Versions Compared

Old Version 1

changes.mady.by.user Stonebranch

Saved on

compared with

New Version 2

changes.mady.by.user Stonebranch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleNote

See also the SELinux configuration section.

Installing with Linux Software Packages

  • Install an NGINX Server (Linux packages).

  • Install the UDMG packages (RPM or DEB), see Installing with Linux software packages. In particular, the udmg-admin-ui-nginx package adds the standard NGINX server configuration files (/opt/udmg/etc/udmg/nginx/udmg.conf and /etc/nginx/conf.d/udmg.confto load the UDMG Admin UI assets.

...

Code Block
languagetext
upstream udmg_auth_proxy {
    # UDMG Auth Proxy Configuration
    server        localhost:5775;
    ip_hash;
    keepalive 10;    
}

server {
    listen        80;
    listen    [::]:80;

    # TLS configuration
#    listen       443 ssl;
#    listen  [::]:443 ssl;
#    ssl_certificate     /etc/nginx/certs/cert.pem;
#    ssl_certificate_key /etc/nginx/certs/key.pem;
#    ssl_session_timeout 5m;
#    ssl_prefer_server_ciphers on;
#    ssl_protocols TLSv1.3 TLSv1.2;
#    ssl_ecdh_curve secp521r1:secp384r1;
# # recommanded cipher list: https://ssl-config.mozilla.org/#server=nginx&version=1.20&config=intermediate&openssl=1.1.1k&ocsp=false&guideline=5.7
#    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;

    server_name   localhost;

    access_log    /opt/udmg/var/log/nginx/admin.log;

    # Server Banner
    server_tokens off;

    # DEPRECATED Security Headers
    add_header X-XSS-Protection "0";
    add_header X-Frame-Options "SAMEORIGIN";

    # Security Headers
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Content-Type-Options nosniff;
    add_header Referrer-Policy "strict-origin";
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
    add_header X-Permitted-Cross-Domain-Policies none;

    location /service/ {
      proxy_pass         http://udmg_auth_proxy/;
      proxy_set_header   X-Real-IP       $remote_addr;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        try_files $uri $uri/ /index.html;
        root      /opt/udmg/var/www/udmg;
    }
}


Note
titleNote

Debian/Ubuntu: the main log format is not defined (commented out in /etc/nginx/nginx/conf) when the installation is performed from the Debian package repository. It is necessary to either revert the access_log format to the default by removing the main from the example above or to uncomment it from the nginx.conf file. It is also possible to install the package from the NGINX official repository, which defines the main log format.  

  • Remove any /etc/nginx/conf.d/default.conf file, to disable the NGINX default landing page on port 80.
  • Validate that the configuration is correct with the following command:

...

  • Check that the HTTP server was started and is running, for example with the curl command:
Panel

# curl http://localhost:80
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.6</center>
</body>
</html>

...

  • Check that the HTTP server was started and is running, for example with the curl command:
Panel

C:\>curl.exe http://localhost:80
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.23.0</center>
</body>
</html>

...