Access - Getting Started - Linux

On Linux:

To make this tutorial easier to understand, and as close to a real scenario we took this initial parameters as example:

Company access web login sub-domain: (unique per company)
mycompany-access.loginstep.com

Server alocated subdomain: (each install on a separate IP will get it's own subdomain)
mycompany2.myaccessbox.com

AccessServer local http port:
1111

nGinx SSL port
20443

Local Path shared:
/home/mycompany

Weblogin email address:
whatever@mycompany.com

Weblogin password:
mypassword


Let's begin the Setup.

Install .net core 2.0

sudo curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg

sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg

sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-xenial-prod xenial main" > /etc/apt/sources.list.d/dotnetdev.list'

sudo apt-get update

Sometimes you might get an error like: E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem.

sudo dpkg --configure -a

sudo apt-get install dotnet-sdk-2.0.0


Download AccessServer

tar xzvf AccessServerLinux.tar.gz

mv AccessServerLinux /opt/

cd /opt/AccessServerLinux

chmod +x start_logging.sh start.sh stop.sh AccessServer

Edit Credential details and App Settings

sudo nano AccessServer.config

VERY Important, you need to setup and run the App without SSL for the First time!

AccessServer.config should look like this:
----------------------------------
# Use below line uncommented for http (nonSSL setup) and https (for SSL setup) please change the port wot whatever port you would like.
adr=http://*:1111
# adr=https://127.0.0.1:1111

# Setup Shared local Path
path=/home/mycompany

# your App domain
domain=mycompany-access.loginstep.com

#your email used to login as admin and your password
email=whatever@mycompany.com
pass=mypassword

# nGinx related settings (nGinx Reverse Proxy is useed for SSL)
# Port used by nGinx SSL Proxy
# sslport=20443
----------------------------------

Start the App (make sure you are in the same folder where the app content is)

./start.sh

Or - Start the app with loggin in case you have problems this way you can use logs to debug problems

./start_logging.sh

Open required ports if you are using any firewall (port 80 is required for Aquiring/Install Let's Encrypt SSL, and port of the APP you setup in the config file, in our case 1111 for http, and 20443 for https)

run the folowing command to ckeck if app is runnng

ps aux|grep AccessServer

If app running, you should see something like this:
18580  0.0 10.5 2796700 52808 pts/0   SLl  Sep07   0:00 dotnet AccessServerCore.dll


Start AccessServer to boot time.

Run this if you had AccessServer installed / Setup before

mv /opt/AccessServerLinux/AccessServer /etc/init.d/

Run this if you had AccessServer installed / Setup before

update-rc.d -f AccessServer remove

Let's add AccessServer to boot time

update-rc.d AccessServer defaults

update-rc.d AccessServer enable


On the Web interface.

Login using your credentials, then  navigate to admin panel, (top right screen icon)

In the admin area click Servers.

Type a Label for your Server (preferable something short to indentify the respective server)

From dropdown You can identify your new install by looking at the IP/Port combination on your install and see the Hostname (whatever-fs.myaccessbox.com) generated by the app, you will require this hostname when setting up SSL

Select the newly detected server, and the necessary fields will get autopopulated, Hostname/Port (in case you modified (translated) the port when set up in your router, modify detected port to whatever port number you translated)

Click Save (if you see the success message and you see the server added below, you have done everythiing corectly), If you get an error message, please revisit the steps above and see where something went wrong.

Test your newly added server by going Home and browsing the content from that Server.

You are Good to GO, using file transfer over HTTP!

If interested in transfering files over SSL the follow the below tutorial.

SSL on linux:

sudo apt-get install nginx

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

sudo apt-get install python-certbot-nginx

sudo nano /etc/nginx/sites-available/default

replace "_" after the server_name _; with the subdomain generated, this info can be found in the web interface at Severs page in the drop down.

server_name mycompany2.myaccessbox.com;

Edit Location configuration to look as below example

location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
                proxy_pass http://127.0.0.1:1111;
                proxy_redirect http://127.0.0.1:1111/ $scheme://$host:20443/;
                }

Port 1111 is the local port app runing under and must match the configuration port found in AccessServer.config
Port 20443 is the New Port the app will run with nGinx SSL. 

After editing all above save the config file.

Start nGinx

sudo systemctl reload nginx

Let's get a SSL certificate,

sudo certbot --nginx -d mycompany2.myaccessbox.com

In this priocess you need to:
Enter an email address
A to agree TS
Y or N to allow or not to share your email address with the Electronic Frontier Foundation,
2 to Redirect - Make all requests redirect to secure HTTPS access.

Setting up Certificate for Auto Renewal:
sudo crontab -e

Add at the end of file the following line:
15 3 * * * /usr/bin/certbot renew --quiet

After this process the SSL config would have been added to /etc/nginx/sites-available/default

We need to edit the SSL port to match out app settings,
sudo nano /etc/nginx/sites-available/default

edit port number
listen 20443 ssl; # managed by Certbot (this port should match the port for SSL from AccessServer.config )

Note, this port can be whatever port you choose, as long as it is preserved in all configuration files.

Restart nGinx
sudo systemctl reload nginx

Edit AccessServer.config and enable/.edit coresponging SSL settings

sudo nano AccessServer.config

--------------------------------
# Use below line uncommented for http (nonSSL setup) and https (for SSL setup) please change the port to whatever port you would like.
#adr=http://*:1111
adr=https://127.0.0.1:1111

# Setup Shared local Path
path=/home/mycompany

# your App domain
domain=mycompany-access.loginstep.com

#your email used to login as admin and your password
email=whatever@mycompany.com
pass=mypassword

# nGinx related settings (nGinx Reverse Proxy is useed for SSL)
# Port used by nGinx SSL Proxy
sslport=20443
--------------------------------

In the folder where the app is  installed, run the Stop/Start commands to reload configuration.
./stop.sh
./start.sh

On the Web Interface / Admin / Servers, edit the Server created with HTTP support and in the drop down the presented server will have HTTPS protocol displayed at this point in time, Select it and make sure the Port is corect, then Save the new configuration.

You are good to GO with SSL file transfer :)



Aditionaly, Improove SSL rating by followinf the below tutorial.

Updating Diffie-Hellman Parameters

If you test your server using the SSL Labs Server Test now, it will only get a B grade due to weak Diffie-Hellman parameters. This effects the security of the initial key exchange between our server and its users. We can fix this by creating a new dhparam.pem file and adding it to our server block.

Create the file using openssl:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

This will take a while, up to a few minutes. When it's done, open up the Nginx config file that contains your server block. In our example, it's the default config file:

sudo nano /etc/nginx/sites-available/default

Paste the following bold line anywhere within the server block:

nano /etc/nginx/sites-available/default

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

Save the file and quit your editor, then verify the configuration:

sudo nginx -t

If you have no errors, reload Nginx:

sudo systemctl reload nginx

Your site is now more secure, and should receive an A rating.

NOTE
If your Linux flavour is CentOS x you might need to run the folowing command to allow nGinx proxy pass:
setsebool -P httpd_can_network_connect 1 

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Login Page Explained

To access Login page, make sure you have the correct credentials provided by your IT...

Manually install SSL certificate under Windows OS

Windows  HTTPS configurationThe first step is to buy a https certificate from a certificate...

General Port Forwarding Guide | Access Document Manager

Port Forwarding is composed of at least 2 main blocks!Block 1: Router / Gateway deviceBlock 2:...

Access - Getting Started - Windows

On you Windows MachineDonwload  the app from here: http://loginstep.com/download/fm/win/ Set...

Download access file server and client

WINDOWSAccess Document Management Server: http://loginstep.com/download/fm/win/ Access Document...