Ninox websiteForum

Windows Server installation

Prepare an environment with Windows Server. Refer to the Get started with Windows Server guide for more information.

System requirements

Supported operating systems

  • Windows Server 2008 or higher

Minimum hardware requirements

  • 4 GB RAM

  • 2 vCores

  • 100 MBit network connection

  • 120 MB free disk space for the installation files

  • 10 GB free disk space for application data

    • The actual requirement depends on the use case, a scalable store solution is recommended

Environment dependencies

  • DNS name

  • Free port (e.g., 80 or 443, other ports can be configured as well)

  • HTTP(S) connectivity client => server

  • SSL certificate (.p12 / .pfx) with or without a private key passphrase

    • The passphrase is stored as plain text in server-config.json

  • SMTP server with or without authentication

Recommendations

  • Store Ninox data files on SSD storage

  • Implement a backup strategy with at least two layers of backup

    • VM snapshots

    • File system-based incremental backups of the data directory

  • Implement a fail-over strategy

Network configuration

Ninox client/server communication is based on HTTP(S). There are multiple ways to configure a Ninox installation, however, the following properties must be given:

  • Clients must be able to connect to the Ninox server by HTTPS via TCP/IP

  • A DNS name for the Ninox server (or the first component in the configuration that terminates the client connection) that reliably resolves to the server's IP

  • Static IP addresses are highly encouraged, DynDNS is not recommended

  • If clients connect from the internet and intranet, they need to use the same address/DNS name

Follow the steps for one of the deployment configurations.

Simple setup

Client –> HTTPS –> Server

The basic configuration requires that the Ninox server exposes a port for HTTP communication on the internet or on a private network.

Forward proxy setup

Client –> HTTPS –> Forward Proxy –> HTTPS –> Server

DMZ setup

Client –> HTTPS –> Reverse Proxy –> HTTP –> Server

In a DMZ environment, a reverse proxy terminates any client-side communication. This is the recommended configuration for environments that have already implemented a DMZ. Two main advantages of a DMZ setup are:

  • Centralized certificate management on the reverse proxy

  • A reverse proxy can act as a security component with traffic inspection

Requirements

  • Allow at least the following HTTP methods: POST, GET, PUT, PATCH, DELETE, OPTIONS, and HEAD

  • TCP timeouts must be higher than 60 seconds

  • No path rewriting rules, Ninox cannot be mounted on a sub-path

  • Ninox may heavily rely on parallel TCP connections

    • The reverse proxy needs to be able to handle multiple TCP connections—ideally at least 2 concurrent connections per concurrent client

Configuration file

Edit server-config.json in the installation directory. Refer to section Sample configuration file for more information.

On Windows, do not use Notepad to edit the configuration file. Other code editors, including Notepad ++, are suitable options.

Ensure the configuration file complies with the UTF-8 encoded JSON format. The configuration file must not involve proprietary UTF-8 encoding headers.

PreviousOIDC SSO with OktaNextDocker installation

Last updated