@travisdh1 said in SSL between a proxy and its target:

@Dashrender said in SSL between a proxy and its target:

@dafyre said in SSL between a proxy and its target:

@scottalanmiller said in SSL between a proxy and its target:

Never had to do that. Seems like a script to pull it from time to time might be enough, though?

Set up a passwordless scp of the /etc/letsencrypt (or /etc/certbot?) folder from the proxy to the internal machine?

Any security risk to this? I don't know anything about it - I just see passwordless and have to ask.

It's industry standard public/private key encryption, so shouldn't be an issue.

You should go read up on SQRL. In my not so humble opinion, passwords have long outlived the point where they are a useful security mechanism.

I'm fully aware of SQRL - I asked Scott on Day one of ML if he would support it when it became available, sadly it's still not released to the wild 😞

I might put this on my project list one of these days.

@jt1001001 said in SharePoint reverse proxy replacement for MS ForeFront UAG:

@JaredBusch no just Godaddy certs so far. You probably found the same blog posts I did:
http://blog.ganser.com/automate-lets-encrypt-certificate-renew-and-deployment-to-kemp-loadbalancer/

I did not find that one, and it is exactly the right thing.

I can update my cron to call a script instead of certbot renew and then have it use the Kemp API to push the cert after a renew.

So now on to setting up multiple certs per virtual service. read a post that I couldn't. if I can't this gets harder too.

Because LE on IIS still is not pretty.

@jt1001001 said in ForeFront UAG trunks stopped working:

We are loking at replacing our ForeFron UAG for Skype for Business reverse Proxy with Kemp Load balancers; they provide a Sharepoint config guide:
https://support.kemptechnologies.com/hc/en-us/articles/203123539-SharePoint

They offer a free Load Balancer VM if you dont' need too much bandwidth:
http://freeloadbalancer.com/features/

I unfortunately am not part of the project team designing and implementing the Kemp solution so I can't tell you much about its capabilities YET

Thx for mentioning it. Unfortunately, we have some confidential (and up) data on our SharePoint. A third party reverse proxy might (in theory) copy the data using the users session. I'm not saying that Kemp is doing this, but on the other hand ... gov'd firmware on Cisco devices.

@coliver said in Problems with Exchange 2010 and NginX reverse proxy:

@JaredBusch said in Problems with Exchange 2010 and NginX reverse proxy:

[10:54 jbusch ~]$ sudo dnf copr enable a15/NGINX-extras [sudo] password for jbusch: You are about to enable a Copr repository. Please note that this repository is not part of the main Fedora distribution, and quality may vary. The Fedora Project does not exercise any power over the contents of this repository beyond the rules outlined in the Copr FAQ at <https://fedorahosted.org/copr/wiki/UserDocs#WhatIcanbuildinCopr>, and packages are not held to any quality or security level. Please do not file bug reports about these packages in Fedora Bugzilla. In case of problems, contact the owner of this repository. Do you want to continue? [y/N]:

Well at least you are adequately warned.

That was on my Fedora 25 (Korora) desktop. SO I know I cannot install it anyway.

If the above is your problem, then you should look at a different solution. @scottalanmiller's current favorite is MeshCentral.

It is not as good as ConnectWise Control yet, IMO, but close.

@johnhooks said:

semanage port -m -t http_port_t -p tcp 4567

I had to add semanage first but then it worked.