Hi @all,
i have the following network configuration - see attachemnt (Network.jpg).
A Record with remote.contoso.com 10.16.17.30 exists
A Record with mail.contoso.com 10.16.17.30 exists
Trusted Certificates for both Domains exist.
RDWeb on 192.168.0.21 is configured (with certificate) and intern I can access https://192.168.0.21 website.
Exchange on 192.168.0.22 is configured (with certificate) and intern I can access https://192.168.0.22 website.
All ports from LTE modem are forwarded to CacheGuard Firewall.
From intern Network 192.168.0.0 internet and everything is working.
But I fail to create a reverse proxy that I can access via extern (Internet) over DNS with https://remote.contoso.com my RDweb (192.168.0.21)
or via https://mail.contoso.com my Exchange (192.168.0.22).
Attaced you also will find the current configuration.
Hope, someone can help
Thanks in advance
Hannes
Reverse Proxy
-
- Posts: 1
- Joined: 19 May 2016 03:38
Reverse Proxy
- Attachments
-
- configuration.txt
- (5.78 KiB) Downloaded 1176 times
-
- Network.jpg (38.4 KiB) Viewed 14999 times
Re: Reverse Proxy
Dear Hannes
I see that you use two backend Web servers for each of your two cloaked websites (mail.contoso.com and remote.contoso.com). In your configuration one backend Web server is listening on port 80 and the other on port 443 (which probably uses HTTPS (and not HTTP)).
Please note that when you implement CG as a reverse proxy, it acts as an SSL terminator (offloader) and all communications between CG and backend servers should are done in clear HTTP.
I suggest that you do the following:
- On your CG remove backend Web servers listening on port (443). To do so use the following commands:
- On your backend Web servers (192.168.0.20-21), ensure that they listen on port 80 in clear HTTP (maybe you can allow the clear HTTP access for your CG only (192.168.0.1)).
Also if you use signed SSL certificates for your websites think about copying them on your CG and using them in your configuration instead of the default TLS object (see the command tls). You will have to copy all objects related to your certificate: private key, the certificate, the certificate chain if any.
Best Regards,
I see that you use two backend Web servers for each of your two cloaked websites (mail.contoso.com and remote.contoso.com). In your configuration one backend Web server is listening on port 80 and the other on port 443 (which probably uses HTTPS (and not HTTP)).
Please note that when you implement CG as a reverse proxy, it acts as an SSL terminator (offloader) and all communications between CG and backend servers should are done in clear HTTP.
I suggest that you do the following:
- On your CG remove backend Web servers listening on port (443). To do so use the following commands:
Code: Select all
rweb host remote.contoso.com del 192.168.0.21 443
rweb host mail.contoso.com del 192.168.0.22 443
apply
Also if you use signed SSL certificates for your websites think about copying them on your CG and using them in your configuration instead of the default TLS object (see the command tls). You will have to copy all objects related to your certificate: private key, the certificate, the certificate chain if any.
Best Regards,