Posts made by daymickcorr

daymickcorr

@theopenem_admin
It seems like ProvisionAuth.cs In toec api validates the uri it also looks like it for intercom.
I'm pretty sure that why i'm not getting pushed remotely correctly, i asked the reverse proxy to change the uri for what the toec api is waiting for but the toec api is not accepting the change, like if it was not reading my new http header, i'm pretty sure those 2 controllers needs to have reverse proxy support added

daymickcorr

@theopenem_admin

daymickcorr

@theopenem_admin

I've added a rule to rewrite the hostname in the reverse proxy i'm still getting the same issue

what certificate does the toec client need intermediate ?

daymickcorr

@theopenem_admin

on the toec api i'm recieving these error messages

daymickcorr

@theopenem_admin
It's strange it tells me back that the certificates are invalid and it is giving me again the authorization issue, i'm reinstalling the certificates on both app and com server

daymickcorr

@theopenem_admin FrontEnd.log

Ok the app server contains the remotely files and the folder does not sync with the com server

daymickcorr

@theopenem_admin
Remotely has had a strange issue the installation failed on the client
When I try to run the deployment command manually I get this application cannot be executed on your pc and the installer weighs 0 bytes.

I'm going to check on the remotely side I saw that there was a cors setting, How would i redeploy the remotely ?

daymickcorr

@theopenem_admin
Ok I installed the bad intermediate certificate, sorry I'll update soon about remotely

daymickcorr

@daymickcorr

daymickcorr

@theopenem_admin yes I can upload the certs if you want
I have generated the certificates with the public name set for the com server I don't know if this changes something

daymickcorr

@theopenem_admin
This is way more information thank you, it's really appreciated

ClientApi.log

Also I had an issue with a .net core rest api where it would not support reverse proxies
I had used this information to add the support and it worked, maybe you could see some useful information

https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-5.0#configure-nginx

https://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-5.0

daymickcorr

@theopenem_admin Ok for toec the com api seems to refuse to allow toec, because of an authentification issue caused by the reverse proxy.
what kind of security is used on the rest api of the com server for it to need to have a specific origin ?

daymickcorr

@theopenem_admin I was going through logs and on toec before having com communications error I have ApiRequest - The Request Was Unauthorized Provision/ComConnectionTest/ the request does not appear on approval requests even with all approvals disabled I have the same issue

daymickcorr

@theopenem_admin
With the reverse proxy I cannot host directly the web server externally because i cannot validate let's encrypt certificates with the infrastructure, so I have to use self signed certificates and expose directly the servers with no middleware, I don't feel safe doing this because on the self signed certificates the certificate authority is private not public, so you can mitm the public toec clients .

Also watchguard, sonicwall etc all use reverse proxies now

daymickcorr

@theopenem_admin

I have done this

change com to local fqdn
enable remote acess
change com to public fqdn
change remote access url to public fqdn
intiliaize remote acess
enable remote access server from com cluster

the entry was added, after configuration.

toec tells me it cannot reach com, but app is able to reach com on public name.
with internal com and public remotely, toec tells me remotely cannot be validated

The reverse proxy I use is haproxy.

can you explain to me what is happening ? what the theopenem is trying to do to interact with each other.

I have tried inspecting with fiddler and on IIS observation I don't have any interactions and in the logs I have nothing. The documentation is not helping me

I use the reverse proxy so that all my hosted web servers goes out through 443 redirections are based on urls also the reverse proxy takes care of creating, assigning, renewing and distributing ssl certificates, I can also modify each transaction add monitoring authentication etc

daymickcorr

@theopenem_admin
no
the reverse proxy sends to http://local.fqdn:8000
remotely and com web services receive remote transactions as if they were local

the reverse proxy interacts with the web server and then sends back the info to the client

daymickcorr

@theopenem_admin yes

daymickcorr

@theopenem_admin
reverse proxy

daymickcorr

@theopenem_admin

daymickcorr

@theopenem_admin

It does not change the result

What allows to enable the remote access server is to change the com url to a local fqdn

I can add it if you wish

You see the error message Could Not Enable Remote Access for the Com Server ...?
Remotely is installed and i'm able to activate it but not with the pubilc domain