This section explains how to create a reverse proxy to protect the name and IP address of your Web server from being exposed to users, how to require SSL between the browsers and the reverse proxy, and how to require authentication to gain access to the Web server.
What You Need to Know |
Example |
Your Value |
|
---|---|---|---|
Name of the Identity Server cluster |
idpa |
______________________ |
|
DNS name of the Access Gateway |
lag.test.novell.com |
______________________ |
|
Web server information |
|
|
|
IP address |
10.10.16.16 |
______________________ |
|
DNS name |
digital.test.novell.com |
______________________ |
|
Names you need to create |
|
|
|
|
Reverse proxy name |
DigitalAirlines |
______________________ |
|
Proxy service name |
DA |
______________________ |
|
Protected resource name |
everything |
______________________ |
For more information, see |
In the Administration Console, click the
task.Click
, then click .Configure a reverse proxy:
In the idpa from the drop-down list.
section, selectIn the DigitalAirlines, then click .
section, click , specifyTo configure a proxy service, click
in the section, then fill in the following fields:Proxy Service Name: DA
Published DNS Name: lag.test.novell.com
Web Server IP Address: 10.10.16.16
Host Header: Select the
from the drop-down list.Web Server Host Name: digital.test.novell.com
On the Reverse Proxy page, configure a protected resource.
In the
section, click the name of proxy service (DA), then click the tab.In the everything, then click .
section, click , specifyFor the contract, select
.In the
section, examine the path. It should be set to /* to match everything on the Web server.Click
twice.On the Reverse Proxy page, enable SSL:
Select
.Select
.Select
.Select
, then click .Ensure that the certificate is selected, then click
.Click
until you return to the Access Gateway page.On the Access Gateways page, click
.Wait for the health status to turn green. If it doesn’t turn green, click the
icon to discover the cause.If the Access Gateway cannot connect to the Web server, verify the IP address of the Web server.
Use the ping command to verify that the Access Gateway can communicate with the Web server and the Identity Server.
Verify that the Access Gateway can resolve the DNS name of the Identity Server.
For other problems, see General Authentication Troubleshooting Tips
in the NetIQ Access Manager 3.2 SP2 Identity Server Guide.
Click the
task, then click .To test that the Access Gateway is protecting the Web server, open a browser and enter the following URL:
https://lag.test.novell.com:443/
The first page of the Web server is displayed. If you get an error, verify the following:
Check the times on the Access Gateway and the Identity Server. Their times need to be synchronized.
Verify that the browser machine can resolve the DNS name of the Access Gateway.