Skip to main content

How do I configure nginx as reverse proxy for ESET Secure Authentication - Kennisbank / ESET Secure Authentication - ESET Tech Center

How do I configure nginx as reverse proxy for ESET Secure Authentication

Authors list

prerequisites 

  • ESA 2.7 Installed
  • fqdn (esa.company.com for example) 
  • valid SSL Certificates for above fqdn (can be self signed) 


Installing nginx on windows

  1. Download nginx for windows via http://nginx.org/en/download.html
  2. Download nssm for windows via https://nssm.cc/download
  3. unpack nginx and place it in a logic location (C:\nginx or C:\Program Files\nginx for example)
  4. open command prompt and run nssm.exe install
  5. browse to the nginx.exe location (step 3) 
  6. fill in a service name (nginx for example)
  7. go to the details tab 
  8.  set the startup type to "Automatic  (Delayed start)
  9. Click on install service
  10. open the nginx.conf file (%nginx-directory%/conf/nginx.conf)
  11. add the following to the bottom of this config file:

        # HTTPS server

        #

        server {

            listen       443 ssl;

          server_name  esa.company.com;


            ssl_certificate      "C:\path\to\certificate.pem";

            ssl_certificate_key  "C:\path\to\certificate-privatekey.pem";


            ssl_session_cache    shared:SSL:1m;

           ssl_session_timeout  5m;


            ssl_ciphers  HIGH:!aNULL:!MD5;

            ssl_prefer_server_ciphers  on;


           location / {

    proxy_pass https://127.0.0.1:8001;


        }


    }

  12. change the paths to the certificates and chance the proxy_pass ip-adress to that of the ESA Core service if not installed on the same machine. 
  13. start the nginx service. 


Adding a stand-alone computer 

  1. In the ESA Web Console, click Components > Invitations.
  2. Click Create invitation....
  3. Enter an invitation name, expiration time and usage count. Click Create.

  4. The invitation details displays. To save the details to a text file or to copy elsewhere, click Copy data to clipboard.

  5. Start the ESA installation on the desired stand-alone system
  6. When prompted, click Select components,  select the desired components
  7. Paste the invitation data generated during step 4 in the "invitation data" box.
  8. change the "server=" variable from  local hostname to the fqdn (esa.company.com)
  9. click next to finish installation. 

Add a comment

Please log in or register to submit a comment.

Need a password reminder?