dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1859
share rss forum feed


lacibaci

join:2000-04-10
Export, PA
Reviews:
·voip.ms
·Callcentric

USG50 as SSL (https) proxy

I'd like to configure my USG50 to serve as https proxy. How would I go about it?
Currently I have a web server behind USG that I access via http. I would like to add an option of accessing it also by https but I don't want to change web server config. Is this this possible?



lacibaci

join:2000-04-10
Export, PA

Any advice guys? Basically I would like the USG50 take HTTPS request from WAN and forward it to an HTTP server running behind it.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to lacibaci

You could try SSL VPN in reverse proxy mode. Then the SSL VPN will take care of securing the connection and you'd use regular http to access your server. This may be hit-miss though based on your requirements and server setup complexity.
And you would need to name users and always establish the SSL VPN connection first. PITA in many cases.

The best solution is to properly configure https on the web server and forward port 443 on the USG. With self signed certificates this is typically quite easy on any http server (i.e. apache or IIS). You don't really change anything on the web server other than enabling new method of access (https).

What kind of web server do you run?



lacibaci

join:2000-04-10
Export, PA

I run Apache 2.2 on Windows.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit

Hmm, on windows, eh? I could give you config on linux in no time, however I'm not sure where are all the config files stored on windows.
Basically you need to
- create a self signed certificate or buy a cert from some public CA
- install the certificate
- enable mod_ssl
- enable https virtual host
- restart apache

How about some config examples on windows? »lmgtfy.com/?q=enable+https+on+%2···windows#

EDIT: Check your install first, https with some dafult example cert may be enabled by default.



lacibaci

join:2000-04-10
Export, PA
Reviews:
·voip.ms
·Callcentric

I followed this how-to:
»www.silverwareconsulting.com/ind···-Windows

Created NAT rule, firewall rule. Piece of cake actually...



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

A je to!