.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: WAPT Serveur Post-conf script :keywords: waptserver, WAPT, preferences, post-configuration, documentation, security .. title:: Post-configuring .. _post_conf: .. attention:: For post-configuration to work properly, you must first have properly configured the *hostname* of the WAPT server. To check, use the command :command:`echo $(hostname)` which must return the DNS address that will be used by WAPT agents on client computers. .. warning:: The post-configuration script rewrites the nginx configuration. If you use a :ref:`special configuration `, save your :file:`wapt.conf` file with the command .. code-block:: bash cp /etc/nginx/sites-available/wapt.conf /etc/nginx/sites-available/wapt.conf.old It will be necessary to overwrite the configuration after the post-configuration with the command : .. code-block:: bash cp /etc/nginx/sites-available/wapt.conf.old /etc/nginx/sites-available/wapt.conf .. hint:: This post-configuration script must be run as **root**. * Run the script. .. code-block:: bash /opt/wapt/waptserver/scripts/postconf.sh * Click on :guilabel:`Yes` to run the postconf script. .. code-block:: bash do you want to launch post configuration tool? < yes > < no > * Choose a password (if not defined) for the :term:`SuperAdmin` account of the WAPT server (minimum length is 10 characters). .. code-block:: bash Please enter the wapt server password (min. 10 characters) ***************** < OK > < Cancel > * Confirm the password. .. code-block:: bash Please enter the server password again: ***************** < OK > < Cancel > * Choose the authentication mode for the initial registering of the WAPT agents: * Choice #1 allows to register computers without authentication.The WAPT server registers all computers that ask to be registered. * Choice #2 activates the initial registration based on kerberos(you can activate it later). * Choice #3 does not activate the kerberos authentication mechanism for theinitial registering of machines equipped with WAPT. The WAPT server will require a login and a password for each machine registering with it. .. code-block:: bash WaptAgent Authentication type? -------------------------------------------------------------------------- (x) 1 Allow unauthenticated registration ( ) 2 Enable kerberos authentication required for machines registration. Registration will ask for password if kerberos not available ( ) 3 Disable kerberos but registration require strong authentication -------------------------------------------------------------------------- < OK > < Cancel > * Select :guilabel:`OK` to start WAPT Server. .. code-block:: bash Press OK to start waptserver < OK > * Select :guilabel:`Yes` to configure Nginx. .. code-block:: bash Do you want to configure nginx? < Yes > < No > * Fill in the :term:`FQDN` of the WAPT server. .. code-block:: bash FQDN for the WAPT server (eg. wapt.example.com) --------------------------------------------- wapt.mydomain.lan --------------------------------------------- < OK > < Cancel > * Select :guilabel:`OK` and a self-signed certificate will be generated, this step may take a long time. .. code-block:: bash Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .......................................+...............................+... Nginx is now configured, select :guilabel:`OK` to restart :program:`Nginx`: .. code-block:: bash The Nginx config is done. We need to restart Nginx? < OK > The post-configuration is now finished. .. code-block:: bash Postconfiguration completed. Please connect to https://wapt.mydomain.lan/ to access the server. < OK > Listing of post-configuration script options: .. list-table:: :header-rows: 1 :widths: 40 60 :align: center * - Options - Description * - ``--force-https`` - Configures :program:`Nginx` so that *port 80 is permanently redirected to 443*