Windows Server installation

Prepare an environment with Windows Server. Refer to the Get started with Windows Server guide for more information.

System requirements

Supported operating systems

Windows Server 2008 or higher

Minimum hardware requirements

4 GB RAM
2 vCores
100 MBit network connection
120 MB free disk space for the installation files
10 GB free disk space for application data
- The actual requirement depends on the use case, a scalable store solution is recommended

Environment dependencies

DNS name
Free port (e.g., 80 or 443, other ports can be configured as well)
HTTP(S) connectivity client => server
SSL certificate (.p12 / .pfx) with or without a private key passphrase
- The passphrase is stored as plain text in server-config.json
SMTP server with or without authentication

Recommendations

Store Ninox data files on SSD storage
Implement a backup strategy with at least two layers of backup
- VM snapshots
- File system-based incremental backups of the data directory
Implement a fail-over strategy

Network configuration

Ninox client/server communication is based on HTTP(S). There are multiple ways to configure a Ninox installation, however, the following properties must be given:

Clients must be able to connect to the Ninox server by HTTPS via TCP/IP
A DNS name for the Ninox server (or the first component in the configuration that terminates the client connection) that reliably resolves to the server's IP
Static IP addresses are highly encouraged, DynDNS is not recommended
If clients connect from the internet and intranet, they need to use the same address/DNS name

Follow the steps for one of the deployment configurations.

Simple setup

Client –> HTTPS –> Server

The basic configuration requires that the Ninox server exposes a port for HTTP communication on the internet or on a private network.

Forward proxy setup

Client –> HTTPS –> Forward Proxy –> HTTPS –> Server

DMZ setup

Client –> HTTPS –> Reverse Proxy –> HTTP –> Server

In a DMZ environment, a reverse proxy terminates any client-side communication. This is the recommended configuration for environments that have already implemented a DMZ. Two main advantages of a DMZ setup are:

Centralized certificate management on the reverse proxy
A reverse proxy can act as a security component with traffic inspection

Requirements

Allow at least the following HTTP methods: POST, GET, PUT, PATCH, DELETE, OPTIONS, and HEAD
TCP timeouts must be higher than 60 seconds
No path rewriting rules, Ninox cannot be mounted on a sub-path
Ninox may heavily rely on parallel TCP connections
- The reverse proxy needs to be able to handle multiple TCP connections—ideally at least 2 concurrent connections per concurrent client

Configuration file

Edit server-config.json in the installation directory. Refer to section Sample configuration file for more information.

On Windows, do not use Notepad to edit the configuration file. Other code editors, including Notepad ++, are suitable options.

Ensure the configuration file complies with the UTF-8 encoded JSON format. The configuration file must not involve proprietary UTF-8 encoding headers.

PreviousOIDC SSO with Okta NextDocker installation

Last updated 2 years ago