# Linux

* Option 1: CentOS Linux Stream 9
* Option 2: Ubuntu Server LTS 22.04
* Option 3: Ubuntu Server LTS 24.04

## Before you start

* You need to know how to create and edit text files in Linux. For example, you can use `vim` editor. Here you can find a quick start guide on [how to use the Vim editor](https://www.control-escape.com/linux/editing-vim.html).

## 1. Preparation

### 1.1. System Update

*CentOS*

```
sudo dnf update -y
```

*Ubuntu*

```
sudo apt update
sudo apt upgrade -y  
```

Reboot system

```
sudo reboot
```

### 1.2 Disable SELinux (CentOS only)

<pre><code><strong>sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
</strong>sudo reboot
</code></pre>

To verify that SELinux is disabled, you can type:

```
sudo sestatus
SELinux status:                 disabled
```

**Note:** on production servers, usually after installation and verification, you need to re-enable SELinux and configure it accordingly.

### 1.3 Firewall Configuration (optional)

To access the server from the network, ports 80 and 443 and port 22 (default port for connection via ssh) should be opened:

*CentOS:*

```
sudo firewall-cmd --zone=public --permanent --add-port=22/tcp
sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
sudo firewall-cmd --zone=public --permanent --add-port=443/tcp
sudo firewall-cmd --reload
```

*Ubuntu:*

```
sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
```

## 2. Installing Prerequisites

### 2.1. Installing additional packages

*CentOS stream 9 :*

```
sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm -y
sudo dnf install libgdiplus libicu jq -y
sudo dnf install compat-openssl11 -y

```

*Ubuntu 22.04:*

```
sudo apt install libgdiplus libicu70 jq gss-ntlmssp-dev -y
```

*Ubuntu 24.04:*

```
sudo apt install libgdiplus libicu74 jq gss-ntlmssp-dev -y
```

Package descriptions:

* **libgdiplus** – An open-source implementation of the GDI+ graphics library used by .NET applications for image rendering and drawing operations on Linux.
* **libicu70** – International Components for Unicode (ICU) library that provides robust Unicode and globalization support, including string collation, date/number formatting, and locale-specific operations.
* **jq** – A lightweight command-line processor for JSON data, enabling filtering, parsing, and transformation of structured JSON directly in the terminal.
* **gss-ntlmssp-dev** – Development package for GSS-NTLMSSP, which enables NTLM authentication through the GSSAPI framework, often used for integrating Linux services with Windows Active Directory.

## 3. Installing the HES server

### 3.1. Download HES server

```
cd ~
curl -O https://update.hideez.com/hes/linux_x64_latest.tar.gz
```

### 3.2. Extracting files and moving to the /opt directory

```
tar -xvf linux_x64_latest.tar.gz
sudo mv HES /opt/
```

### 3.3. Configuring the HES

Navigate to the '/opt/HES/' directory and run the **HES.Wizard** application <br>

```
cd /opt/HES/
sudo ./HES.Wizard
```

next, follow the setup tips and configure the server

### 3.4. Daemonizing of the HES

We already prepared the configuration file to start and manage the HES server in the `/opt/HES/Deploy` directory. You need to copy the file `HES.service` to the `/lib/systemd/system/`:

```
sudo cp /opt/HES/Deploy/HES.service /lib/systemd/system/HES.service
```

Enabling autostart:

```
sudo systemctl enable HES.service
sudo systemctl restart HES.service
```

You can verify that HES server is running with the command:

```
sudo systemctl status HES
```

The output of the command should be something like this:

```
● HES.service - Hideez Enterprise Server
     Loaded: loaded (/usr/lib/systemd/system/HES.service; enabled; vendor preset: disabled)
     Active: active (running) since Wed 2022-12-21 14:15:03 UTC; 8s ago
   Main PID: 929817 (HES.Web)
      Tasks: 18 (limit: 4405)
     Memory: 103.1M
        CPU: 4.817s
     CGroup: /system.slice/HES.service
             └─929817 /opt/HES/HES.Web
```

## 4. Configuring Reverse Proxy Server

To access your server from the local network as well as from the Internet, you have to configure a reverse proxy. We will use the Nginx server for this.

### 4.1. Install Nginx

*CentOS 7:*

```
sudo yum install nginx -y
sudo systemctl enable nginx
```

*Ubuntu:*

```
sudo apt install nginx -y
```

### 4.2.  Copying of self-signed certificates for Nginx

&#x20;We have prepared a self-signed certificate for nginx that you can use to test running HES.  Just copy it to nginx:<br>

```
sudo mkdir /etc/nginx/certs
sudo cp /opt/HES/Deploy/certs/*   /etc/nginx/certs
```

{% hint style="info" %}
**Note :**

In the production environment, you should take care of acquiring a certificate from a certificate authority. For a self-signed certificate, the browser will alert you that site has security issues.
{% endhint %}

### 4.3. Updating Nginx config

We prepared some Nginx configurations for different versions of Linux and placed them in the `/opt/HES/Deploy` directory. You may just copy the corresponding file or you can review and edit it for your needs.

*CentOS 7:*

```
sudo cp /opt/HES/Deploy/CentOS7/nginx.conf /etc/nginx/nginx.conf
```

*Ubuntu 20:*

```
$ sudo cp /opt/HES/Deploy/Ubuntu20/nginx.conf /etc/nginx/nginx.conf
```

* remove default nginx site:

```
sudo rm  /etc/nginx/sites-enabled/default
```

*Ubuntu 22, Ubuntu 24:*

```
sudo cp /opt/HES/Deploy/Ubuntu22/nginx.conf /etc/nginx/nginx.conf
```

* remove default nginx site:

```
sudo rm  /etc/nginx/sites-enabled/default
```

After copying the file, it is recommended to verify nginx settings:

```
$ sudo nginx -t
```

The output should be something like this:

```
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
```

Otherwise, you should carefully review the settings and correct the errors.

### 4.4. Restart nginx

```
sudo systemctl restart nginx
```

### 4.5. Check that nginx service is installed and started

```
sudo systemctl status nginx
```

The output would be something like this:

```
* nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since Sat 2020-01-25 08:22:56 UTC; 8min ago
  Process: 1702 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 1700 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 1699 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 1704 (nginx)
   CGroup: /system.slice/nginx.service
           +-1704 nginx: master process /usr/sbin/nginx
           +-1705 nginx: worker process
```

{% hint style="info" %}
[Here](/hideez-enterprise-server/deployment/hes-update/linux.md) you can find an update guide for Linux.
{% endhint %}

{% hint style="info" %}
By default, access to the new server:\
login - [admin@server<br>](mailto:admin@hideez.com)password - admin
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://enterprise.hideez.com/hideez-enterprise-server/deployment/hes-deployment/linux.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.