Server Installation
For the admin who knows what they need and needs a fast way to get it, you can use this command to setup and install your Knocknoc server very quickly.
curl -sSL https://packages.knocknoc.io/setup/setup_knocknoc.sh | bash
The installer runs on Debian, Ubuntu, Redhat and Oracle Linux.
Note - you need a license to use Knocknoc server, the details can be found here.
Requirements
Knocknoc server is the component that users will authenticate to, and agents will connect to over port 443. So the following is required to operate a self hosted Knocknoc server:
- Static Public IP, ideally with DNS name and SSL certificate
- Inbound port 443 open (or behind a reverse proxy like Haproxy)
- Linux machine running an up to date Debian or Redhat derivative
- Minimal system requirements (2G RAM, 1 CPU, 10G disk)
If you meet these requirements, please go ahead and try out Knocknoc as per below. if you are hosting Knocknoc internally, you can use a private IP of course, but ideally DNS and SSL work too.
Self-Hosted Servers
- Log into your Knocknoc server via the command line and become the root user.
- Run this command below to start the installation process. The script will then configure apt, setup secure repository access, and install the Knocknoc server.
curl -sSL https://packages.knocknoc.io/setup/setup_knocknoc.sh | bash
- Accept the License Agreement.
- The Knocknoc server will ask for the IP to listen on and the port. By default it will listen on 0.0.0.0:8756, please adjust as your firewall or reverse proxy layout requires. See below for ipv4/ipv6 tips.
- The install will then ask for TrustedForwarders, by default 127.0.0.1/32 is entered but if the server is behind a reverse proxy, the IP of the reverse proxy will need to be entered. TrustedForwarders are the machines permitted to send the ForwardFor header to Knocknoc.
- Lastly the install will generate an SSL certificate and key, where it will ask you for Organizational Details. Knocknoc only communicates over HTTPS, so this certificate is to get you started, and can be replaced later.
- Once the script is completed, it will print the knocknoc-admin password. If you missed the output of the script;
cat /var/log/syslog |grep knocknoc-admin
orjournalctl -u knocknoc |grep knocknoc-admin
- You are now ready to log into your Knocknoc admin portal.
- Browse to https://YourKnocknoc.url/admin and login with the knocknoc-admin user, please change the password.
- Click on Settings and paste the license key from the license portal and hit save.
- At this point if you wish you can setup Admin Portal Authentication or proceed with Agent Installation.
- You may also want to put Knocknoc itself behind Haproxy. Follow the guide for that here.
Server configuration file
The server configuration file (/opt/knocnoc/etc/knocknoc.conf) has a number of options, however the default is typically sufficient.
For IPv4 and IPv6 configurations, ensure you are binding to both or one. Currently this is managed by setting the below:
# knocknoc.conf
# v4 and v6
HTTPAddr = "[::]:8756"
# v6 only
#HTTPAddr = "[::1]:8756"
# v4 only
#HTTPAddr = "127.0.0.1:8756"
If you're using HAProxy or another proxy you need to configure the TrustedForwarders to pick up the end client users IP address, typically for a v6 and v6 configuration this is done so as below:
TrustedForwarders = [ "::1/64", "127.0.0.1/32" ]
LogLevels can be set as "error" "warn" "info" "debug" "trace", increasing in verbosity.
LogLevel = "info"
#LogLevel = "debug"
#LogLevel = "trace"
Supported Operating Systems
Debian, Ubuntu and Oracle Linux are all supported.
If you have any issues or require another platform please contact support@knocknoc.io
Monitoring
We recommend monitoring the/_status
route, as it reduces the log impact on your server/infrastructure and offers back-end checking benefits - for a more accurate server status.
Cloud Servers
Your cloud instance is ready to go out of the box, with the license installed. You can jump straight to Agent Installation.
Your knocknoc-admin password should be available in the licensing portal, please change it on first login.