Installing NGINX Server
NGINX Server for Linux
The following steps require root privilege, be sure that you have the correct access before continuing.
Note
See also the SELinux configuration section.
Installing with Linux software packages
- Install an NGINX Server (Linux packages).
Install the UDMG packages (RPM or DEB), see Installing with Linux software packages. In particular, the
udmg-admin-ui-nginx
package will add the standard NGINX server configuration files (/opt/udmg/etc/udmg/nginx/udmg.conf
and/etc/nginx/conf.d/udmg.conf
) to load the UDMG Admin UI assets.
Performing a manual installation
- Install an NGINX Server (Linux packages).
Run the following command to check the main NGINX configuration file:
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
If the NGINX configuration file supports include directives, there will be a line like this:
include somedir/*.conf
- Create a configuration file
udmg.conf
under this directory (normally/etc/nginx/conf.d
). This will create 2 locations: ‘/' for the UDMG Admin UI and'/service'
for the internal authentication mechanism.
upstream udmg_auth_proxy {
# UDMG Auth Proxy Configuration
server localhost:5000;
ip_hash;
keepalive 10;
}
server {
listen 80;
# listen 443 ssl;
# ssl_certificate /etc/udmg
/certs/udmg.pem;# ssl_certificate_key /etc/udmg/certs/udmg.key;
# ssl_session_timeout 5m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# ssl_protocols TLSv1.2;
# ssl_prefer_server_ciphers on;
server_name localhost;
access_log /var/log/nginx/host.access.log;
location /service/ {
proxy_pass http://udmg_auth_proxy/;
}
location / {
try_files $uri $uri/ /index.html;
root /opt/udmg/var/www/udmg;
}
}
- Remove any
/etc/nginx/conf.d/default.conf
file, to disable the NGINX default landing page on port 80. - Validate that the configuration is correct with the following command:
# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
- Create the Root directory:
#
mkdir -p /opt/udmg/var/www/udmg/sudo
- Enable and start the NGINX service using the Init system.
#
systemctl enable nginxsudo
#
systemctl start nginxsudo
- Check that the HTTP server was started and is running, for example with the
curl
command:
# curl http://localhost:80
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.21.6</center>
</body>
</html>
This error (403) is expected, since we don't have any asset deployed.
For configuring HTTPS and HTTP redirection, please refer to the web server documentation.
NGINX Server for Windows
The following steps require Administrator privileges, be sure that you have the correct access before to continue.
- Install NGINX (see nginx for Windows), for example under
C:\UDMG\nginx
.
Run the following command to check the main NGINX configuration file:
C:\UDMG\nginx> nginx -t
nginx: the configuration file C:\UDMG\nginx/conf/nginx.conf syntax is ok
nginx: configuration file C:\UDMG\nginx/conf/nginx.conf test is successfully
- Create a directory under the configuration folder called "enabled"
Create a configuration file
udmg.conf
under this directory,C:\UDMG\nginx\conf\enabled
:upstream udmg_auth_proxy {
# MFT Auth Proxy Configuration
server localhost:5000;
}
server {
listen 80;
# listen 443 ssl;
# ssl_certificate /etc/udmg
/certs/udmg.pem;# ssl_certificate_key /etc/udmg/certs/udmg.key;
# ssl_session_timeout 5m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
# ssl_protocols TLSv1.2;
# ssl_prefer_server_ciphers on;
server_name localhost;
access_log logs//udmg.access.log;
location /service/ {
proxy_pass http://udmg_auth_proxy/;
}
location / {
try_files $uri $uri/ /index.html;
root udmg;
}
}
- Edit the default the http section of NGINX the main configuration file
C:\UDMG\nginx\conf\nginx.conf
Remove the standard server section with the default port 80
- Add an include directive to load the udmg.conf file inside . For example, the default file is like this
http {
include mime.types;
default_type application/octet-stream;
# other parameters...
server {
listen 80;
return 404;
}
}
and must be edit to look like this:
http {
include mime.types;
default_type application/octet-stream;
# other parameters...
include "C:/UDMG/nginx/conf/enabled/*.conf";
}
- Remove any
/etc/nginx/conf.d/default.conf
file, to disable the NGINX default landing page on port 80.
- Validate that the configuration is correct with the following command:
C:\UDMG\nginx> nginx -t
nginx: the configuration file C:\UDMG\nginx/conf/nginx.conf syntax is ok
nginx: configuration file C:\UDMG\nginx/conf/nginx.conf test is successfully
- Create the Root directory under the NGINX main directory called udmg:
C:\UDMG\nginx> mkdir udmg
- Start NGINX
C:\UDMG\nginx>
nginx
- Check that the HTTP server was started and is running, for example with the
curl
command:
C:\>curl.exe http://localhost:80
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.23.0</center>
</body>
</html>
This error (403) is expected, since we don't have any asset deployed.
Notes:
- For configuring HTTPS and HTTP redirection, please refer to the web server documentation (Configuring HTTPS servers).
- The paths in any NGINX configuration file must be specified in UNIX-style, using forward slashes '/'.
- For running NGINX as a service please refer to the service section in UDMG for Windows Installation