The basis for routing SMA traffic through a reverse proxy is the use of the Server Name Indication (SNI) extension of the TLS protocol.
When configuring a reverse proxy to sit between the SMA and your public interface, bear in mind these requirements:
There are numerous reverse proxy products available, but for the purposes of providing an example this guide will define configuration for HAProxy as it's a very simple reverse proxy to setup.
Example haproxy.cfg file:
global
daemon
maxconn 50000
defaults
log global
option tcplog
mode tcp
timeout connect 5s
timeout client 3600s
timeout client-fin 30s
timeout server 3600s
frontend sma
bind *:443
# If it's not TLS, go away
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
# define backend servers
use_backend sma_webui if { req_ssl_sni sma.kace.com }
use_backend sma_agent if { req_ssl_sni konea }
backend sma_webui
server sma_apache 192.168.2.55:443
backend sma_agent
server sma_koneas 192.168.2.55:52230
In the example configuration above, observe:
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center