Panel | |
---|---|
|
Installing and Configuring the Components
UDMG Admin UI
...
Note |
---|
The following steps require root privilege, be sure that you have the correct access before to continue. |
Extract the distribution file for UDMG Admin UI, under the directory that we created during the configurationweb server root directory, see the NGINX Service configuration above.
Panel |
---|
|
- Validate that the service is working properly with curl:
Panel |
---|
|
or with the browser:
...
UDMG User setup
Create a dedicated user for running the UDMG modules and to be the owner of the files that will be transferred by UDMG.
Panel |
---|
|
UDMG Server
Create a directory
C:\UDMG\
UDMG Gateway
Install the binaries as
andwaarp-gatewayd.exe
waarp-gateway.exe
- Create the configuration file
C:\UDMG\
UDMG Gateway\server.ini
the configuration file
/etc/mft/waarp_gateway/server.ini
with the following parameters:
Panel |
---|
|
Panel |
---|
|
...
- Install the binaries under
/usr/local/bin:
Panel |
---|
|
UDMG Authentication Proxy
Create a directory
C:\UDMG\
MFT Auth Proxy
Install the binaries as
mft_auth_proxy_server.exe
Create the configuration file
C:\UDMG\MFT Auth Proxy\config.toml
/etc/mft/:
Panel |
---|
|
- Create a configuration file for the service:
Panel |
---|
|
Panel |
---|
|
Configuration for LDAP Authentication
...
- Install the binary under
/usr/local/bin:
Panel |
---|
|
Configuration for LDAP Authentication
The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:
Panel |
---|
|
Panel |
---|
|
Note |
---|
The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface:
|
UDMG Agent Proxy
Create a directory
C:\UDMG\UDMG Agent
Install the binaries as
mft_agent_proxy_client.exe
andmft_agent_proxy_server.exe
Agent Configuration
Generate a SSH Key for the service.
For example with the ssh-keygen tool that is provided by Windows OpenSSH tools (Key-based authentication in OpenSSH for Windows), or by 3PP packages like Copssh - OpenSSH for Windows or Portable Git for Windows
Panel |
---|
|
If OpenSSH is not installed or not available, the PuTTY tool can be used instead.
Use PuTTYgen to generate a key pair for the agent, more detailled instructions can be found here: Using public keys for SSH authentication
After generating the key, export it with OpenSSH format:
Create a configuration file as
C:\UDMG\UDMG Agent\agent\agent.toml
Panel |
---|
|
The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface:
Panel |
---|
|
In case of successful authentication on the LDAP, the user is created with default read permission in the internal UDMG database if it does not exist. Otherwise the credentials are updated in the database to allow for authentication on the REST and CLI interfaces.
UDMG Agent Proxy
Create a directory under
/etc/mft:
Panel |
---|
|
- Install the binaries under
/usr/local/bin:
Panel |
---|
|
Agent Configuration
Generate a SSH Key for the service:
Panel |
---|
|
- Change the agent key permissions:
Panel |
---|
|
- Create a configuration file as
/etc/mft/agent_proxy/agent.toml:
Panel |
---|
|
Panel |
---|
|
The password key will be used for the client authentication.
Client Configuration
Create a configuration file as
/etc/mft/agent_proxy/client.toml:
Panel |
---|
|
Panel |
---|
|
The password key will be used for the client authentication.
Client Configuration
...
Setup the Systemd Services
UDMG Server
Create a new service definition:
Panel |
---|
|
Panel |
---|
...
Be sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.
UDMG Authentication Proxy
- Copy
winsw.exe
underC:\UDMG\
with the following name:UDMG Auth Proxy
mft_auth_proxy_server-service
.exe
- Create a new service definition file:
mft_auth_proxy_server
-service
.yml
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
The password key will be used for the client authentication.
Setup the Windows Services
The UDMG components can be installed as Windows service with the WinSX tool.
NGINX Server
- Download WinSX and copy
winsw.exe
underC:\UDMG\nginx
with the following name:nginx-service
.exe
- Create a new service definition file:
nginx-service
.yml
Panel |
---|
|
- Create a stop script:
nginx-stop.cmd
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
UDMG Server
- Download WinSX and copy
winsw.exe
underC:\UDMG\UDMG Gateway
with the following name:waarp-gatewayd-service
.exe
- Create a new service definition file:
waarp-gatewayd-service
.yml
Panel |
---|
|
- Start the service and check the status:
...
|
- Enable the new service:
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
Be sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.
UDMG Authentication Proxy
Create a new service definition:
Panel |
---|
|
Panel |
---|
|
- Enable the new service:
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
Be sure that the listen port and network interface is reachable by NGINX Server.
UDMG Agent Proxy
Agent Proxy Server Service
Create a new service definition:
Panel |
---|
|
Panel |
---|
|
- Enable the new service:
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
Be sure that the listen port and network interface is reachable by NGINX Server.
UDMG Agent Proxy
Agent Proxy Server Service
...
reachable by UDMG Agent Client .
Agent Proxy Client Service
Create a new service definition
...
:
...
Panel |
---|
|
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
Be sure that the listen port and network interface is reachable by UDMG Agent Client .
Agent Proxy Client Service
...
|
- Enable the new service:
Panel |
---|
|
- Start the service and check the status:
Panel |
---|
|
...
|
...
Panel |
---|
|
- Start the service and check the status:
...
Component Ports
...
|
Component Ports
Make sure that all the ports needed are open under your firewall configuration.
Using UDMG with SELinux
- Modify the file label so that NGINX (as a process labeled with the
httpd_t
context) can access the configuration file
Panel |
---|
|
- Modify the file label so that NGINX (as a process labeled with the
httpd_t
context) can access the asset files
Panel |
---|
|
- Allow NGINX to reverse proxy through the authentication proxy by setting the
httpd_can_network_connect
boolean
Panel |
---|
|
References
This document references the following documents.
Name | Location | ||
---|---|---|---|
Systemd | |||
NGINX with SELinux | |||
PostgreSQL Client Authentication | |||
PostgreSQL Password Authentication | Guide on setting up Nginx as a service on Windows | https://github.com/sheggi/win-service-nginx