Windows Server installation
Prepare an environment with Windows Server. Refer to the Get started with Windows Server guide for more information.
- Windows Server 2008 or higher
- 4 GB RAM
- 2 vCores
- 100 MBit network connection
- 120 MB free disk space for the installation files
- 10 GB free disk space for application data
- The actual requirement depends on the use case, a scalable store solution is recommended
- DNS name
- Free port (e.g.,
443, other ports can be configured as well)
- HTTP(S) connectivity client => server
- SSL certificate (.p12 / .pfx) with or without a private key passphrase
- The passphrase is stored as plain text in
- SMTP server with or without authentication
- Store Ninox data files on SSD storage
- Implement a backup strategy with at least two layers of backup
- VM snapshots
- File system-based incremental backups of the data directory
- Implement a fail-over strategy
Ninox client/server communication is based on HTTP(S). There are multiple ways to configure a Ninox installation, however, the following properties must be given:
- Clients must be able to connect to the Ninox server by HTTPS via TCP/IP
- A DNS name for the Ninox server (or the first component in the configuration that terminates the client connection) that reliably resolves to the server's IP
- Static IP addresses are highly encouraged, DynDNS is not recommended
- If clients connect from the internet and intranet, they need to use the same address/DNS name
Follow the steps for one of the deployment configurations.
Client –> HTTPS –> Server
The basic configuration requires that the Ninox server exposes a port for HTTP communication on the internet or on a private network.
Client –> HTTPS –> Forward Proxy –> HTTPS –> Server
Client –> HTTPS –> Reverse Proxy –> HTTP –> Server
In a DMZ environment, a reverse proxy terminates any client-side communication. This is the recommended configuration for environments that have already implemented a DMZ. Two main advantages of a DMZ setup are:
- Centralized certificate management on the reverse proxy
- A reverse proxy can act as a security component with traffic inspection
- Allow at least the following HTTP methods:
- TCP timeouts must be higher than 60 seconds
- No path rewriting rules, Ninox cannot be mounted on a sub-path
- Ninox may heavily rely on parallel TCP connections
- The reverse proxy needs to be able to handle multiple TCP connections—ideally at least 2 concurrent connections per concurrent client
server-config.jsonin the installation directory. Refer to section Sample configuration file for more information.
On Windows, do not use Notepad to edit the configuration file. Other code editors, including Notepad ++, are suitable options.
Ensure the configuration file complies with the UTF-8 encoded JSON format. The configuration file must not involve proprietary UTF-8 encoding headers.
Last modified 1yr ago