Nwinx FAQs

How to enable Active Directory authentication for Nwinx ?

Nwinx has built-in support for LDAP authentication allowing you to use AD authentication. 

Follow steps below:

  • Create a dedicated AD service account for LDAP queries (say ldapreq, domain example.local)
  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nwinx installation directory>\etc\nginx\nginx.conf
http {
....
ldap_server DCGC1 {
    url ldap://192.168.0.1:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
 
ldap_server DCGC2 {
    url ldap://192.168.0.2:3268/DC=example,DC=local?sAMAccountName?sub?(objectClass=person);
    binddn "CN=xxxxx,CN=xxxxx,DC=example,DC=local";
    binddn_passwd password;
    group_attribute uniquemember;
    group_attribute_is_dn on;
    require valid_user;
}
  • Replace every occurence of
auth_basic "Restricted";
auth_basic_user_file htpasswd;
 
by
 
auth_ldap "Restricted";
auth_ldap_servers DCGC1,DCGC2;
 
NB! if you want basic authentication still available, you can simply add the ldap directives above instead of replacement. It is also possible to use groups. Check example configuration link below for more details.
 
  • Restart NginxServer service
 
Useful links:
 

How to enable SSL secure communications for Nwinx ?

Nwinx has a built-in support for SSL communications. Assuming that you have required certificate files located at the etc/nginx/ssl directory, you may follow steps below to enable secure communications:

  • Start a text editor capable of editing a text file with Unix line endings (Wordpad or Notepad++ for example)
  • Edit file <Nwinx installation directory>\etc\nginx\nginx.conf:
.....
server {
       listen         80;
       server_name    your.server.name;
       return         301 https://$server_name$request_uri;
}
 
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/nginx/ssl/your.server.name.crt;
ssl_certificate_key /etc/nginx/ssl/your.server.name.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
 server_name  your.server.name;
.....
  • Setup above will automatically redirect http requests to https, making your server communicate securely all the time. NB! SSLv3 are excluded from the supported list of protocols (ssl_protocols directive) to avoid Poodle security vulnerabilitiy.
  • Restart NwinxServer service
Useful links: