Linux deployment
Hideez Enterprise Server on CentOS or Ubuntu Server
System Requirements
Can be installed on a bare metal or virtual server
8GB drive
2GB RAM
Option 1: Clean installation of CentOS Linux x86_64 7.6, select "minimal install" option during installation
Option 2: Clean installation of CentOS Linux x86_64 8.2, select "minimal install" option during installation
Option 3: Clean installation of Ubuntu Server LTS 18.04
Option 4: Clean installation of Ubuntu Server LTS 20.04
Before you start
You need to know how to create and edit text files in Linux. For example, you can use vim editor. Here you can find a quick start guide on [how to use the Vim editor] (https://www.control-escape.com/linux/editing-vim.html).
1. Preparation
1.1 System Update
CentOS 7
CentOS 8
Ubuntu
Reboot system
1.2 Disable SELinux (CentOS only)
To verify that SELinux is disabled, you can type:
Note: on production servers, usually after installation and verification, you need to re-enable SELinux and configure it accordingly.
1.3 Firewall Configuration (optional)
To access the server from the network, ports 80 and 443 and port 22 (default port for connection via ssh) should be opened:
CentOS:
Ubuntu:
2. Installing Prerequisites
2.1 Install MySQL version 8
CentOS 7:
CentOS 8:
Ubuntu 18.04:
note: click "ok" to confirm the server installation
during the installation you will be prompted to enter the mysql user password. Remember this password for future use.
Ubuntu 20.04:
2.2 Install Nginx
CentOS 7:
CentOS 8:
Ubuntu:
3. Configuring MySQL Server and Database
3.1 Enable and start MySQL service (CentOS only):
CentOS:
3.2 Verification of the Server availability
Run the following command to check that the server is running and has the correct version:
3.3 Setting a permanent root password and MySQL security settings
MySQL expects that your new password should consist of at least 8 characters, contain uppercase and lowercase letters, numbers and special characters (do not forget the password you set, it will come in handy later). After a successful password change, the following questions are recommended to answer "Y":
[Note]:
In CentOS 7, the default root password can be found using
sudo grep "A temporary password" /var/log/mysqld.log
In CentOS 8, the root password is empty by default
In Ubuntu 18.04 the password was entered during installation of MySQL
In ubuntu 20.04 the password is empty after installation
Depending on the version of linux, the output of commands may differ slightly. The following is an example for CentOs 7:
To verify that everything is correct, you can run
After entering password, you will see MySQL console with a prompt:
3.4 Creating a MySQL user and database for Hideez Enterprise Server
The following lines create a database db
, the user user
with the password <user_password>
. Сhange <user_password>
to a strong password, otherwise you may get a password validator error.
You should remember the user password, it will come in handy later.
To exit from the MySql console, press Ctrl+D.
4. Installing the HES server
4.1 Download HES server
4.2 Extracting files and moving to the /opt directory
4.3 Configuring the HES
Copy appsettings.json
to appsettings.Production.json
Edit the file /opt/HES/appsettings.Production.json
Replace the following settings in this file with your own:
<user_password>
- Password for the user on MySQL server<smtp_host>
- Host name of your SMTP server (example:smtp.example.com
)<smtp_port>
- Port number of your SMTP server (example:123
)<email_address>
- Your email adress (example:user@example.com
)<email_password>
- Password to access the SMTP server (example:password
)<you_domain_name>
- you fully qualified domain name (FQDN) of your HES site (example:hideez.example.com
)
Important note: by default, .Net Core uses ports 5000 and 5001. Therefore, if only one domain is running on the server, port numbers can be skipped. But if it is supposed to run a few sites on one computer, then it is necessary to specify different ports for each site in json file. For example, for a site to listen to ports 6000 and 6001, after "AllowedHosts": "*" add the following (via comma) :
The basic format of a connection string includes a series of keyword/value pairs separated by semicolons. The equal sign (=) connects each keyword and its value. To include values that contain a semicolon, single-quote character, or double-quote character, the value must be enclosed in double quotation marks. If the value contains both a semicolon and a double-quote character, the value can be enclosed in single quotation marks. The single quotation mark is also useful if the value starts with a double-quote character. Conversely, the double quotation mark can be used if the value starts with a single quotation mark. If the value contains both single-quote and double-quote characters, the quotation mark character used to enclose the value must be doubled every time it occurs within the value.
4.4 Daemonizing of the Enterprise Server
We prepared file for to start and manage the HES server in the /opt/HES/Deploy
directory
Copy file HES.service
to the /lib/systemd/system/
:
Enabling autostart:
You can verify that HES server is running with the command:
The output of the command should be something like this:
5. Configuring Reverse Proxy Server
To access your server from the local network as well as from the Internet, you have to configure a reverse proxy. We will use the Nginx server for this.
5.1 Creating a Self-Signed SSL Certificate for Nginx
Note 1:
In production, you should take care of acquiring a certificate from a certificate authority. For a self-signed certificate, the browser will alert you that site has security issues.
Note 2:
When generating a certificate, answer a few simple questions, of which Common Name (CN) will be important - here be the name of your site, in our example it is hideez.example.com
5.2 Updating Nginx config
We prepared some Nginx configurations for different versions of Linux and placed them in the /opt/HES/Deploy
directory. You may just copy the corresponding file or you can review and edit it for your needs.
CentOS 7:
CentOS 8:
Ubuntu 18:
Ubuntu 20:
After copying the file, it is recommended to verify nginx settings:
The output should be something like this:
Otherwise, you should carefully review the settings and correct the errors.
5.3 Restart nginx
5.4 Check that nginx service is installed and started
The output would be something like this:
6. Final Verification
After these steps, your server should be up and running. Go to the https://<you_domain_name>
in the browser and verify if the site is available.
Note: for a self-signed certificate, it should be a warning that your connection isn't private. Press Advanced/Proceed to ignore the warning.
Updating HES
Option 1 (using a script)
To update the server, you can use the update.sh
script, which is located in the HES directory (/opt/HES
default). You can run it either manually or through the web interface (by clicking on the server version). If an update is available, you will be prompted to update the server using a script. If you have changed the location of the server, the name of the service to run, you can manually specify the necessary parameters in the script.
Option 2 (without using a script)
2.1 Stopping HES Service
2.2 Back up the HES binaries and the configuration file
2.3 Back up the MySQL Database
The following command will create a copy (dump) of the database in file db.sql
in /opt/HES.old
directory:
change <MySQL_root_password>
with your real password
2.4 Download a new version of the HES
2.5 Restore the configuration file
2.6 Restart the HES and check its status
If something goes wrong, you can restore the HES server using the following commands
change <MySQL_root_password>
with your real password
After checking that the update was successful and everything works fine, you can delete copies of the database and server:
Last updated