make quarantine page publicly available in a secure fashion

Sep 4, 2018
61
8
13
46
Austria
I would like to allow my users to access the quarantine page from the internet (not just the intranet).

"somewhere" I've read, that one shouldn't expose the entire webgui/api to the wild internet, and only restrict access to the actual quarantine. (unfortunately I cannot find that reference any more; maybe it was in the Admin Guide, maybe it was in the LinuxMagazin article.)

so, i've setup PMG in a way that only port:25 is publicly available, and configured our webserver to act as a reverse proxy for the PMG.
to keep things concise, i would like to add the quarantine to an already used VHOST (that is `mail.example.com` which serves as an interface to all things related to mail over https: webmail, quarantine,...)

however, it is a bit unclear, which parts of the webgui must be proxied.
i started with `/quarantine` but this doesn't give me a fully functional site (all the js is missing! all the css to make it viewable...).

so i ended up proxying with something like the following (apache2 rewrite rules):
Code:
RewriteRule ^/(quarantine|proxmox.*) https://pmg.local:8006/$1 [P,L]
RewriteRule ^/((api2|pve2|fontawesome)/.*) https://pmg.local:8006/$1 [P,L]

now i have the following issues/questions:
- are these redirects enough? am i missing something? (all tests seem to work nicely, but you never know...)
- opening up `/api2/` seems like the defeating the entire idea of using a proxy to restrict the access to the PMG
 

pasdif

Member
Dec 5, 2019
5
0
6
57
Same for me. It's important for final deploy to the customer. The user don't must access to the root application but only to ..../quarantine.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!