Nginx web server

By default, the Nginx web server is active under TwinCAT/BSD and is used for the Beckhoff Device Manager and for the PLC HMI web.

In order to further secure the system and to restrict access via the web server, you can, for example, disable forwarding to the Beckhoff Device Manager in the file IPCDiagnostics.conf. To do this, a total of three entries must be commented out.

1. Open the file IPCDiagnostics.conf under /usr/local/etc/nginx

2. Completely comment out the entries under location/, location /config and location /console.

---snipped---
 include errorpages.conf;
 include authelia.conf;

 # location / {
 # add_header ServerHostname $hostname;
 # root /usr/local/www/default;
 # index index.html index.htm;
 # }

 # location /config/ {
 # include errorpages.conf;
 # include auth.conf;
 # include proxy.conf;
 # proxy_pass http://127.0.0.1:42340/;
 # }

 # location /console/ {
 # include errorpages.conf;
 # include auth.conf;
 # include proxy.conf;
 # proxy_set_header Upgrade $http_upgrade;
 # proxy_set_header Connection "upgrade";
 # proxy_pass "http://127.0.0.1:7681/";
 # }

 location /Tc3PlcHmiWeb {
 include proxy.conf;
---snipped---

3. Save the modifications.

Restart TwinCAT/BSD with the command shutdown –r now or the Nginx service with doas service nginx restart. From now on, no requests will be forwarded to the Beckhoff Device Manager.