RangerMSP Business Automation for successful ITs

Go Back   RangerMSP Forums > Community Sharing Center > Online Services

Thread Tools Search this Thread
April 10th, 2017, 07:35 AM
Posts: 1

We run CommitCRM web server (nonSSL) on default port (4961) and I am trying to add Apache reverse proxy to allow secure access to CommitCRM for clients via webserver.

Main reasons for it:
1. Secure the traffic.
2. don't expose CommitCRM server (running on Windows) to the internet.

As you can imagine I failed with the hask.

with my current setup it keeps the server name but changes port number to 4961. Not sure if this is something that configured wrongly on Apache or CommitCRM Web App overwrites it.

I just wonder if anyone tried it and been more successful or anyone can help with it.

my setup is:
CommitCRM server

Proxy server
CentOS release 6.8 (Final)

Config file

<VirtualHost *:443>
ServerName myserver.co.uk

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/httpd/ssl/commit/2_myserver.uk.crt
SSLCertificateKeyFile /etc/httpd/ssl/commit/myserver.co.uk.key
SSLCertificateChainFile /etc/httpd/ssl/commit/1_root_bundle.crt

ProxyRequests off
ProxyPreserveHost on
SSLProxyEngine on

Loglevel info
ErrorLog logs/myserver.co.uk_error.log
TransferLog logs/myserver.co.uk_transfer.log

ProxyPass /
ProxyPassReverse /

Header edit Location ^ https://myserver.co.uk/

April 10th, 2017, 07:55 AM
Support Team
Posts: 7,528
Thank you for posting and for providing all details.

Using a reverse proxy will most like not work. The system wasn't designed for it and as you can see it falls back to the configured port (4961).

With SSL you should use Microsoft IIS as the back end for the Web interface, unlike using it as a Windows service.

Visit Microsoft IIS as the Web Server for the Web Interface to learn all about how to configure it.

Hope this helps.
April 10th, 2019, 12:57 AM
Posts: 26
I also suggest that you use a UTM to protect the access to the CommitCRM Web server. I know there are brands like Ubiquiti Unifi series USG routers, Sonicwall, Fortigate, even the pFsense, can do GeoIP filtering and block access only to the client base that you have. That will significantly reduce threats in terms of breach of access to the web-facing server.
November 6th, 2020, 10:20 PM
Posts: 1
This post is so helpful.

All times are GMT -6. The time now is 10:14 PM.

Archive - Top    

RangerMSP - A PSA software designed for MSPs and IT Services Providers
Forum Software Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.