- Contents
CIC Web Applications Installation and Configuration Guide
Install CIC Web Applications on Nginx
To install CIC Web Applications on Nginx
-
Create a folder in the document root of your web server for the CIC Web Applications. Verify that your web server software (IIS, Apache, or Nginx) has the appropriate permissions for that newly created folder.
Note: In this example, the folder is ININApps.
-
Download the CIC Web Applications zip file fromhttps://my.inin.com/products/Pages/Downloads.aspx. All of the web applications are contained in this single zip.
-
Unzip the CIC Web Applications folder.
-
Navigate to the web_files folder inside the unzipped CIC Web Applications folder.
-
Copy all of the folders inside of web_files. Each folder contains one CIC web application.
-
Paste the folders copied in the previous step into the directory you created in step 1. Doing so places the appropriate directory structure and files for all CIC Web Applications on your web server.
-
In Nginx /conf/nginx.conf, verify the following (minimally required) configuration entries are set or added (whether at the http or server level):
include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; gzip_types text/plain text/css application/javascript applications/json image/svg_xml; index index.html index.htm; client_max_body_size 0; autoindex on;
-
To prevent cross-frame scripting or clickjacking, add the following parameter to conf/nginx.conf. Set the options to DENY, SAMEORIGIN, or ALLOW-FROM origin. For more information, see Security Considerations.
add_header X-Frame-Options "DENY"
-
First, identify the directories that should be blocked. Then to block all or some directories from directory scanning, in /conf/nginx.conf, add the following. If you do not specify a directory, then the rule applies to all folders.
Note: In addition to the recommended configuration changes, you should also assign the appropriate ACLs (Access Control Lists) to the directories on the web server used by your organization.
location /{YOUR DIRECTORY NAME}{ autoindex off; } -
Set the
rootentry for the server to the CIC Web Applications folder -
Add the following rewrite rules within the server object:
set $ininIcwsOriginalUrl $http_inin_icws_original_url; if ($ininIcwsOriginalUrl !~ .+) { set $ininIcwsOriginalUrl $scheme://$http_host$request_uri; } location ~* (?:^(.+)/api|^/api)/([^/]+)(/.+)$ { set $web_app $1; set $server $2; set $icws_path $3; proxy_cookie_path /icws/ $web_app/api/$server/icws/; proxy_redirect /icws/ $web_app/api/$server/icws/; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header ININ-ICWS-Original-URL $ininIcwsOriginalUrl; proxy_pass http://$server:8018$icws_path$is_args$args; add_header P3P ‘CP=“CAO PSA OUR”‘; # If you are securing the ICWS host(s), use this rewrite rule instead: # proxy_passhttps://$server:8019$icws_path$is_args$args; proxy_buffering off; proxy_http_version 1.1; }Note: If the X-Forwarded-For header is already being set to $proxy_add_x_forwarded_for at a higher level, it is not needed here. That header is, however, required for these API calls.
Note: All proxy_set_header directives must be placed at the same level within the configuration file, i.e. in the code above, the proxy_set_header directives both must either be inside of the
locationblock or outside of thelocationblock. -
Add the following cache rules within the server object:
location ~ /client/ { location ~ /client/help/ { expires off; } location ~ /client/(?:addins|config)/ { add_header Cache-Control "no-cache"; } location ~ index.html?$ { expires 15m; } location ~ .(?:js|css|jpe?g|ico|png|gif|svg|ttf|woff|otf|eot|mp3|wav|ogg)$ { expires 1y; } } -
(Re)start the Nginx process
-
Verify that all applications work as expected.