Get Started with Service Setup on a Server
A single Windows OS can host many instances of Moxie.Build, these steps will guide you through the setup process.
Windows OS Basics
- Moxie.Build in production is compatible with all versions of Windows Server Standard and Data Center that are themselves currently supported by Microsoft
- At the time of writing, this includes Windows Server 2012R2, 2016, 2019, and 2022
- Newer versions of Windows Server are in most cases more stable and more secure than older versions, and we encourage you to stay as current as possible
- The instructions on this page assume the Desktop Experience is running and therefore WoW64 is also installed
- For those experienced with Server Core installations, note that the Desktop Experience is not required for Moxie.Build to run, but WoW64 is required
- If hMailServer will be installed (a lightweight production mail server for outbound connectivity only that works well with SendGrid), first install .Net 3.5 now using the Windows Features app before installing hMailServer
- Ensure that all Windows Updates are installed
- Follow your company's policies for hardening (securing) a Windows Server and any required management tools
Recommended Folder Structure
The drive letter of C here is just the default; any other fixed drive may be used. Having these folders directly off the root is not required but is recommended to maximize the available file path without creating backup and management tools issues.
- C:/Backup
- C:/Temp
- General temp workspace for management/DevOps tasks
- C:/Util/Moxie-Current
- Default folder to pull the current version of Moxie.Build from when using the MoxieUp.bat upgrade file that comes in the Tools folder of Moxie.Build
- C:/Work
- Create one folder per instance of Moxie.Build
- Name the folder as the root domain if that instance handles both the root and www
- Name the folder as the subdomain plus root domain if that instance handles a specific subdomain
Moxies Security Group
- Right-click on Start and choose Computer Management
- Navigate to System Tools / Local Users and Groups / Groups
- Create a New Group named Moxies with a description of Moxie.Build Services
- Keep Computer Management open; it will be used below
- Click on Start and type Local Security Policy and then open it
- Navigate to Local Policies / User Rights Assignment
- Add the Moxies group to each of the following Policies. When adding a Group to a Policy, you must click on the Object Types button and check Groups each time
- Deny access to this computer from the network
- Deny log on as a batch job
- Deny log on locally
- Deny log on through Remote Desktop Services
- Log on as a service
Moxie.Build Instance Users
- Return to Computer Management
- Navigate to System Tools / Local Users and Groups / Users
- Create New Users
- The User name of MOX-ABC with ABC being an abbreviation or short name for the Moxie.Build instance you are creating this user for
- The description should be the same name used for the folder name of this Moxie.Build instance
- The password should conform to your company's policies for Windows Service users
- Uncheck User must change password at next logon
- Check User cannot change password
- Check Password never expires
- Click Create
- Repeat above for each Moxie.Build instance you are setting up
- Add new users to the Moxies Group
- (If installing a local security certificate below instead of using the recommended Cloudflare Tunnel, skip this step for now and complete it after the local security certificate is installed)
- Open each user created above and navigate to the Member Of tab
- Remove Users
- Add Moxies
- Click Ok
- Repeat above for each Moxie.Build instance you are setting up
Apply Folder Security
For each Moxie.Build folder/instance, perform the following steps
- Navigate to the folder for that instance and right click and choose Properties of that folder
- Navigate to the Security tab
- Click the Advanced button
- Click Disable inheritance
- Choose Convert inherited permissions into explicit permissions on this object.
- Click on Ok
- Click on the Edit button
- Remove Creator Owner
- Remove the Users group
- Add the Moxie.Build Instance User for this folder and allow Full control
- Confirm that the only Group or user names listed are:
- System
- Your own personal account, and any other personal admin users who should have access to this folder
- The Moxie.Build Instance User you added above
- Administrators group
- Click on Ok
- Click on Ok
Inbound Connectivity
The recommended inbound connectivity option is to use Cloudflared Tunnel. This exposes applications running on your local web server on any network with an internet connection with an outbound tunnel that connects directly to Cloudflare's edge network without the need to configure inbound firewall rules.
Alternatively, you can configure inbound firewall rules to allow traffic to arrive from Cloudflare or another web application firewall. If using Cloudflare, they will provide you with a free edge certificate as well as a free local security certificate (origin server). If using another certificate provider, the installation instructions provided under the Cloudflare Origin Certificates topic are the same after the certificate is created.
Installing the Service(s)
For each Moxie.Build folder/instance, perform the following steps
- Navigate to the folder for that instance and right-click on Moxie.exe and choose Run as administrator
- If using Clouflared Tunnel, you most likely should leave the Listen IP Address set to 127.0.0.1 (Private).
- Otherwise, select the IP address you have configured with your inbound firewall rules for this instance
- Selecting All addresses should only be done if there will only ever be one Moxie.Build instance on this server and it will be the only web server on this server
- If using Cloudflared Tunnel, set the HTTP port to the same unique port number you choose when configuring the tunnel, found in your Cloudflared/cfg/config.yml file
- Otherwise, use port 80 in most cases, and also use port 443
- The Certificate Name should be filled in already from the above local security certificate installation steps
- Name of Service should be "Moxie ABC" with ABC being an abbreviation or short name for this Moxie.Build instance
- Run Service as this User should be MOX-ABC
- If using Cloudflared Tunnel, or just Cloudflare in general, manual edits to the Moxie.cfg file are needed
- Close the Moxie.Build Server Setup window
- Open the Moxie.cfg file in a text editor
- AltIPInfo = CF-Connecting-IP
- CountryInfo = CF-IPCountry
- Save the Moxie.cfg file and close the text editor
- Right-click on Moxie.exe and choose Run as administrator
- Click the green [+] Install Service button
- Enter the password you set when you created the MOX-ABC user, and confirm it
- Click the [>] play button under Moxie.Build Service State to start the service for the first time
- If using Cloudflared Tunnel and it is configured correctly, the secondary service for Cloudflared will be installed and you should click on the [>] play button to start it as well
- Return to Computer Management and navigate to Services and Applications / Services
- Find the service named "Moxie ABC" and open it
- Navigate to the Recovery tab
- Set all three failure actions to "Restart the Service"
- Set Restart service after to 0 minutes
- Click on Ok
- Repeat the above for "Moxie ABC Cloudflared" if you are using the Cloudflared Tunnel