Sharepoint is currently setup on the internal to listen on non-SSL.
2 listeners have been configured, 1 which does not allow basic auth and is using ntlm, the
second which is for the reverse proxy use, is set to allow basic auth.
I am trying to setup as follows:
Client -> https -> TrafficServer -> http -> Sharepoint
Current working config in AWS is as follows:
<VirtualHost *:443>
ServerName example.domain.name
RequestHeader set Front-End-Https "On"
SSLProxyEngine On
SSLProxyProtocol all -SSLv2
SSLProxyCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
ErrorLog logs/ example.domain.name _ssl_error_log
TransferLog logs/ example.domain.name _ssl_transfer_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/ssl/certs/web/ example.domain.name.pem
SSLCertificateKeyFile /etc/ssl/keys/web/ example.domain.name.key
ProxyRequests Off
RewriteEngine On
RewriteRule ^/(.*) http://sharepoint/$1 [P]
ProxyPassReverse / http://sharepoint/
<Location />
Order allow,deny
Allow from all
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
</Location>
</VirtualHost>
This works, however trying to replicate this type of config with ATS is being a bit problematic
with authentication only.
From: Gustave Stresen-Reuter [mailto:tedmasterweb@gmail.com]
Sent: 23 September 2015 01:23 PM
To: users@trafficserver.apache.org
Subject: Re: ReverseProxy and Sharepoint
Just a thought based on similar, prior experience with other products…
Is SharePoint possibly redirecting between SSL and non-SSL at any point in the authentication
process? Also, IIRC, IIS has issues with Basic Authentication over SSL (but they may have
fixed that by now, this was more than 6 years ago that I saw these issues).
HTH,
Ted
On Wed, Sep 23, 2015 at 10:29 AM Michael Jedlicka <Michael.Jedlicka@itdynamics.co.za<mailto:Michael.Jedlicka@itdynamics.co.za>>
wrote:
Hi There
I am a newbie and have just found Traffic Server. I am looking into whether we can utilize
it as a reverse proxy for our internal sharepoint.
I have been looking for extra information on how best to achieve this but have not found anything
helpful.
The sharepoint is configured with an alternate address allowing basic auth.
I have configured ATS as a SSL external reverseproxy and mapped it to the internal sharepoint
connector. The only problem I have now is that the authentication prompt just loops re-requesting
to login.
Basically I am trying to see if ATS can be used over Apache Web Server. I did a test on a
basic config for the AWS for reverse proxy and all works fine, it does use a rewrite rule
so that from server to origin the url is mapped correctly for the realm authentication.
Has anyone setup a reverse proxy for sharepoint, any insights, docs, or examples would be
appreciated.
Regards
Michael Jedlicka
Michael Jedlicka
Senior Database Administrator
[cid:image001.gif@01D0F606.AF455E60]<http://www.itdynamics.co.za>
Physical Address: Falcon View Park, 7 Mountain Ridge Road, New Germany 3610
Postal Address: P.O. Box 15315, Westmead, 3608
Tel: +27 31 719 0847 Fax: +27 31 709 6334
view our website >>><http://www.itdynamics.co.za/>
________________________________
This e-mail, sent at 11:29:01 on 2015-09-23 from michael.jedlicka@itdynamics.co.za<mailto:michael.jedlicka@itdynamics.co.za>
to users@trafficserver.apache.org<mailto:users@trafficserver.apache.org> may contain
confidential information and may be legally privileged and is intended only for the person
to whom it is addressed. If you are not the intended recipient, you are notified that you
may not use, distribute or copy this document in any manner whatsoever. Kindly also notify
the sender immediately by telephone, and delete the e-mail. When addressed to clients of the
company from where this e-mail originates ("the sending company") any opinion or advice contained
in this e-mail is subject to the terms and conditions expressed in any applicable terms of
business or client engagement letter. The sending company does not accept liability for any
damage, loss or expense arising from this e-mail and/or from the accessing of any files attached
to this e-mail.
If this e-mail contains abusive and/or inappropriate content please report it to Abuse@itdynamics.co.za<mailto:Abuse@itdynamics.co.za>
________________________________
|