.. Reminder for header structure: Parts (H1) : #################### with overline Chapters (H2) : ******************** with overline Sections (H3) : ==================== Subsections (H4) : -------------------- Subsubsections (H5) : ^^^^^^^^^^^^^^^^^^^^ Paragraphs (H6) : """"""""""""""""""""" .. meta:: :description: WAPT Serveur Post-configuration script :keywords: waptserver, WAPT, preferences, post-configuration, documentation, security, the WAPT Server .. title:: Standard mode post-configuration .. note:: For the CSPN security certification mode, please :ref:`visit this documentation `. .. _wapt-postconf: .. attention:: For post-configuration to work properly: * The *hostname* of the WAPT Server **MUST** be properly configured. To check, use the command :command:`echo $(hostname)` which **MUST** return the DNS address that will be used by WAPT Agents on client computers. * The DNS resolver **MUST** be correctly configured. * The WAPT Server **MUST** be able to contact a Domain Controller in write mode. The post-configuration script rewrites the nginx configuration. A backup file is created when running the postconf in the same directory. This post-configuration script **MUST** be run as **root**. * Run the script. .. code-block:: bash /opt/wapt/waptserver/scripts/postconf.sh * Click on :guilabel:`Yes` to run the postconf script. .. code-block:: bash do you want to launch post configuration tool? < yes > < no > * Choose a password (if not defined) for the :term:`SuperAdmin` account of the WAPT Server (minimum length is 10 characters). .. code-block:: bash Please enter the wapt server password (min. 10 characters) ***************** < OK > < Cancel > * Confirm the password. .. code-block:: bash Please enter the server password again: ***************** < OK > < Cancel > * Choose the authentication mode for the initial registering of the WAPT Agents: * Choice #1 allows to register computers without authentication.The WAPT Server registers all computers that ask to be registered. * Choice #2 activates the initial registration based on kerberos(you can activate it later). * Choice #3 does not activate the kerberos authentication mechanism for theinitial registering of hosts equipped with WAPT. The WAPT Server will require a login and a password for each host registering with it. .. code-block:: bash WaptAgent Authentication type? -------------------------------------------------------------------------- (x) 1 Allow unauthenticated registration ( ) 2 Enable kerberos authentication required for machines registration. Registration will ask for password if kerberos not available ( ) 3 Disable kerberos but registration require strong authentication -------------------------------------------------------------------------- < OK > < Cancel > * If you want to use WAPT for OS Deployment, select yes. .. code-block:: bash Do you want to activate os deployment? < Yes > < No > * If you said yes to activate os deployment, postconf will ask you if you want to use a secure authentication in order to deploy your os. It will ask a user/password when you'll try to deploy os. .. code-block:: bash Would you like to activate secure authentication on wads ? < Yes > < No > * Still about wads, if you said yes to the 2 last questions, you'll have a final question : .. code-block:: bash Would you like to mention subnet ip exempt from wads authentication < Yes > < No > If you said yes here too, you'll have to give subnet ip, can be a list for example : 192.168.0.0/24,192.168.1.0/24 * Select :guilabel:`OK` to start WAPT Server. .. code-block:: bash Press OK to start waptserver < OK > * Select :guilabel:`Yes` to configure Nginx. .. code-block:: bash Do you want to configure nginx? < Yes > < No > * Fill in the :term:`FQDN` of the WAPT Server. .. code-block:: bash FQDN for the WAPT Server (eg. wapt.example.com) --------------------------------------------- wapt.mydomain.lan --------------------------------------------- < OK > < Cancel > * Select :guilabel:`OK` and a self-signed certificate will be generated, this step may take a long time. .. code-block:: bash Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time .......................................+...............................+... Nginx is now configured, select :guilabel:`OK` to restart :program:`Nginx`: .. code-block:: bash The Nginx config is done. We need to restart Nginx? < OK > The post-configuration is now finished. .. code-block:: bash Postconfiguration completed. Please connect to https://wapt.mydomain.lan/ to access the WAPT Server. < OK > Listing of post-configuration script options: .. list-table:: :header-rows: 1 :widths: 40 60 :align: center * - Options - Description * - ``--force-https`` - Configures :program:`Nginx` so that *port 80 is permanently redirected to 443*