trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Jedlicka <Michael.Jedli...@itdynamics.co.za>
Subject RE: ReverseProxy and Sharepoint
Date Wed, 23 Sep 2015 11:49:45 GMT
Sharepoint is currently setup on the internal to listen on non-SSL.

2 listeners have been configured, 1 which does not allow basic auth and is using ntlm, the
second which is for the reverse proxy use, is set to allow basic auth.

I am trying to setup as follows:

Client -> https -> TrafficServer -> http -> Sharepoint

Current working config in AWS is as follows:

<VirtualHost *:443>
    ServerName example.domain.name
    RequestHeader set Front-End-Https "On"
    SSLProxyEngine On
    SSLProxyProtocol all -SSLv2
    SSLProxyCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    ErrorLog logs/ example.domain.name _ssl_error_log
    TransferLog logs/ example.domain.name _ssl_transfer_log
    LogLevel warn
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
    SSLCertificateFile /etc/ssl/certs/web/ example.domain.name.pem
    SSLCertificateKeyFile /etc/ssl/keys/web/ example.domain.name.key
    ProxyRequests Off
    RewriteEngine On
    RewriteRule ^/(.*) http://sharepoint/$1 [P]
    ProxyPassReverse / http://sharepoint/
    <Location />
        Order allow,deny
        Allow from all
        SetEnv force-proxy-request-1.0 1
        SetEnv proxy-nokeepalive 1
    </Location>
</VirtualHost>

This works, however trying to replicate this type of config with ATS is being a bit problematic
with authentication only.



From: Gustave Stresen-Reuter [mailto:tedmasterweb@gmail.com]
Sent: 23 September 2015 01:23 PM
To: users@trafficserver.apache.org
Subject: Re: ReverseProxy and Sharepoint

Just a thought based on similar, prior experience with other products…

Is SharePoint possibly redirecting between SSL and non-SSL at any point in the authentication
process? Also, IIRC, IIS has issues with Basic Authentication over SSL (but they may have
fixed that by now, this was more than 6 years ago that I saw these issues).

HTH,

Ted

On Wed, Sep 23, 2015 at 10:29 AM Michael Jedlicka <Michael.Jedlicka@itdynamics.co.za<mailto:Michael.Jedlicka@itdynamics.co.za>>
wrote:

Hi There

I am a newbie and have just found Traffic Server. I am looking into whether we can utilize
it as a reverse proxy for our internal sharepoint.

I have been looking for extra information on how best to achieve this but have not found anything
helpful.

The sharepoint is configured with an alternate address allowing basic auth.

I have configured ATS as a SSL external reverseproxy and mapped it to the internal sharepoint
connector. The only problem I have now is that the authentication prompt just loops re-requesting
to login.

Basically I am trying to see if ATS can be used over Apache Web Server. I did a test on a
basic config for the AWS for reverse proxy and all works fine, it does use a rewrite rule
so that from server to origin the url is mapped correctly for the realm authentication.

Has anyone setup a reverse proxy for sharepoint, any insights, docs, or examples would be
appreciated.

Regards
Michael Jedlicka

Michael Jedlicka
Senior Database Administrator
[cid:image001.gif@01D0F606.AF455E60]<http://www.itdynamics.co.za>


Physical Address: Falcon View Park, 7 Mountain Ridge Road, New Germany 3610
Postal Address:  P.O. Box 15315, Westmead, 3608
Tel:  +27 31 719 0847    Fax: +27 31 709 6334

view our website >>><http://www.itdynamics.co.za/>


________________________________

This e-mail, sent at 11:29:01 on 2015-09-23 from michael.jedlicka@itdynamics.co.za<mailto:michael.jedlicka@itdynamics.co.za>
to users@trafficserver.apache.org<mailto:users@trafficserver.apache.org> may contain
confidential information and may be legally privileged and is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are notified that you
may not use, distribute or copy this document in any manner whatsoever. Kindly also notify
the sender immediately by telephone, and delete the e-mail. When addressed to clients of the
company from where this e-mail originates ("the sending company") any opinion or advice contained
in this e-mail is subject to the terms and conditions expressed in any applicable terms of
business or client engagement letter. The sending company does not accept liability for any
damage, loss or expense arising from this e-mail and/or from the accessing of any files attached
to this e-mail.

If this e-mail contains abusive and/or inappropriate content please report it to Abuse@itdynamics.co.za<mailto:Abuse@itdynamics.co.za>
________________________________


Mime
View raw message