17.1 Access to the Server During an Installation or Upgrade

Because eDirectory passwords are not obfuscated in system memory during the installation or upgrade, we recommend not leaving a server unattended during installation, upgrade, or configuration.

You can use SSH (secure shell) to access the system to perform an installation. However, only authorized users can access the installation.

17.1.1 Enforce Secure HTTPS Browser Connections with Apache

OES uses Apache as web server for services such as UMC, iManager, and MFA. The HSTS (HTTP Strict Transport Security) response header must be added to the virtual host configuration to enforce HTTPS.

To enable HSTS, perform the following steps:

  1. In the terminal window, open the file /etc/apache2/vhosts.d/vhost-ssl.conf.

  2. In <VirtualHost _default_:443> block, add HSTS header line.

    Example 17-1 Sample HSTS header to enforce HTTPS for two years

  3. Restart Apache using systemctl restart apache2 command.

For more information, see Apache Documentation.