NoMachine Support

Your questions answered

Knowledge Base

Searching in: Articles & FAQs
Filter the search results
Applies to:
Last update:
Searching in: Articles & FAQs
ID: AR12Q01062
Applies to: NoMachine Server
Added on: 2019-12-02
Last update: 2019-12-02
How to synchronize the passive server in a NoMachine HA cluster when certificates and ports for nxhtd are changed

With the implementation of the following Feature Request, the procedures described below are executed when running the 'nxserver --clusterupdate' command: https://www.nomachine.com/FR12Q03897.


The manual procedures to synchronize manually the servers in the NoMachine High Availability cluster are the following. 

How to replace the sample SSL Certificate File and Key File for nxhtd

1) On the active NoMachine server execute the procedure explained here.

STEP 1 - Shutdown nxhtd
This will terminate all running web sessions.

To stop nxhtd, run from console:
installation directory/bin/nxserver --stop nxhtd
On Linux and Mac you can use:
sudo /etc/NX/nxserver --stop nxhtd
 

STEP 2 - Edit the nxhtd configuration file to point to the new certificate.
Let's assume that the new certificate is made of: new_ht_host_rsa_key.crt and new_ht_host_rsa_key.

Edit the installation directory/etc/htd.cfg file and set:
SSLCertificateFile "installation directory/etc/keys/host/new_ht_host_rsa_key.crt"
SSLCertificateKeyFile "installation directory/etc/keys/host/new_ht_host_rsa_key"
 

STEP 3 - On Linux and Mac set proper permissions to these files to have:
--rw------- 1 nxhtd nxhtd 1,7K lis 20 18:40 new_ht_host_rsa_key
-rw-r--r-- 1 nxhtd nxhtd 1,1K lis 20 18:39 new_ht_host_rsa_key.crt


STEP 4 - To make changes effective, start nxhtd. 

To start nxhtd, run from console:
installation directory/bin/nxserver --start nxhtd
On Linux and Mac you can use:
/etc/NX/nxserver --start nxhtd

Note: Instructions to generate  a new certificate for nxhtd are available here:  https://www.nomachine.com/DT03O00127#3 Section 'How to generate a new certificate'.

 

2)  On the passive NoMachine server, upload the new certificate and edit the nxhtd configuration file to point to the new certificate.

STEP 1 - For example, let's assume that the new certificate is made of: new_ht_host_rsa_key.crt and new_ht_host_rsa_key.

Edit the installation directory/etc/htd.cfg file and set:
SSLCertificateFile "installation directory/etc/keys/host/new_ht_host_rsa_key.crt"
SSLCertificateKeyFile "installation directory/etc/keys/host/new_ht_host_rsa_key"

STEP 2 -  On Linux and Mac set proper permissions to these files to have:
--rw------- 1 nxhtd nxhtd 1,7K lis 20 18:40 new_ht_host_rsa_key
-rw-r--r-- 1 nxhtd nxhtd 1,1K lis 20 18:39 new_ht_host_rsa_key.crt

IMPORTANT:
Do not restart nxhtd since this is the passive server!
 

How to change the listen ports for nxhtd

Edit manually the nxhtd configuration file, htd.cfg.

Let's assume that you want to change the default ports from 4080/4443 to 80/443, for example on Linux or Mac.

1) Do the following procedure on the active server host.

STEP 1 - Shutdown nxhtd

sudo /etc/NX/nxserver --stop nxhtd

STEP 2 - Edit htd.cfg and

replace:
Listen 0.0.0.0:4080
Listen 0.0.0.0:4443 https

with:
Listen 0.0.0.0:80
Listen 0.0.0.0:443 https

and:
<VirtualHost 0.0.0.0:4443>

with:
<VirtualHost 0.0.0.0:443>

and:
<VirtualHost _default_:*>
RewriteEngine on

ReWriteCond %SERVER_PORT !^4443$
RewriteRule ^/(.*) https://%SERVER_ADDR:4443/nxwebplayer [R,L]
</VirtualHost>

with:
<VirtualHost _default_:*>
RewriteEngine on

ReWriteCond %SERVER_PORT !^443$
RewriteRule ^/(.*) https://%SERVER_ADDR:443/nxwebplayer [R,L]
</VirtualHost>

 

STEP 3 -  start nxhtd

sudo /etc/NX/nxserver --start nxhtd


TROUBLESHOOTING:
If htd.cfg has been changed while nxhtd was still running,  the first attempt to start nxhtd could fail. Try again to start it.
 

2) On the passive server, edit htd.cfg as explained at point 1).

IMPORTANT:
Since this is the passive server, it's not necessary to shutdown nxhtd because it's already stopped. Do not try to start nxhtd!