This article outlines the technical prerequisites, environment dependencies, and recommended best practices for installing Ninox on Windows Server

Note: First set up a Windows Server environment. You will find a step-by-step guide in Get started with Windows Server. Once all requirements are met, continue with On-Premises Setup Guide for Windows.

1. System requirements

Operating system

• Windows Server 2008 or newer

Minimum hardware

• 4 GB RAM
• 2 vCores
• 100 Mbit network connection
• 120 MB free space for installation files
• 10 GB free space for application data
  • The exact requirement depends on your use case. We recommend a scalable storage solution.

2. Environment dependencies

• DNS name for the server
• Open port — default 80 or 443 (other ports can be configured)
• HTTP(S) connectivity from client to server
• SSL certificate (.p12/.pfx) — with or without passphrase
  • The passphrase is stored in server-config.json as plain text.
• SMTP server — optional authentication

3. Recommendations

1. Use SSD storage for Ninox data.
2. Implement a two-layer backup strategy:
   • VM snapshots
   • File-system incremental backups of the data directory
3. Plan a fail-over strategy.

4. Network configuration

Ninox client/server communication uses HTTP(S). The following conditions must be met:

• Clients must reach the Ninox server via HTTPS over TCP/IP.
• The server’s DNS name (or the first component that terminates the client connection) must reliably resolve to the server IP.
• Static IP addresses are strongly recommended; avoid DynDNS.
• If clients connect from both internet and intranet, they must use the same address/DNS name.

5. Deployment scenarios

Simple setup

Client → HTTPS → Server
The server exposes an HTTPS port on the internet or a private network.

Forward-proxy setup

Client → HTTPS → Forward Proxy → HTTPS → Server

DMZ setup (recommended)

Client → HTTPS → Reverse Proxy → HTTP → Server
In a DMZ, the reverse proxy terminates all client connections.

Benefits of a DMZ configuration

• Centralized certificate management on the reverse proxy
• Added security through traffic inspection

Reverse-proxy requirements

• Allowed HTTP methods: POST, GET, PUT, PATCH, DELETE, OPTIONS, HEAD
• TCP timeout > 60 seconds
• No URL rewriting — Ninox cannot run under a sub-path
• Supports parallel connections (at least 2 concurrent TCP connections per active client)

6. Configuration file

Edit the server-config.json file in the installation directory. For a sample, see sample configuration file.

Note: Ensure the file is valid UTF-8-encoded JSON without proprietary UTF-8 headers.

Tip: Do not use Windows Notepad. Use Notepad++ or another code editor instead.