Installing and Configuring the Components
UDMG Admin UI
Uncompress the tar file for UDMG Admin UI, under the directory that we created during the configuration.
C:\UDMG\nginx\udmg> tar -x -f udmg_admin_ui-<version>.zip
- Validate that the service is working properly with curl
C:\>curl.exe http://localhost:8080 -I
HTTP/1.1 200 OK
Server: nginx/1.23.0
Date: Thu, 07 Jul 2022 17:53:09 GMT
Content-Type: text/html
Content-Length: 7788
Last-Modified: Fri, 01 Jul 2022 13:58:15 GMT
Connection: keep-alive
ETag: "62befd77-1e6c"
Accept-Ranges: bytes
or with the browser:
UDMG Server
Create a directory
C:\UDMG\
UDMG Server
Install the binaries as
andudmg-server.exe
udmg-client.exe
- Create the configuration file
C:\UDMG\
UDMG Server\server.ini
[global]
; The name given to identify this UDMG Server instance. If the the database is shared between multiple servers, this name MUST be unique across these
servers
.GatewayName = udmg
; Default OS permission for created files
; FilePermissions = 700
; Default OS permission for created directories
; DirPermissions = 750
[paths]
; The root directory of the
UDMG Server
. By default, it is the working directory of the process.; GatewayHome = /home/udmg
; The directory for all incoming files.
; DefaultInDir = in
; The directory for all outgoing files.
; DefaultOutDir = out
; The directory for all running transfer files.
; DefaultTmpDir = tmp
[log]
; All messages with a severity above this level will be logged. Possible values are DEBUG, INFO, WARNING, ERROR and CRITICAL.
Level = DEBUG
; The path to the file where the logs must be written. Special values 'stdout' and 'syslog' log respectively to the standard output and to the syslog daemon
; LogTo = stdout
; If LogTo is set on 'syslog', the logs will be written to this facility.
; SyslogFacility = local0
[admin]
; The address used by the admin interface.
Host = 0.0.0.0
; The port used by the admin interface. If the port is 0, a free port will automatically be chosen.
Port = 18080
; Path of the TLS certificate for the admin interface.
; TLSCert =
; Path of the key of the TLS certificate.
; TLSKey =
[database]
; Name of the RDBMS used for the
UDMG Server
database. Possible values: sqlite, mysql, postgresqlType = postgresql
; Address of the database
Address = localhost
; The name of the database
Name = udmg
; The name of the database user
User = udmg_user
; The password of the database user
Password = udmg_password
; Path of the database TLS certificate file.
; TLSCert =
; Path of the key of the TLS certificate file.
; TLSKey =
; The path to the file containing the passphrase used to encrypt account passwords using AES
; AESPassphrase = passphrase.aes
[controller]
; The frequency at which the database will be probed for new transfers
Delay = 5s
; The maximum number of concurrent incoming transfers allowed on the
UDMG Server
(0 = unlimited).; MaxTransferIn = 0
; The maximum number of concurrent outgoing transfers allowed on the
UDMG Server
(0 = unlimited).; MaxTransferOut = 0
[sftp]
; Set to true to allow legacy and weak cipher algorithms: 3des-cbc, aes128-cbc, arcfour, arcfour128, arcfour256
; AllowLegacyCiphers = false
UDMG Authentication Proxy
Create a directory
C:\UDMG\
MFT Auth Proxy
Install the binaries as
udmg-auth-proxy.exe
Create the configuration file
C:\UDMG\MFT Auth Proxy\config.toml
# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# CORS:
List of origins that may access the resource. Optional. Default value "*"# domain = "*"
# Enable Request Track ID, default true
tracker = true
# Enable Request Logger, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false
# Enable CSRF token
csrf = false
# Service 'local' with direct authentication on the
UDMG Server
[service.local]
# UDMG Server Listen Protocol
protocol = "http"
[[service.local.targets]]
# UDMG Server Hostname or IP
hostname = "localhost"
# UDMG Server Port
port = 18080
Please refer to Authentication Methods for the LDAP and SSO authentication options.
UDMG Agent Proxy
Create a directory
C:\UDMG\UDMG Agent
Install the binaries as
udmg-agent-proxy-client.exe
andudmg-agent-proxy-server.exe
Agent Configuration
Generate a SSH Key for the service.
For example with the ssh-keygen tool that is provided by Windows OpenSSH tools (Key-based authentication in OpenSSH for Windows), or by 3PP packages like Copssh - OpenSSH for Windows or Portable Git for Windows
# ssh-keygen -t rsa -q -N "" -f "C:\UDMG\UDMG Agent\agent_key"
# ssh-keygen -t rsa -q -N "" -f "C:\UDMG\UDMG Agent\client_key"
If OpenSSH is not installed or not available, the PuTTY tool can be used instead.
Use PuTTYgen to generate a key pair for the agent, more detailled instructions can be found here: Using public keys for SSH authentication
After generating the key, export it with OpenSSH format:
Create a configuration file as
C:\UDMG\UDMG Agent\agent\agent.toml
[agent]
# Listen IP Address
hostname = "0.0.0.0"
# Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "C:\UDMG\UDMG Agent\agent_key"
# SSH Public Key
ssh_key_pub = "C:\UDMG\UDMG Agent\agent_key.pub"
# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"
The password key will be used for the client authentication.
Client Configuration
Create a configuration file as
C:\UDMG\UDMG Agent\client\client.toml
[client]
# UDMG Agent Proxy Hostname or IP
hostname = "localhost"
# UDMG Agent Proxy Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "C:\UDMG\UDMG Agent\client_key"
# SSH Public Key
ssh_key_pub = "C:\UDMG\UDMG Agent\client_key.pub"
# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"
# Default TTL to Connection Retry
ttl="5s"
# UDMG Agent Client Admin API
[client.api]
# Listen Port
port="2280"
# UDMG Server
[gateway]
# UDMG Server Hostname or IP
hostname = "localhost"
# UDMG Server Port
port = "18080"
# UDMG Server Username/Password
username = "admin"
password = "admin_password"
The password key will be used for the client authentication.
Setup the Windows Services
The UDMG components can be installed as Windows service with the WinSX tool.
NGINX Server
- Download WinSX and copy
winsw.exe
underC:\UDMG\nginx
with the following name:nginx-service
.exe
- Create a new service definition file:
nginx-service
.yml
id: NGINX
name: NGINX Service
description: Runs the nginx.exe as a service
executable: C:\UDMG\nginx\nginx.exe
stopexecutable: C:\UDMG\nginx\nginx-stop.cmd
logpath: C:\UDMG\nginx\logs
logmode: roll
- Create a stop script:
nginx-stop.cmd
@echo off
cd /D %~dp0
if not exist logs\nginx.pid GOTO skip
nginx.exe -s quit
del logs\nginx.pid
:skip
taskkill /f /IM nginx.exe
- Start the service and check the status:
C:\UDMG\nginx>nginx-service.exe install
2022-10-07 10:20:20,724 INFO - Installing service 'NGINX Service (NGINX)'...
2022-10-07 10:20:20,777 INFO - Service 'NGINX Service (NGINX)' was installed successfully.
C:\UDMG\nginx>nginx-service.exe status
Stopped
C:\UDMG\nginx>nginx-service.exe start
2022-10-07 10:20:40,213 INFO - Starting service 'NGINX Service (NGINX)'...
2022-10-07 10:20:41,327 INFO - Service 'NGINX Service (NGINX)' started successfully.
C:\UDMG\nginx>nginx-service.exe status
Started
UDMG Server
- Download WinSX and copy
winsw.exe
underC:\UDMG\UDMG Server
with the following name:udmg-server-service
.exe
- Create a new service definition file:
udmg-server-service
.yml
id: UDMG Server
name: UDMG Server
description: UDMG Server
executable: C:\UDMG\UDMG Server\udmg-server.exe
startArguments: server -c "C:\UDMG\UDMG
Server
\server.ini"workingdirectory: C:\UDMG\UDMG
Server
priority: Normal
- Start the service and check the status:
C:\UDMG\UDMG Server>udmg-server-service.exe install
2022-10-07 10:07:48,385 INFO - Installing service 'UDMG Server (UDMG Server)'...
2022-10-07 10:07:48,449 INFO - Service 'UDMG Server (UDMG Server)' was installed successfully.
C:\UDMG\UDMG
Server
>udmg-server-service.exe statusStopped
C:\UDMG\UDMG
Server
>udmg-server-service.exe start2022-10-07 10:08:19,297 INFO - Starting service 'UDMG Server (UDMG Server)'...
2022-10-07 10:08:20,418 INFO - Service 'UDMG Server (UDMG Server)' started successfully.
C:\UDMG\UDMG
Server
>udmg-server-service.exe statusStarted
Be sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.
UDMG Authentication Proxy
- Copy
winsw.exe
underC:\UDMG\
with the following name:UDMG Auth Proxy
udmg-auth-proxy-service
.exe
- Create a new service definition file:
udmg-auth-proxy
-service
.yml
id: UDMG Auth Proxy
name: UDMG Auth Proxy
description: UDMG Auth Proxy
executable: C:\UDMG\UDMG Auth Proxy\udmg-auth-proxy.exe
priority: Normal
workingdirectory: C:\UDMG\UDMG Auth Proxy
env:
- name: UDMG_AUTH_PROXY_CONFIG
value: 'C:\UDMG\UDMG Auth Proxy\config.toml'
- Start the service and check the status:
C:\UDMG\UDMG Auth Proxy>udmg-auth-proxy-service.exe install
2022-10-07 10:09:45,618 INFO - Installing service 'UDMG Auth Proxy (UDMG Auth Proxy)'...
2022-10-07 10:09:45,683 INFO - Service 'UDMG Auth Proxy (UDMG Auth Proxy)' was installed successfully.
C:\UDMG\UDMG Auth Proxy>udmg-auth-proxy-service.exe start
2022-10-07 10:09:52,852 INFO - Starting service 'UDMG Auth Proxy (UDMG Auth Proxy)'...
2022-10-07 10:09:54,053 INFO - Service 'UDMG Auth Proxy (UDMG Auth Proxy)' started successfully.
C:\UDMG\UDMG Auth Proxy>udmg-auth-proxy-service.exe status
Started
Be sure that the listen port and network interface is reachable by NGINX Server.
UDMG Agent Proxy
Agent Proxy Server Service
- Copy
winsw.exe
underC:\UDMG\UDMG Agent\agent
with the following name:udmg-agent-proxy-server-service.exe
- Create a new service definition file:
udmg-agent-proxy-server-service
.yml
id: UDMG Agent Server
name: UDMG Agent Server
description: UDMG Agent Server
executable: C:\UDMG\UDMG Agent\agent\udmg-agent-proxy-server.exe
priority: Normal
workingdirectory: C:\UDMG\UDMG Agent\agent
env:
- name: MFT_AGENT_PROXY_CONFIG
value: 'C:\UDMG\UDMG Agent\agent\agent.toml'
- Start the service and check the status:
C:\UDMG\UDMG Agent\agent>udmg-agent-proxy-server-service.exe install
2022-10-07 10:09:45,618 INFO - Installing service 'UDMG Agent Server (UDMG Agent Server)'...
2022-10-07 10:09:45,683 INFO - Service 'UDMG Agent Server (UDMG Agent Server)' was installed successfully.
C:\UDMG\UDMG Agent\agent>udmg-agent-proxy-server-service.exe start
2022-10-07 10:09:52,852 INFO - Starting service 'UDMG Agent Server (UDMG Agent Server)'...
2022-10-07 10:09:54,053 INFO - Service 'UDMG Agent Server (UDMG Agent Server)' started successfully.
C:\UDMG\UDMG Agent\agent>udmg-agent-proxy-server-service.exe status
Started
Be sure that the listen port and network interface is reachable by UDMG Agent Client .
Agent Proxy Client Service
- Copy
winsw.exe
underC:\UDMG\UDMG Agent\client
with the following name:udmg-agent-proxy-client-service.exe
- Create a new service definition file:
udmg-agent-proxy-client-service
.yml
id: UDMG Agent Client
name: UDMG Agent Client
description: UDMG Agent Client
executable: C:\UDMG\UDMG Agent\client\udmg-agent-proxy-client.exe
priority: Normal
workingdirectory: C:\UDMG\UDMG Agent\client
env:
- name: MFT_AGENT_PROXY_CONFIG
value: 'C:\UDMG\UDMG Agent\client\agent.toml'
- Start the service and check the status:
C:\UDMG\UDMG Agent\client>
udmg-agent-proxy-client
-service.exe install2022-10-07 10:09:45,618 INFO - Installing service 'UDMG Agent
Client
(UDMG Agent Client
)'...2022-10-07 10:09:45,683 INFO - Service 'UDMG Agent
Client
(UDMG Agent Client
)' was installed successfully.C:\UDMG\UDMG Agent\client>
udmg-agent-proxy-client
-service.exe start2022-10-07 10:09:52,852 INFO - Starting service 'UDMG Agent
Client
(UDMG Agent Client
)'...2022-10-07 10:09:54,053 INFO - Service 'UDMG Agent
Client
(UDMG Agent Client
)' started successfully.C:\UDMG\UDMG Agent\client>udmg-agent-proxy-
-service.exe statusclient
Started
Component Ports
Make sure that all the ports needed are open under your firewall configuration.
References
This document references the following documents.
Name | Location |
---|---|
PostgreSQL Client Authentication | |
PostgreSQL Password Authentication | |
Guide on setting up Nginx as a service on Windows | https://github.com/sheggi/win-service-nginx |