Remote Desktop Gateway via Reverse Proxy
-
Hi,
I'am short of port 443, is there any way to use the SQUID Reverse Proxy in conjunction with the MS RDP TS GW (RPC over HTTPS)?
Thanks
Henri
-
Yes, it can be done
I did that a few years ago but unfortunately I don't have that config anymore (I replaced squid with HA proxy and removed the RDGW) )so I can't give you a complete config.
My scenario was built for a single external IP scenario (ADSL from ISP)
I did create a few different hostnames like www.example.com, Mail.example.com and rdgw.example.com. All of them resolving to the same IP (thanks to the DDns client in PFsense)
In Squid I created rules based on the hostname and forwarded that traffic to the right backend system. Since the routing is based on hostname, all services can use 443 from the client to the firewall -
Thanks a lot,
unfortunately I get this kind of messages :-[.
Thanks
Henri
Date IP Status Address User Destination
26.05.2017 13:21:31 5.x.x.x TAG_NONE_ABORTED/000 https://tsgw.example.com/rpc/rpcproxy.dll? - -
26.05.2017 13:21:31 5.x.x.x TCP_MISS_ABORTED/000 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:16 5.x.x.x TCP_MISS/200 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:16 5.x.x.x TCP_MISS/200 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:16 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:16 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:16 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:15 5.x.x.x TCP_MISS/401 https://tsgw.example.com/rpc/rpcproxy.dll? - 10.43.23.50
26.05.2017 13:21:15 5.x.x.x TCP_MISS/404 https://tsgw.example.com/remoteDesktopGateway/ - 10.43.23.50 -
I'm sorry that I can't help you more with squid.
I did dig through my old backups but no luck.even if it's a little-off topic:
I did find an old 2008/TSGW virtual machine though so I just had to test to set up a TSGW behind HAproxy. That worked.I know got a public certificate (Lets encrypt) with a san name for my TSGW, a hostname that points to the external IP of my firewall and a Haproxy config that forwards the traffic to the TSGW server on my DMZ.
For reference:
Ha proxy frontendACL
TSGW Host starts with: no tsgw.Example.comAction
Use Backend See below TSGWThe backend is even easier, just a server list
active TSGW Address+Port: 192.168.5.2 443 yes -
Hi Mats,
thanks at lot, ok I will switch to HApoxy, if that works better.
Best regards
Henri