Prepare an environment with Windows Server. Refer to the Get started with Windows Server guide for more information.

System requirements

Supported operating systems

• Windows Server 2008 or higher

Minimum hardware requirements

• 4 GB RAM
• 2 vCores
• 100 MBit network connection
• 120 MB free disk space for the installation files
• 10 GB free disk space for application data

   

  • The actual requirement depends on the use case, a scalable store solution is recommended

Environment dependencies

• DNS name
• Free port (e.g., 80 or 443, other ports can be configured as well)
• HTTP(S) connectivity client => server
• SSL certificate (.p12 / .pfx) with or without a private key passphrase

   

  • The passphrase is stored as plain text in server-config.json
• SMTP server with or without authentication

Recommendations

• Store Ninox data files on SSD storage
• Implement a backup strategy with at least two layers of backup

   

  • VM snapshots
  • File system-based incremental backups of the data directory
• Implement a fail-over strategy

Network configuration

Ninox client/server communication is based on HTTP(S). There are multiple ways to configure a Ninox installation, however, the following properties must be given:

• Clients must be able to connect to the Ninox server by HTTPS via TCP/IP
• A DNS name for the Ninox server (or the first component in the configuration that terminates the client connection) that reliably resolves to the server's IP
• Static IP addresses are highly encouraged, DynDNS is not recommended
• If clients connect from the internet and intranet, they need to use the same address/DNS name

Follow the steps for one of the deployment configurations.

Simple setup

Client –> HTTPS –> Server

The basic configuration requires that the Ninox server exposes a port for HTTP communication on the internet or on a private network.

Forward proxy setup

Client –> HTTPS –> Forward Proxy –> HTTPS –> Server

DMZ setup

Client –> HTTPS –> Reverse Proxy –> HTTP –> Server

In a DMZ environment, a reverse proxy terminates any client-side communication. This is the recommended configuration for environments that have already implemented a DMZ. Two main advantages of a DMZ setup are:

• Centralized certificate management on the reverse proxy
• A reverse proxy can act as a security component with traffic inspection

Requirements

• Allow at least the following HTTP methods: POST, GET, PUT, PATCH, DELETE, OPTIONS, and HEAD
• TCP timeouts must be higher than 60 seconds
• No path rewriting rules, Ninox cannot be mounted on a sub-path
• Ninox may heavily rely on parallel TCP connections

   

  • The reverse proxy needs to be able to handle multiple TCP connections—ideally at least 2 concurrent connections per concurrent client

Configuration file

Edit server-config.json in the installation directory. Refer to section Sample configuration file for more information.

 On Windows, do not use Notepad to edit the configuration file. Other code editors, including Notepad ++, are suitable options.

 Ensure the configuration file complies with the UTF-8 encoded JSON format. The configuration file must not involve proprietary UTF-8 encoding headers.