Nwinx - Nginx for Windows

Winrpe

Nwinx is an Nginx implementation for Windows systems. It is a packaging of Nginx, LibreSSL, Cygwin and many other related tools to make it a small-scale, lightweight, secure and ready-to-use web-/proxy server solution.

Nginx is a popular, free, open-source, high-performance HTTP server and reverse proxy. It is known for high performance, stability, rich feature set, simple configuration, and low resource consumption. LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. . Cygwin(link is external) is a Linux-like environment for Windows. It consists of a DLL (cygwin1.dll), which emulates substantial Linux API functionality, and a collection of tools.

Installation

Supported platforms : Vista/2008/7/2012/8/10/2016

Nwinx is available as a zip file containing an installer. Simply unzip your downloaded copy and run the package "nwinx_x.x.x_Installer.exe":

  1. Accept License agreement.
  2. Specify an installation location.
  3. Specify a service account for the Nginx service.
  4. Installation starts. By clicking 'Details' button, you can get more detailed information about installation. Check if everything seems ok.

Nwinx is now installed and Nginx is activated as a manual service with a default configuration listening to port 80. 

 

Usage

You need to update the configuration file etc/nginx/nginx.cfg (available from start menu) according to your needs and change the start mode to  automatic. You need to configure the firewall to allow incoming connections to the listening port (80 by default). The default web root directory is located at var/opt/nginx/html. Nginx binary is SSL-enabled via the LibreSSL library and can use both basic and LDAP authentication.

 

Uninstallation

This one is easy too:

  1. Make sure that no clients are connected.
  2. Choose Uninstall from Start menu. Again, you can monitor uninstallation process by clicking 'Details' button. 

How to enable Active Directory authentication for Nwinx ?

Nwinx has built-in support for LDAP authentication allowing you to use AD authentication. 

Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nwinx installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
  • Replace every occurence of
auth_basic "Restricted";
auth_basic_user_file htpasswd;
 
by
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
NB! if you want basic authentication still available, you can simply add the ldap directives above instead of replacement. It is also possible to use groups. Check example configuration link below for more details.
 
  • Restart NginxServer service
 
Useful links:
 

How to enable SSL secure communications for Nwinx ?

Nwinx has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nwinx installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         80;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri;
}
 
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart NwinxServer service
Useful links:
 

Nwinx License/Version

 This package contains components with following terms of licensing:

 

Component Version Licensing
Nginx 1.15.8 Nginx license
Crypto library LibreSSL 2.8.2 LibreSSL license
Cygwin and GNU tools 2.11.1 CYGWIN license Source code for Cygwin and GNU Tools are available here.
Nwinx 1.4.0 Simplified BSD