Operate GateOne behind Apache reverse proxy

Published by Tobias Hofmann on

1 min read

After installing GateOne on my Raspberry Pi 2 Debian system, I can log on to SSH via HTTP and browser. But only from my internal network, as the external accessible port is blocked by Apache. To add GateOne from outside, I either can disable Apache (no, won`t do it) or make GateOne accessible through Apache. I`ll use Apache as a reverse proxy for this.

Note: you`ll need Apache 2.4 for this, as GateOne uses Websocket for communication, and this is included only ootb with Apache 2.4.

Configuration

GateOne

I won`t use a subdomain for this example, so no new Apache virtual host will be use. This means that I have to use a URL prefix to access GateOne. The prefix is: /ssh. This must be configured in the GateOne configuration file:

sudo vim /opt/gateone/server.conf

Change the parameter url_prefix and restart GateOne

url_prefix = "/ssh"

To be able to access GateOne from external, the URL of the external server must be added to origin. In my case, this means that www.itsfullofstars.de is added.

origins = "https://www.itsfullofstars.de:8081;http://127.0.0.1;http://localhost

Apache

To make use of Apache as a reverse proxy, first the modules must be enabled. You can do this with a2enmod. Add also the web socket module

sudo a2enmod proxy_wstunnel
sudo a2enmod proxy_http

Edit the apache configuration to add a reverse proxy for /ssh. Do this for HTTP and WS. In case GateOne listens on TLS, do this for HTTPS and WSS.

ProxyPass /ssh ws://127.0.0.1:9080/ssh
ProxyPassReverse /ssh ws://127.0.0.1:9080/ssh
ProxyPass /ssh http://127.0.0.1:9080/ssh
ProxyPassReverse /ssh http://127.0.0.1:9080/ssh

Restart Apache.

sudo service apache2 restart

Now its possible to access GateOne through /ssh from external.

Let the world know
Categories: Raspberry PiTechnology
Tags:

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

1 Comment

PaceyIV · March 27, 2017 at 18:09

Can you check if you see the strange behavior that I reported here https://github.com/liftoff/GateOne/issues/661?

Reply

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SAP Technology

Access to S/4HANA tutorials

5 min readQuick Tour is a feature from the FLP and part of user assistance. It can add tremendous value and is also featured in the SAP Learning course: Learning the Basics of SAP Fiori. Read more…

SAP Technology

Where is BAS 3.0?

3 min readRecently I faced a problem with SAP Business Application Studio. For solving it, I used Google. And I found an SAP Note: 3030549. The note contains a section about the affected products. Of Read more…

SAP Security

API first – Account enumeration as a service

7 min readAttention: SAP changed the service. To find out if a user is valid, you have to add check at the end. Verify was replaced by check. The url is now: https://core-api.account.sap.com/uid-core/employee/<id>/check In my Read more…