Setting up and upgrading PrivX with custom network ports
These instructions describe how to set up and upgrade PrivX running on custom ports. The port number used in this example is 9443.
Setting Up
Add port to SELinux
$ semanage port -a -t http_port_t -p tcp 9443
Add port to firewall and restart
$ firewall-cmd --zone=public --permanent --add-port=9443/tcp
$ service firewalld restart
Change port 443 to 9443 in Nginx and restart
$ vi /etc/nginx/conf.d/privx.conf
$ service nginx restart
Add :9443 to addresses in PrivX and restart
$ vi /opt/privx/etc/shared-config.toml
..
server {
listen 9443 ssl http2;
client_max_body_size 1M;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AESGCM+EECDH:AESGCM+EDH:AES+EECDH:AES+EDH:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:-DSS:-EDH';
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
include privx/privx-common.conf;
include privx/privx-csp.conf;
include privx/privx-https-location.conf;
}
..
$ service privx restart
- Connect to PrivX with browser
https://own.privx.com:9443/privx/
Upgrading
After upgrading PrivX overwrite Nginx privx.conf with old file
$ cp /etc/nginx/conf.d/privx.conf-old /etc/nginx/conf.d/privx.conf
Restart Nginx
$ service nginx restart