I would like to allow my users to access the quarantine page from the internet (not just the intranet).
"somewhere" I've read, that one shouldn't expose the entire webgui/api to the wild internet, and only restrict access to the actual quarantine. (unfortunately I cannot find that reference any more; maybe it was in the Admin Guide, maybe it was in the LinuxMagazin article.)
so, i've setup PMG in a way that only port:25 is publicly available, and configured our webserver to act as a reverse proxy for the PMG.
to keep things concise, i would like to add the quarantine to an already used VHOST (that is `mail.example.com` which serves as an interface to all things related to mail over https: webmail, quarantine,...)
however, it is a bit unclear, which parts of the webgui must be proxied.
i started with `/quarantine` but this doesn't give me a fully functional site (all the js is missing! all the css to make it viewable...).
so i ended up proxying with something like the following (apache2 rewrite rules):
now i have the following issues/questions:
- are these redirects enough? am i missing something? (all tests seem to work nicely, but you never know...)
- opening up `/api2/` seems like the defeating the entire idea of using a proxy to restrict the access to the PMG
"somewhere" I've read, that one shouldn't expose the entire webgui/api to the wild internet, and only restrict access to the actual quarantine. (unfortunately I cannot find that reference any more; maybe it was in the Admin Guide, maybe it was in the LinuxMagazin article.)
so, i've setup PMG in a way that only port:25 is publicly available, and configured our webserver to act as a reverse proxy for the PMG.
to keep things concise, i would like to add the quarantine to an already used VHOST (that is `mail.example.com` which serves as an interface to all things related to mail over https: webmail, quarantine,...)
however, it is a bit unclear, which parts of the webgui must be proxied.
i started with `/quarantine` but this doesn't give me a fully functional site (all the js is missing! all the css to make it viewable...).
so i ended up proxying with something like the following (apache2 rewrite rules):
Code:
RewriteRule ^/(quarantine|proxmox.*) https://pmg.local:8006/$1 [P,L]
RewriteRule ^/((api2|pve2|fontawesome)/.*) https://pmg.local:8006/$1 [P,L]now i have the following issues/questions:
- are these redirects enough? am i missing something? (all tests seem to work nicely, but you never know...)
- opening up `/api2/` seems like the defeating the entire idea of using a proxy to restrict the access to the PMG