...
Extract the distribution file for UDMG Admin UI, under the directory web server root directory, see the NGINX Service configuration above.
Panel |
---|
# unzip -d /srvd /opt/udmg/var/www/udmg/ udmg_admin_ui-<VERSION>.zip
|
...
Create the configuration file /etcopt/udmg/etc/udmg_-server/server.ini with ini with the following parameters:
Panel |
---|
# mkdir -p p /etcopt/udmg/etc/udmg_-server
# vi vi /etcopt/udmg/etc/udmg_-server/server.ini
|
Note |
---|
|
The lines starting with a colon ';' or a hash '#' are comments, describing the option or showing the default value. The parameters must be adapted to your environment, in particular: - global: GatewayHome
- log: LogLevel, LogTo, LogPath
- admin: Host, Port
- database: Type, Address, Name, User, Password
|
...
- Install the binaries under /usropt/localudmg/bin
:
Panel |
---|
# install -m 755 udmg-client /usropt/localudmg/bin
# install -m 755 udmg-server /usropt/localudmg/bin
|
UDMG Authentication Proxy
Create a directory under /etc/udmg/:
Panel |
---|
# mkdir -p p /opt/udmg/etc/udmg/auth_proxy
|
- Create a configuration file for the service:
Panel |
---|
# vi /opt/udmg/etc/udmg/auth_proxy/config.toml
|
Panel |
---|
# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# CORS: List of origins that may access the resource. Optional. Default value "*"
# domain = "*"
# Enable Request Track ID, default true
tracker = true
# Enable Request Logger, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false # Enable CSRF token
csrf = false
#
# Service 'local' with direct authentication on the UDMG Server
[service.local]
# UDMG Server Listen Protocol
protocol = "http"
[[service.local.targets]]
# UDMG Server Hostname or IP
hostname = "localhost"
# UDMG Server Port
port = 18080
|
...
- Install the binary under
/usropt/localudmg/bin:
Panel |
---|
# install -m 755 udmg-auth-proxy /usropt/localudmg/bin
|
UDMG Agent Proxy
Create a directory under /opt/udmg/etc/mftudmg:
Panel |
---|
# mkdir -p p /opt/udmg/etc/udmg/agent_proxy/
|
- Install the binaries under
/usropt/localudmg/bin:
Panel |
---|
# install -m 755 udmg-agent-proxy-client /usropt/localudmg/bin
# install -m 755 udmg-agent-proxy- server /usropt/localudmg/bin
|
Agent Proxy Server Configuration
...
Panel |
---|
# ssh-keygen -t rsa -q -N "" -f /etcopt/udmg/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/udmg/agent_proxy/clientagent
|
- Change the agent key permissions:
Panel |
---|
# chmod 755 /etcopt/udmg/etc/udmg/agent_proxy/agent /opt/udmg/etc/udmg/agent_proxy/agent.pub
|
- Create a configuration file as /opt/udmg/etc/udmg/agent_proxy/
agent.toml:
Panel |
---|
# vi /opt/udmg/etc/udmg/agent_proxy/agent.toml
|
Panel |
---|
[agent]
# UDMG Agent Proxy Hostname or IP, and port
hostname = "0.0.0.0"
port = "2222"
# path to the SSH private key file
ssh_key = "/opt/udmg/etc/udmg/agent_proxy/agent"
# path to the SSH public key file
ssh_key_pub = "/opt/udmg/etc/udmg/agent_proxy/agent.pub"
# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"
|
...
Create a configuration file as /etc/udmg
/agent_proxy/client.toml:
Panel |
---|
# vi /etc/udmg/agent_proxy/client.toml
|
Panel |
---|
[client]
# Target UDMG Agent Proxy Hostname or IP, and port
hostname = "localhost"
port = "2222"
# path to the SSH private key file
ssh_key = "opt/udmg/etc/udmg/agent_proxy/client"
# path to the SSH public key file
ssh_key_pub = "/etc/udmg /agent_proxy/client.pub/client.toml
|
Panel |
---|
[client]
# Target UDMG Agent Proxy Hostname or IP, and port
hostname = "localhost"
port = "2222"
# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"
# Default TTL to Connection Retry
ttl="5s"
[client.api]
# Administrative API port
port="2280"
[gateway]
# UDMG Server Hostname or IP, and port
hostname = "localhost"
port = "18080"
# UDMG Server Username/Password
username = "admin"
password = "admin_password"
|
...
Panel |
---|
[Unit]
Description=UDMG Server
[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
ExecStart=/bin/sh -c '/usr/local /bin/udmg-server server -c /etcopt/udmg/etc/udmg_-server/server.ini' Restart=on-failure
[Install] WantedBy=multi-user.target |
...
Panel |
---|
# systemctl start udmg-server
# systemctl status udmg-server
● udmg-server .service - UDMG server
Loaded: loaded ( /etc/systemd/system/udmg-server .service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:43:16 -03; 10s ago
Main PID: 24888 (udmg-server )
Tasks: 6 (limit: 3509)
CPU: 11ms
CGroup: /system.slice/udmg-server .service
└─24888 /usropt/localudmg/bin/udmg-server server -c /etcopt/udmg/etc/udmg_-server/server.ini
|
Make sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.
...
Panel |
---|
[Unit]
Description=UDMG Auth Proxy server
[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
Environment="UDMG_AUTH_PROXY_CONFIG=/opt/udmg/etc/udmg/auth_proxy/config.toml"
ExecStart=/bin/sh -c 'exec /usropt/localudmg/bin/udmg-auth-proxy '
Restart=on-failure
[Install]
WantedBy=multi-user.target
|
...
Panel |
---|
# systemctl start udmg-auth-proxy
# systemctl status udmg-auth-proxy
● udmg-auth-proxy
.service - UDMG Auth Proxy server
Loaded: loaded ( /etc/systemd/system/udmg-auth-proxy .service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:58:48 -03; 21s ago
Main PID: 25008 (udmg-auth-proxy )
Tasks: 3 (limit: 3509)
CPU: 4ms
CGroup: /system.slice/udmg-auth-proxy .serviceservice
└─25008 /usropt/localudmg/bin/udmg-auth-proxy
|
Make sure that the listen port and network interface is reachable by NGINX Server.
...
Panel |
---|
[Unit] Description=UDMG Agent Proxy server
[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
Environment="UDMG_AGENT_PROXY_CONFIG=/opt/udmg/etc/udmg/agent/server.toml"
ExecStart=/bin/sh -c 'exec /usropt/localudmg/bin/udmg-agent-proxy-server'
Restart=on-failure
[Install]
WantedBy=multi-user.target |
...
Panel |
---|
# systemctl start udmg-agent-proxy-server
# systemctl status udmg-agent-proxy-server
● udmg-agent-proxy-server.service - UDMG Agent Proxy Server
Loaded: loaded ( /etc/systemd/system/udmg-agent-proxy-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:26:53 -03; 2s ago
Main PID: 25444 (udmg-agent-proxy-server)
Tasks: 5 (limit: 3509)
CPU: 5ms
CGroup: /system.slice/udmg-agent-proxy-server.service
└─25444 /usropt/localudmg/bin/udmg-agent-proxy-server
Jun 07 16:26:53 localhost.localdomain systemd[1]: Started UDMG Agent Proxy Server.
Jun 07 16:26:53 localhost.localdomain sh[25444]: level=info TS=2022-06-07T19:26:53.624296821Z HostKey=Ok Path=/data/agent
|
...
Panel |
---|
[Unit]
Description=UDMG Agent Proxy Client
[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
Environment="UDMG_AGENT_PROXY_CONFIG=/opt/udmg/etc/udmg/agent_proxy/client.toml"
ExecStart=/bin/sh -c 'exec /usropt/localudmg/bin/udmg- agent-proxy-client'
Restart=on-failure
[Install]
WantedBy=multi-user.target
|
...
Panel |
---|
# systemctl start udmg-agent-proxy-client
# systemctl status udmg-agent-proxy-client
● udmg-agent-proxy-client .service - UDMG Agent Proxy Client
Loaded: loaded ( /etc/systemd/system/udmg-agent-proxy-client .service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 17:26:53 -03; 2s ago
Main PID: 25445 (udmg-agent-proxy-client )
Tasks: 5 (limit: 3509)
CPU: 6ms
CGroup: /system.slice/udmg-agent-proxy-client .service
└─25445 /usropt/localudmg/bin/udmg-agent-proxy-client
Jun 07 17:26:53 localhost.localdomain systemd[1]: Started UDMG Agent Proxy Client.
Jun 07 17:26:53 localhost.localdomain sh[25445]: level=info TS=2022-06-07T20:26:53.624296821Z Servers=[]
|
...
Panel |
---|
# semanage fcontext -a -t httpd_sys_content_t '/srvopt/udmg/var/www(/.*)?'
# restorecon -Rv /srvRv /opt/udmg/var/www/
|
- Allow NGINX to reverse proxy through the authentication proxy by setting the
httpd_can_network_connect
boolean
...