solirc.blogg.se - november 2022

By HTTP over TLS through the Firebox for select email applications.

By Exchange ActiveSync through the Firebox for mobile email applications.To access internal web applications, users can authenticate in these ways: To avoid certificate warnings on client side, the Firebox web certificate should include the host names of your web applications as subject alternative names or use a wildcard host name such as *. as the common name. If a web application uses HTTPS, the CA certificates in the trust chain must be stored on the Firebox or you must select the Trust Certificate option for the reverse proxy action.

When you add a URL path action, for Client Authentication you must select Access Portal (not HTTP Basic).You cannot configure the same URL for a web application and a reverse proxy action.Each internal web application must have an FQDN that is in the same domain as the Access Portal (for example, if the FQDN of the Access Portal is, the web application should be.You must have an FQDN for the Access Portal and you must log in to the Access Portal with the FQDN (not the IP address).When you configure reverse proxy actions for internal web applications, be aware of these requirements: Microsoft Outlook Web Access through the Access Portal (with automatic sign-in).Mobile devices with Microsoft mail clients (through ActiveSync).To connect to Exchange services, remote users can connect to an external URL with any of these methods: You can also configure a reverse proxy action for Microsoft Exchange. You can use the Fireware command line interface (CLI) to disable proxy buffering. Proxy buffering is enabled by default for this feature. Each RDP or SSH session consumes approximately 15 MB of RAM. We recommend that you limit the number of concurrent RDP connections based on the RAM allocated to each Firebox. Browsers must support TLS (we recommend TLS 1.2 or higher). Apps must use HTML, HTML5, or JavaScript. The reverse proxy forwards HTTP traffic from external networks to Exchange servers or other web applications on internal networks that are behind a Firebox.įor example, you can configure reverse proxy actions so remote users can connect to common enterprise web applications.

With reverse proxies, remote users can securely connect to internal web applications and Microsoft Exchange services without a VPN client.

Hub developer opens and the home app loads because those requests are proxied through to the actual Fireware v12.5 or higher, you can configure reverse proxy actions in the Access Portal configuration.

docker-compose -f container.yaml up -d -build -force-recreate -remove-orphans.

Hub developer starts the related docker container.

Hub developer adds an entry to their hosts file for the remote Enterprise instance they want to work against.

This is the general developer workflow we've been using in the past. This used to work just fine, but recently stopped. This should open the "fake" sites app, which is just a html file in. SSL_do_handshake() failed (SSL: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number 46) while SSL handshaking, It should redirect to and load the home app. I suspect there is a load-balancer in the mix that's causing this issue - Aaron Pellman-Isaacs is looking into this azure-k8sĪdd 127.0.0.1 to /etc/hosts dist/sites/portal/apps/sitesĬurrent issue here is that nginx will return a 504 for some requests that should go through to the portal instance.

this should open the "fake" sites app, which is just a html file in.

Browse around the home app, everything should work

it should redirect to and load the home app.

/azure-k8s -> configuration to run against the k8s version, hosted on azure.

/portal.hubdev -> - the Hub Team's default Enterprise instance.

We've extracted the proxy out of the Hub application repo to streamline solving the current issues. To streamline development against ArcGIS Enterprise, the Hub team utilizes a Docker container that runs nginx, configured as to proxy some requests to an ArcGIS Enterprise instance, and read from a local mapped drive for others.