auth Proxy server
Loaded: loaded ( /etc/systemd/system/udmg-auth-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:58:48 -03; 21s ago
Main PID: 25008 (udmg-auth-proxy)
Tasks: 3 (limit: 3509)
CPU: 4ms
CGroup: /system.slice/udmg-auth-proxy.serviceservice
└─25008 /usr/local/bin/udmg-auth-proxy

...

Panel

# vi /etc/systemd/system/udmg-agent-proxy-client.service


Panel

[Unit]
Description=MFT UDMG Agent Proxy Client

[Service]
Type=simple
User=mftudmg
Group=mftudmg
WorkingDirectory=/home/mftudmg
Environment="MFTUDMG_AGENT_PROXY_CONFIG=/etc/mftudmg/agent_proxy/client.toml"
ExecStart=/bin/sh -c 'exec /usr/local/bin/mft_udmg-agent_-proxy_-client'
Restart=on-failure

[Install]
WantedBy=multi-user.target

...

Panel

# systemctl start udmg-agent-proxy-client
# systemctl status udmg-agent-proxy-client
mft_udmg-agent_-proxy_-client.service - UDMG Agent Proxy Client
Loaded: loaded ( /etc/systemd/system/udmg-agent-proxy-client.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 17:26:53 -03; 2s ago
Main PID: 25445 (udmg-agent-proxy-client)
Tasks: 5 (limit: 3509)
CPU: 6ms
CGroup: /system.slice/udmg-agent-proxy-client.service
└─25445 /usr/local/bin/udmg-agent-proxy-client

Jun 07 17:26:53 localhost.localdomain systemd[1]: Started UDMG Agent Proxy ServerClient.
Jun 07 17:26:53 localhost.localdomain sh[25445]: level=info TS=2022-06-07T20:26:53.624296821Z Servers=[]

...