Configure proxy for ESA
The example below refers to using Nginx as a reverse proxy server for ESET Secure Authentication On-Prem.
Configure the Nginx reverse proxy while applying the settings below. Use one of the sample configuration scripts below in the nginx.conf file, for example right after the events { ... } part.
1.Use ip_hash to ensure:
•A component always connects to the same server
•When accessing the Web Console, the browser always contacts the same server
2.Set the listening port to 443.
3.Define the SLL certificate you generated. Example of generating a self-signed certificate.
The sample configuration snippets assume the custom generated certificate and certificate key are located at "D:\ESAcustomCertificate.crt" and "D:\ESAcustomCertificate.key".
Sample configuration snippet - single authentication server http { sendfile on;
upstream esa_servers { ip_hash; server esa01.local:8001; } server { listen 443 ssl; ssl_certificate D:\ESAcustomCertificate.crt; ssl_certificate_key D:\ESAcustomCertificate.key; location / { proxy_pass https://esa_servers; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } } } |
Sample configuration snippet - multiple authentication servers http { sendfile on;
upstream esa_servers { ip_hash; server esa01.local:8001; server esa02.local:8001; } server { listen 443 ssl;
ssl_certificate D:\ESAcustomCertificate.crt; ssl_certificate_key D:\ESAcustomCertificate.key;
location / { proxy_pass https://esa_servers; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } } } |
Authentication Server and Nginx on a different Windows server machine If Nginx is on a different Windows Server machine than the Authentication Server, import the certificate of ESET Secure Authentication On-Prem to the Nginx machine's certificate store, specifically to Certificates (Local Computer) > Trusted People. |
If you receive a certificate issue message when trying to access the ESA Web Console from a computer, add an exception.