Printable View
But you do actually need two separate certs. You configure the OWA providing web server with it's own cert and SSL like you would normally. You just have the Apache unit doing the same thing, but you've configured that individual virtual server to get content from the IIS service running OWA.
Two certs, two web servers... right?
We have the same wild-card cert on both the Apache Proxy server and the Internal servers. (With allot of fixing)
But you can run with 2 different certs But internally we don't go through the proxy.
Just external traffic so there for we use the same certs on both..
And it works.
So you generate the cert based on IIS's request and stuff the related key files into apache by hand? That's brilliant...
I'm still on the fence on if I want a proxy in the middle of secured communications. But I like the idea of something rebuilding all the packets before it lands on the OWA box.
As we use a Wildcard cert for the most of the servers it is a bit more tricky to use it on multiple backends servers as there is different IIS servers.
But as we control the CA and is Cert Templates we can do allot of tampering ;)
And i Agree i am not sure that I can recommend running it on UT.
But it would be a nice feature.
Well the "host name" based forwarding for standard HTTP is handy.
That said, Proxy functionality, reverse or otherwise, IMHO, should be OFF the gateway. It's just too darn intense. So simple to manage separately, forward the port to the proxy and go from there. With VMs in the mix it's even easier. Why add that complexity to the Untangle product?
I've already lost that argument, it seems we're getting a caching proxy for Untangle in 8.0...
I love "Host name" based forwarding.
But in my environment it is better to have a separate VM handling the Proxy feature.
But with just 2 or 3 sites with a small load it would be handy.
I did not know that Caching Proxy feature was publicly announced. ;)
There are so many new things coming in 8.0 we've been waiting on I've lost track of what is and isn't announced anymore. I just hope they take their time with it... we don't need another 7.4. Having OpenVPN fall on its face was just embarrassing the whole way around.
Hopefully the Alpha and Beta testing will go on for a longer period this time.
And that "test-upgrades" are available as well.
The problem with the OpenVPN was that the patch was coming from 8.0 and not a 7.4 box..
But hopefully we (as in we in the community testing team) will do our part and find all bugs.
But with all the new functions it is easy just to focus on them ;)
Yeah, this go around we need to divide up the interface, and go through everything one button at a time and make sure all those input boxes still do what they are supposed to.