Readme - Windows Server

Tip: Install the Deployment Client (MSI) on computers via GPO. Just remember that you only can have one valid Deployment Client MSI package at a time.

--- Before installation ---

1. Install .net 4.5.2

2. Install IIS
    Select (Do not change default checks):
    Web server -> Performance -> check Dynamic Content Compression    
    Web server -> Common HTTP Features -> check HTTP Redirection
    Web server -> check Application Development (click yes to add suggested)-> and .net ASP.NET 4.5 (click yes to add suggested) AND WebSockets


--- Installation ---
 
1. Run installer.exe as administrator, and fill the form.

2. Click install.

 

--- After installation ---
   
1. Reboot server. Very important.
    
2. Setup SSL with Let's Encrypt:

  Let's encrypt have to verify your domain and needs be able to access to your sites externally.  

  a. Download https://github.com/Lone-Coder/letsencrypt-win-simple/releases/download/v1.9.6.2/letsencrypt-win-simple.V1.9.6.2.zip
  b. Extract ZIP.
  c. Run letsencrypt.exe as administrator.
  d. Add admin mail  
  e. Accept license
  f. Choose N, to Create new certificate.
  g. Choose 1, for a Single binding of an IIS site.
  h. Choose the site that starts with app.
  i. If no error occurred, then choose y to create a scheduled renewal task.
  j. Provide the password for your windows account.
  k. Repeat step a to e for the site that starts with api.


3. If you choose to use SSL, you might want to redirect incoming connections to app.{domain} to https to ensure secure communications and full function.

    Go to {installdir}\MDC\MDC_app\web.config and uncomment the snippet that looks like this:


        <!-- <rule name="Allow LetsEncrypt" patternSyntax="Wildcard" stopProcessing="true">
                    <match url=".well-known/*" />
                    <action type="None" />
                </rule>
                <rule name="Redirect HTTP to HTTPS" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" ignoreCase="false" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />
             </rule>     -->    
            
            
            
4. Setup mail:
    
    a. Edit mail settings: %programdata%\MDC\api\mailer\settings_template.js   
    b. Change to your preferences.
    c. Save as: settings.js

    
5. Enable Password Reset:
    
    a. Edit settings: %programdata%\MDC\api\settings.js.
    b. Change "emailEnabled: false" to "emailEnabled: true".
    c. Change "resetPasswordEnabled: false" to "resetPasswordEnabled: true".
    


---Update---

  1. Download the usual installation file.
  2. Unzip.
  3. Run updater.exe as administrator.
  4. Fill the form and click "Update".
  5. Reboot.

        
        
--- Important security notice ---

Deployify is using Vault (https://www.vaultproject.io/) to store hashed passwords. The storage is sealed and needs to be unsealed on every startup.
The keys are, for the sake of simplicity, stored on the server to unlock the Vault on server startup with a scheduled task.

Here is the batch file that is triggered by scheduled task on startup: %programdata%\MDC\vault\unseal_vault.bat. This contains 3 of 6 keys (only 3 of any of these are needed to unseal the vault).
All 6 keys are stored in %programdata%\MDC\vault\keys.txt.

To utilize the security of Vault, none of the keys should be stored here. It's up to you to manage this.