...
Note | ||
---|---|---|
| ||
See also the SELinux configuration section. |
Installing with Linux Software Packages
- Install an NGINX Server (Linux packages).
Install the UDMG packages (RPM or DEB), see Installing with Linux software packages. In particular, the
udmg-admin-ui-nginx
package adds the standard NGINX server configuration files (/opt/udmg/etc/udmg/nginx/udmg.conf
and/etc/nginx/conf.d/udmg.conf
) to load the UDMG Admin UI assets.
...
Code Block | ||
---|---|---|
| ||
upstream udmg_auth_proxy { # UDMG Auth Proxy Configuration server localhost:5775; ip_hash; keepalive 10; } server { listen 80; listen [::]:80; # TLS configuration # listen 443 ssl; # listen [::]:443 ssl; # ssl_certificate /etc/nginx/certs/cert.pem; # ssl_certificate_key /etc/nginx/certs/key.pem; # ssl_session_timeout 5m; # ssl_prefer_server_ciphers on; # ssl_protocols TLSv1.3 TLSv1.2; # ssl_ecdh_curve secp521r1:secp384r1; # # recommanded cipher list: https://ssl-config.mozilla.org/#server=nginx&version=1.20&config=intermediate&openssl=1.1.1k&ocsp=false&guideline=5.7 # ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; server_name localhost; access_log /opt/udmg/var/log/nginx/admin.log; # Server Banner server_tokens off; # DEPRECATED Security Headers add_header X-XSS-Protection "0"; add_header X-Frame-Options "SAMEORIGIN"; # Security Headers add_header Content-Security-Policy "frame-ancestors 'self'"; add_header X-Content-Type-Options nosniff; add_header Referrer-Policy "strict-origin"; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'; add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()"; add_header X-Permitted-Cross-Domain-Policies none; location /service/ { proxy_pass http://udmg_auth_proxy/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location / { try_files $uri $uri/ /index.html; root /opt/udmg/var/www/udmg; } } |
Note | ||
---|---|---|
| ||
Debian/Ubuntu: the |
- Remove any
/etc/nginx/conf.d/default.conf
file, to disable the NGINX default landing page on port 80. - Validate that the configuration is correct with the following command:
...
- Check that the HTTP server was started and is running, for example with the
curl
command:
Panel |
---|
|
...
- Check that the HTTP server was started and is running, for example with the
curl
command:
Panel |
---|
|
...
- For configuring HTTPS and HTTP redirection, please refer to the web server documentation (Configuring HTTPS servers).
- The paths in any NGINX configuration file must be specified in UNIX style, using forward slashes '/'.
- For running NGINX as a service please refer to the service section in UDMG for Windows Installation/wiki/spaces/UDMG16/pages/518455635.