Ninox websiteForum
Search
K
Links

Windows Server installation

Prepare an environment with Windows Server. Refer to the Get started with Windows Server guide for more information.

System requirements

Supported operating systems

  • Windows Server 2008 or higher

Minimum hardware requirements

  • 4 GB RAM
  • 2 vCores
  • 100 MBit network connection
  • 120 MB free disk space for the installation files
  • 10 GB free disk space for application data
    • The actual requirement depends on the use case, a scalable store solution is recommended

Environment dependencies

  • DNS name
  • Free port (e.g., 80 or 443, other ports can be configured as well)
  • HTTP(S) connectivity client => server
  • SSL certificate (.p12 / .pfx) with or without a private key passphrase
    • The passphrase is stored as plain text in server-config.json
  • SMTP server with or without authentication

Recommendations

  • Store Ninox data files on SSD storage
  • Implement a backup strategy with at least two layers of backup
    • VM snapshots
    • File system-based incremental backups of the data directory
  • Implement a fail-over strategy

Network configuration

Ninox client/server communication is based on HTTP(S). There are multiple ways to configure a Ninox installation, however, the following properties must be given:
  • Clients must be able to connect to the Ninox server by HTTPS via TCP/IP
  • A DNS name for the Ninox server (or the first component in the configuration that terminates the client connection) that reliably resolves to the server's IP
  • Static IP addresses are highly encouraged, DynDNS is not recommended
  • If clients connect from the internet and intranet, they need to use the same address/DNS name
Follow the steps for one of the deployment configurations.

Simple setup

Client –> HTTPS –> Server
The basic configuration requires that the Ninox server exposes a port for HTTP communication on the internet or on a private network.

Forward proxy setup

Client –> HTTPS –> Forward Proxy –> HTTPS –> Server

DMZ setup

Client –> HTTPS –> Reverse Proxy –> HTTP –> Server
In a DMZ environment, a reverse proxy terminates any client-side communication. This is the recommended configuration for environments that have already implemented a DMZ. Two main advantages of a DMZ setup are:
  • Centralized certificate management on the reverse proxy
  • A reverse proxy can act as a security component with traffic inspection

Requirements

  • Allow at least the following HTTP methods: POST, GET, PUT, PATCH, DELETE, OPTIONS, and HEAD
  • TCP timeouts must be higher than 60 seconds
  • No path rewriting rules, Ninox cannot be mounted on a sub-path
  • Ninox may heavily rely on parallel TCP connections
    • The reverse proxy needs to be able to handle multiple TCP connections—ideally at least 2 concurrent connections per concurrent client

Configuration file

Edit server-config.json in the installation directory. Refer to section Sample configuration file for more information.
On Windows, do not use Notepad to edit the configuration file. Other code editors, including Notepad ++, are suitable options.
Ensure the configuration file complies with the UTF-8 encoded JSON format. The configuration file must not involve proprietary UTF-8 encoding headers.
Previous
OIDC SSO with Okta
Next - Private Cloud / On-Premises
Docker installation
Last modified 1yr ago