Install new server (for PRODUCTION)

Install the PACE Packager Hub product backend for production. In this mode, you can define the database configuration and select a Web Server (embedded Kestrel or Microsoft IIS). For additional information, see Hosting Options

Attention

Before installation fulfill the Server-side Prerequisites

1. Manually create an empty database and account for PACE Packager Hub in the pre-installed Microsoft SQL Server (download).
2. If you prefer running PACE Packager Hub on IIS Web Server over Kestrel:

   • Enable IIS (Internet Information Services).
   • Disable IIS Idle Time-out (set Idle Time-out (minutes) value to “0”).

     Otherwise, IIS can stop the PACE Packager Hub application and this will lead to problems in its operation.
   • Disable IIS Recycling (uncheck Regular time intervals (in minutes)).

     Otherwise, IIS can stop the PACE Packager Hub application and this will lead to problems in its operation.

3. Run the downloaded PACE Packager Hub - Server installer.

   

4. Click Next.

   

5. Read and accept the END USER LICENSE AGREEMENT and then click Next.

   

6. Define the product installation location and click Next.

   

7. Select the For production installation mode and click Next.

   

8. Enter the connection credentials to the SQL database, created at the 1st step. Then, click Next.

   Note

   If you are using Microsoft SQL Express, installed locally, specify the server address in format: localhost\sqlexpress

   

9. Choose the Web Server for PACE Packager Hub:

   • IIS Web Server (must be manually enabled at the 2nd step)
   • Kestrel’s embedded Web Server

   Then, set the Binding IP address and Binding port for PACE Packager Hub site. The product will be available at this address only. You can change these settings later (for IIS: in IIS Manager; for Kestrel: edit the appsettings.json file, located at "C:\Program Files (x86)\PACE Packager Hub Server". For information, see Endpoint configuration. Then, click Next.

   Note

   If you use the address 127.0.0.1 or localhost , you will not able to access the product from the network.

   

10. Specify the Base URL - a public address of PACE Packager Hub. This address will be used in various email notifications as a part of URL to Orders/Packages and as an ‘Issuer’ of authorization token.

    You can change the Base URL later in the system settings of PACE Packager Hub.

    

11. Click Install.

    

12. Wait until the installation is completed.

    

13. Click Finish to close the installation.

    

14. If you have selected IIS Web Server for PACE Packager Hub:
    • Repair the pre-installed .NET Core 3.1 (if needed, download the HOSTING BUNDLE installer again).

      

    • To have an ability to attach big-size files to Orders in PACE Packager Hub, consider changing the maximum allowed size of a file that can be uploaded using the IIS Web Server. Set a new limit in the maxAllowedContentLength attribute of the requestLimits element.

      Attention

      By default, the maximum allowed size of a file that can be uploaded in IIS is set to 28.6 MB.

15. To get into PACE Packager Hub, see Sign In on Web Portal

    

Web Server configuration (Optional)

Consider configuring your Web Server to minimize the surface of the attack and the likelihood of compromising the data.

1. HTTPS
   Configure transport-level encryption (TLS v1.2 - 1.3) to protect all communications passing between the Web Browser, Desktop Client App and the Web Server.
   Also, use HSTS header with SSL to avoid SSL Strip attack.
   For configuring Kestrel Web Server edit appsettings.json file, located at "C:\Program Files (x86)\PACE Packager Hub Server" For information, see Endpoint configuration.

   

2. Hide software version
   The server software versions used by the application are revealed by the web server. Displaying version information of software information could allow an attacker to determine which vulnerabilities are present in the software, particularly if an outdated software version is in use with published vulnerabilities.
   • Server: Microsoft-HTTPAPI/2.0

     
     
   • Server: Microsoft-IIS/10.0
3. Set the X-XSS-Protection header

   Set the X-XSS-Protection: 1; mode=block header either for PACE Packager Hub site or whole Web Server.

   Issue background: Cross-site scripting (XSS) filters in browsers check if the URL contains possible harmful XSS payloads and if they are reflected in the response page. If such a condition is recognized, the injected code is changed in a way, that it is not executed anymore to prevent a successful XSS attack. The downside of these filters is, that the browser has no possibility to distinguish between code fragments which were reflected by a vulnerable web application in an XSS attack and these which are already present on the page. In the past, these filters were used by attackers to deactivate JavaScript code on the attacked web page. Sometimes the XSS filters itself are vulnerable in a way, that web applications which were protected properly against XSS attacks became vulnerable under certain conditions.
4. Set the X-Frame-Options header

   Set the X-Frame-Options: DENY header either for PACE Packager Hub site or whole Web Server.

   Issue description: If a page fails to set an appropriate X-Frame-Options or Content-Security-Policy HTTP header, it might be possible for a page controlled by an attacker to load it within an iframe. This may enable a clickjacking attack, in which the attacker’s page overlays the target application’s interface with a different interface provided by the attacker. By inducing victim users to perform actions such as mouse clicks and keystrokes, the attacker can cause them to unwittingly carry out actions within the application that is being targeted. This technique allows the attacker to circumvent defenses against cross-site request forgery, and may result in unauthorized actions.

   Note that some applications attempt to prevent these attacks from within the HTML page itself, using “framebusting” code. However, this type of defense is normally ineffective and can usually be circumvented by a skilled attacker.
5. Limit requests

   Consider setting limits on HTTP requests that are processed by the Web server to avoid DDoS / brute-force attacks.

6. Set Issuer in authentication token

   Set the Issuer parameter to the public site name in the appsettings.json (at "C:\Program Files (x86)\PACE Packager Hub Server"). The Issuer is used and checked in the authentication token.

   

---

Note

PACE Packager Hub PACE Packager Hub is an end-to-end ecosystem that is fully dedicated to customer servicing, teamwork, and management of packaging tasks in teams of any size - learn more.

Try PACE Packager Hub for free - 21 days no obligations unlimited trial with all functions unlocked.