Configure proxy for ESA

The example below refers to using Nginx as a reverse proxy server for ESET Secure Authentication.

Configure the Nginx reverse proxy while applying the settings below. Use one of the sample configuration scripts below in the nginx.conf file, for example right after the events { ... } part.

1.Use ip_hash to ensure:

A component always connects to the same server

When accessing the Web Console, the browser always contacts the same server

2.Set the listening port to 443.

3.Define the SLL certificate you generated. Example of generating a self-signed certificate.

The sample configuration snippets assume the custom generated certificate and certificate key are located at "D:\ESAcustomCertificate.crt" and "D:\ESAcustomCertificate.key".


example

Sample configuration snippet - single authentication server

http {

    sendfile on;

 

    upstream esa_servers {

        ip_hash;

        server esa01.local:8001;

    }

    server {

        listen 443 ssl;

        ssl_certificate D:\ESAcustomCertificate.crt;

        ssl_certificate_key D:\ESAcustomCertificate.key;

        location / {

            proxy_pass         https://esa_servers;

            proxy_redirect     off;

            proxy_set_header   Host $host;

            proxy_set_header   X-Real-IP $remote_addr;

            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header   X-Forwarded-Host $server_name;

        }

    }

}

 


example

Sample configuration snippet - multiple authentication servers

http {

    sendfile on;

 

    upstream esa_servers {

        ip_hash;

        server esa01.local:8001;

        server esa02.local:8001;

    }

    server {

        listen 443 ssl;

 

        ssl_certificate D:\ESAcustomCertificate.crt;

        ssl_certificate_key D:\ESAcustomCertificate.key;

 

        location / {

            proxy_pass         https://esa_servers;

            proxy_redirect     off;

            proxy_set_header   Host $host;

            proxy_set_header   X-Real-IP $remote_addr;

            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_set_header   X-Forwarded-Host $server_name;

        }

    }

}


note

Authentication Server and Nginx on a different Windows server machine

If Nginx is on a different Windows Server machine than the Authentication Server, import the certificate of ESET Secure Authentication to the Nginx machine's certificate store, specifically to Certificates (Local Computer) > Trusted People.

If you receive a certificate issue message when trying to access the ESA Web Console from a computer, arrow_down_business add an exception.