S
S
Scarrr2020-08-26 12:16:36
Apache HTTP Server
Scarrr, 2020-08-26 12:16:36

How to set up a connection to a terminal server through the RDG gateway behind reverse proxy Apache (NethServer)?

I set up a terminal server (2012) 192.168.23.127 via RDS on it. Everything works fine if 80 and 443 are forwarded to the terminal server and out through the router or directly.
Further, the task is to get it behind the gateway (specifically the NethServer server), since there are many web servers, services and a reverse proxy is configured. All services work, let's say chat.company.ru, with the exception of the terminal .... at first everything worked every other time / 3 times with the settings below: if you connected and stupidly stopped after a week ....
Settings:
I dug, the problem is local and for this the mod_proxy_msrpc.so module will be connected, which was compiled according to the instructions for RD requests "OutlookAnywherePassthrough On" ... and the corresponding setting:

VirtualHost *: 443
ServerName remote.company.ru/rdweb
LoadModule proxy_module /etc/httpd/modules/mod_proxy.so
LoadModule proxy_http_module /etc/httpd/modules/mod_proxy_http.so
LoadModule proxy_msrpc_module /etc/httpd/modules/mod_proxy_msrpc.so
ProxyRequests on
ProxyPreserveHost on
ProxyPass / https://192.168.23.127
ProxyPassReverse / https://192.168.23.127

SSLEngine on
SSLProxyEngine on
RequestHeader set Front-End-Https "On"

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
OutlookAnywherePassthrough On
SSLCertificateFile /etc/letsencrypt/live/remote.company.ru/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/remote.company.ru/privkey.pem
/VirtualHost

VirtualHost *:80
ServerName remote.company.ru

ProxyPreserveHost On
ProxyPass / 192.168.23.127
ProxyPassReverse / 192.168.23.127
/VirtualHost

The SSL bridge is enabled in the gateway settings: HTTPS-HTTP bridge (without it, nothing is available outside)

At the same time , https://remote.company.ru/rdweb , https://remote. company.ru/rdweb/webfeed
but does not let you into applications (swears at the wrong password) if you do it with Win clients and incorrect gateway settings on android ...
Certificates are thrown and the server (converted to PFX from the gate, which receives from letsencrypt) Tell me

if you have any ideas.
Thank you.
If it's a little chaotic, then I'll try to be more detailed and log if required.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Andrey Barbolin, 2020-08-26
@dronmaxman

What for to you to thrust RDP on the 443rd port?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question