Setting up and upgrading PrivX with custom network ports
These instructions describe how to set up and upgrade PrivX running on custom ports. The port number used in this example is 9443.
Setting Up
-
Add port to SELinux
semanage port -a -t http_port_t -p tcp 9443
-
Add port to firewall and restart
firewall-cmd --zone=public --permanent --add-port=9443/tcp
service firewalld restart -
Change port 443 to 9443 in Nginx and restart
vi /etc/nginx/conf.d/privx.conf
service nginx restart -
Add :9443 to addresses in PrivX and restart the service
vi /opt/privx/etc/shared-config.toml
..
server {
listen 9443 ssl http2;
client_max_body_size 1M;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'AESGCM+EECDH:AESGCM+EDH:AES+EECDH:AES128-GCM-SHA256:-DSS:-EDH:-SHA1:-SHA256:-SHA384';
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
include privx/privx-common.conf;
include privx/privx-csp.conf;
include privx/privx-https-location.conf;
}
..Followed by
service privx restart
-
Connect to PrivX with browser:
https://own.privx.com:9443/privx/
Upgrading
-
After upgrading PrivX overwrite Nginx privx.conf with old file
cp /etc/nginx/conf.d/privx.conf-old /etc/nginx/conf.d/privx.conf
-
Restart Nginx
service nginx restart