Versions Compared

Old Version 17

changes.mady.by.user Olivier Michaut

Saved on

compared with

New Version 18

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Extract the distribution file for UDMG Admin UI, under the directory web server root directory, see the NGINX Service configuration above.

Panel

# unzip -d /srvd /opt/udmg/var/www/udmg/ udmg_admin_ui-<VERSION>.zip

...

  • Create the configuration file /etcopt/udmg/etc/udmg_-server/server.ini with ini with the following parameters:

Panel

# mkdir -p /etcopt/udmg/etc/udmg_-server
# vi vi /etcopt/udmg/etc/udmg_-server/server.ini


Note
titleNote

The lines starting with a colon ';' or a hash '#' are comments, describing the option or showing the default value.

The parameters must be adapted to your environment, in particular:

  • global: GatewayHome
  • log: LogLevel, LogTo, LogPath
  • admin: Host, Port
  • database: Type, Address, Name, User, Password

...

  • Install the binaries under /usropt/localudmg/bin:
Panel

# install -m 755 udmg-client /usropt/localudmg/bin
# install -m 755 udmg-server /usropt/localudmg/bin

UDMG Authentication Proxy

  • Create a directory under /etc/udmg/:

Panel

# mkdir -p p /opt/udmg/etc/udmg/auth_proxy

  • Create a configuration file for the service:
Panel

# vi /opt/udmg/etc/udmg/auth_proxy/config.toml


Panel

# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
CORS: List of origins that may access the resource. Optional. Default value "*"
# domain = "*"
# Enable Request Track ID, default true
tracker = true
# Enable Request Logger, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false
# Enable CSRF token
csrf = false

# Service 'local' with direct authentication on the UDMG Server
[service.local]
# UDMG Server Listen Protocol
protocol = "http"
[[service.local.targets]]
# UDMG Server Hostname or IP
hostname = "localhost"
UDMG Server Port
port = 18080

...

  • Install the binary under /usropt/localudmg/bin:
Panel

# install -m 755 udmg-auth-proxy /usropt/localudmg/bin


UDMG Agent Proxy

  • Create a directory under /opt/udmg/etc/mftudmg:

Panel

# mkdir -p p /opt/udmg/etc/udmg/agent_proxy/

  • Install the binaries under /usropt/localudmg/bin:
Panel

# install -m 755 udmg-agent-proxy-client /usropt/localudmg/bin
# install -m 755 udmg-agent-proxy-server /usropt/localudmg/bin

Agent Proxy Server Configuration

...

Panel

# ssh-keygen -t rsa -q -N "" -f /etcopt/udmg/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/udmg/agent_proxy/clientagent

  • Change the agent key permissions:
Panel

# chmod 755 /etcopt/udmg/etc/udmg/agent_proxy/agent /opt/udmg/etc/udmg/agent_proxy/agent.pub

  • Create a configuration file as /opt/udmg/etc/udmg/agent_proxy/agent.toml:
Panel

# vi /opt/udmg/etc/udmg/agent_proxy/agent.toml


Panel

[agent]
# UDMG Agent Proxy Hostname or IP, and port
hostname = "0.0.0.0"
port = "2222"
# path to the SSH private key file
ssh_key = "/opt/udmg/etc/udmg/agent_proxy/agent"
# path to the SSH public key file
ssh_key_pub = "/opt/udmg/etc/udmg/agent_proxy/agent.pub"

# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"

...

  • Create a configuration file as /etc/udmg/agent_proxy/client.toml:

Panel

# vi /etc/udmg/agent_proxy/client.toml

Panel

[client]
# Target UDMG Agent Proxy Hostname or IP, and port
hostname = "localhost"
port = "2222"

# path to the SSH private key file
ssh_key = "opt/udmg/etc/udmg/agent_proxy/client"
# path to the SSH public key file
ssh_key_pub = "/etc/udmg/agent_proxy/client.pub/client.toml


Panel

[client]
# Target UDMG Agent Proxy Hostname or IP, and port
hostname = "localhost"
port = "2222"

# Agent Service User and password
username = "mft"
password = "61ee8b5601a84d5154387578466c8998848ba089"

# Default TTL to Connection Retry
ttl="5s"

[client.api]
# Administrative API port
port="2280"

[gateway]
UDMG Server Hostname or IP, and port
hostname = "localhost"
port = "18080"
# UDMG Server Username/Password
username = "admin"
password = "admin_password"

...

Panel
[Unit]
Description=UDMG Server

[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
ExecStart=/bin/sh -c '/usr/local/bin/udmg-server server -c /etcopt/udmg/etc/udmg_-server/server.ini' 
Restart=on-failure 

[Install] WantedBy=multi-user.target

...

Panel

# systemctl start udmg-server
# systemctl status udmg-server
udmg-server.service - UDMG server
Loaded: loaded ( /etc/systemd/system/udmg-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:43:16 -03; 10s ago
Main PID: 24888 (udmg-server)
Tasks: 6 (limit: 3509)
CPU: 11ms
CGroup: /system.slice/udmg-server.service
└─24888 /usropt/localudmg/bin/udmg-server server -c /etcopt/udmg/etc/udmg_-server/server.ini

Make sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.

...

Panel

[Unit]
Description=UDMG Auth Proxy server

[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
Environment="UDMG_AUTH_PROXY_CONFIG=/opt/udmg/etc/udmg/auth_proxy/config.toml"
ExecStart=/bin/sh -c 'exec /usropt/localudmg/bin/udmg-auth-proxy'
Restart=on-failure

[Install]
WantedBy=multi-user.target

...

Panel

# systemctl start udmg-auth-proxy
# systemctl status udmg-auth-proxy
udmg-auth-proxy.service - UDMG Auth Proxy server
Loaded: loaded ( /etc/systemd/system/udmg-auth-proxy.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:58:48 -03; 21s ago
Main PID: 25008 (udmg-auth-proxy)
Tasks: 3 (limit: 3509)
CPU: 4ms
CGroup: /system.slice/udmg-auth-proxy.serviceservice
└─25008 /usropt/localudmg/bin/udmg-auth-proxy

Make sure that the listen port and network interface is reachable by NGINX Server.

...

Panel

[Unit]

Description=UDMG Agent Proxy server

[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
Environment="UDMG_AGENT_PROXY_CONFIG=/opt/udmg/etc/udmg/agent/server.toml"
ExecStart=/bin/sh -c 'exec /usropt/localudmg/bin/udmg-agent-proxy-server'
Restart=on-failure

[Install]
WantedBy=multi-user.target

...

Panel

# systemctl start udmg-agent-proxy-server
# systemctl status udmg-agent-proxy-server
udmg-agent-proxy-server.service - UDMG Agent Proxy Server
Loaded: loaded ( /etc/systemd/system/udmg-agent-proxy-server.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 16:26:53 -03; 2s ago
Main PID: 25444 (udmg-agent-proxy-server)
Tasks: 5 (limit: 3509)
CPU: 5ms
CGroup: /system.slice/udmg-agent-proxy-server.service
└─25444 /usropt/localudmg/bin/udmg-agent-proxy-server

Jun 07 16:26:53 localhost.localdomain systemd[1]: Started UDMG Agent Proxy Server.
Jun 07 16:26:53 localhost.localdomain sh[25444]: level=info TS=2022-06-07T19:26:53.624296821Z HostKey=Ok Path=/data/agent

...

Panel

[Unit]
Description=UDMG Agent Proxy Client

[Service]
Type=simple
User=udmg
Group=udmg
WorkingDirectory=/home/udmg
Environment="UDMG_AGENT_PROXY_CONFIG=/opt/udmg/etc/udmg/agent_proxy/client.toml"
ExecStart=/bin/sh -c 'exec /usropt/localudmg/bin/udmg-agent-proxy-client'
Restart=on-failure

[Install]
WantedBy=multi-user.target

...

Panel

# systemctl start udmg-agent-proxy-client
# systemctl status udmg-agent-proxy-client
udmg-agent-proxy-client.service - UDMG Agent Proxy Client
Loaded: loaded ( /etc/systemd/system/udmg-agent-proxy-client.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2022-06-07 17:26:53 -03; 2s ago
Main PID: 25445 (udmg-agent-proxy-client)
Tasks: 5 (limit: 3509)
CPU: 6ms
CGroup: /system.slice/udmg-agent-proxy-client.service
└─25445 /usropt/localudmg/bin/udmg-agent-proxy-client

Jun 07 17:26:53 localhost.localdomain systemd[1]: Started UDMG Agent Proxy Client.
Jun 07 17:26:53 localhost.localdomain sh[25445]: level=info TS=2022-06-07T20:26:53.624296821Z Servers=[]

...

Panel

# semanage fcontext -a -t httpd_sys_content_t '/srvopt/udmg/var/www(/.*)?'
# restorecon -Rv /srvRv /opt/udmg/var/www/

  • Allow NGINX to reverse proxy through the authentication proxy by setting the httpd_can_network_connect boolean

...