trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: ReverseProxy and Sharepoint
Date Wed, 23 Sep 2015 15:43:40 GMT

> On Sep 23, 2015, at 4:49 AM, Michael Jedlicka <Michael.Jedlicka@itdynamics.co.za>
wrote:
> 
> Sharepoint is currently setup on the internal to listen on non-SSL.
>  
> 2 listeners have been configured, 1 which does not allow basic auth and is using ntlm,
the second which is for the reverse proxy use, is set to allow basic auth.

The NTLM part of this might be related to  https://issues.apache.org/jira/browse/TS-3866

>  
> I am trying to setup as follows:
>  
> Client -> https -> TrafficServer -> http -> Sharepoint
>  
> Current working config in AWS is as follows:
>  
> <VirtualHost *:443>
>     ServerName example.domain.name
>     RequestHeader set Front-End-Https "On"
>     SSLProxyEngine On
>     SSLProxyProtocol all -SSLv2
>     SSLProxyCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>     ErrorLog logs/ example.domain.name _ssl_error_log
>     TransferLog logs/ example.domain.name _ssl_transfer_log
>     LogLevel warn
>     SSLEngine on
>     SSLProtocol all -SSLv2 -SSLv3
>     SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>     SSLCertificateFile /etc/ssl/certs/web/ example.domain.name.pem
>     SSLCertificateKeyFile /etc/ssl/keys/web/ example.domain.name.key
>     ProxyRequests Off
>     RewriteEngine On
>     RewriteRule ^/(.*) http://sharepoint/$1 [P]
>     ProxyPassReverse / http://sharepoint/
>     <Location />
>         Order allow,deny
>         Allow from all
>         SetEnv force-proxy-request-1.0 1
>         SetEnv proxy-nokeepalive 1
>     </Location>
> </VirtualHost>
>  
> This works, however trying to replicate this type of config with ATS is being a bit problematic
with authentication only.
>  
>  
>  
> From: Gustave Stresen-Reuter [mailto:tedmasterweb@gmail.com] 
> Sent: 23 September 2015 01:23 PM
> To: users@trafficserver.apache.org
> Subject: Re: ReverseProxy and Sharepoint
>  
> Just a thought based on similar, prior experience with other products…
>  
> Is SharePoint possibly redirecting between SSL and non-SSL at any point in the authentication
process? Also, IIRC, IIS has issues with Basic Authentication over SSL (but they may have
fixed that by now, this was more than 6 years ago that I saw these issues).
>  
> HTH,
>  
> Ted
>  
> On Wed, Sep 23, 2015 at 10:29 AM Michael Jedlicka <Michael.Jedlicka@itdynamics.co.za>
wrote:
>  
> Hi There
>  
> I am a newbie and have just found Traffic Server. I am looking into whether we can utilize
it as a reverse proxy for our internal sharepoint.
>  
> I have been looking for extra information on how best to achieve this but have not found
anything helpful.
>  
> The sharepoint is configured with an alternate address allowing basic auth.
>  
> I have configured ATS as a SSL external reverseproxy and mapped it to the internal sharepoint
connector. The only problem I have now is that the authentication prompt just loops re-requesting
to login. 
>  
> Basically I am trying to see if ATS can be used over Apache Web Server. I did a test
on a basic config for the AWS for reverse proxy and all works fine, it does use a rewrite
rule so that from server to origin the url is mapped correctly for the realm authentication.
>  
> Has anyone setup a reverse proxy for sharepoint, any insights, docs, or examples would
be appreciated.
>  
> Regards
> Michael Jedlicka
>  
> Michael Jedlicka  
> Senior Database Administrator
> 
> 
> 
> Physical Address: Falcon View Park, 7 Mountain Ridge Road, New Germany 3610 
> Postal Address:  P.O. Box 15315, Westmead, 3608  
> Tel:  +27 31 719 0847    Fax: +27 31 709 6334    
> 
> view our website >>>
>  
> 
> This e-mail, sent at 11:29:01 on 2015-09-23 from michael.jedlicka@itdynamics.co.za to
users@trafficserver.apache.org may contain confidential information and may be legally privileged
and is intended only for the person to whom it is addressed. If you are not the intended recipient,
you are notified that you may not use, distribute or copy this document in any manner whatsoever.
Kindly also notify the sender immediately by telephone, and delete the e-mail. When addressed
to clients of the company from where this e-mail originates ("the sending company") any opinion
or advice contained in this e-mail is subject to the terms and conditions expressed in any
applicable terms of business or client engagement letter. The sending company does not accept
liability for any damage, loss or expense arising from this e-mail and/or from the accessing
of any files attached to this e-mail. 
> 
> If this e-mail contains abusive and/or inappropriate content please report it to Abuse@itdynamics.co.za
> 
>  
> 


Mime
View raw message