cancel
Showing results for 
Search instead for 
Did you mean: 
Security Alert Log4j Security Vulnerability. Click here to know more.
cancel
Showing results for 
Search instead for 
Did you mean: 

Questions about external access via Reverse Proxy

CHASEONHO
18-Opal

Questions about external access via Reverse Proxy

Good morning i'm SeonHo

 

i have question about external access ..

 

Windchill is said to be web-based.
Web-based means that you can access from outside if you have a valid account or privilege.


However, it can only be accessed within the network where the Windchill installed server is located.
In order to allow external access, all of the firewalls are released, port 80 is opened, and port forwarding is set to internal IP installed with Windchill.


When you access Windchill, the PTC logo and login pop-up appear, but after logging in, an error is displayed and you can not access Windchill.


I tried external access through a reverse proxy, but this was also possible only on the internal network.
I would like to access Windchill even when using an external network due to my business trip, not my internal network.


Let me know how to configure it


Please tell us which section of the document you need to refer to or how to access it externally.

 

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions

  • First, it need two Windchill for reverse proxy configuration?

 No, only an Apache server in the DMZ. It's the reverse proxy.

 

  • Second, Windchill was configured reverse proxy in DMZ and point it inside the original Windchill?

 I don't understand this question , but the reverse proxy configuration is done ... on the reverse proxy,  in the DMZ.
It does the URL rewrite job, changes the server name between internet and the intranet, and eventually the port number.

  • Third, should you use HTTPS only to allow external access with a reverse proxy configuration? Is that correct?

Yes, it's wiser. Not mandatory but wiser
First, for safety. HTTP is not safe at all...
Second, if you need to access to applets ( admin task) you need to setup RMI tunelling, and HTTPS is a prerequesite to this.

  • Finally, where does ProxyPassReverse or ProxyPass work? Is ProxyPass the original Windchill? Or is Windchill with a reverse proxy configuration?

On the reverse proxy server. 

View solution in original post

11 REPLIES 11

Hi,

Yes, reverse proxy is the solution.

The main reason lies in the way PDMLink generates URLs.

These URLs use the internal name of the server, so they can't be used on an extranet...

If it doesn't work, something's wrong in yout configuration !


Documentation : http://support.ptc.com/help/windchill/wc110_hc/whc_en/index.html#page/Windchill_Help_Center%2FWCAdvD...

 

 

 

 

Thanks  olivierfresse

 

I'll give you some confirmation, let me know if I'm right.

 

First, it need two Windchill for reverse proxy configuration?

 

Second, Windchill was configured reverse proxy in DMZ and point it inside the original Windchill?

 

Third, should you use HTTPS only to allow external access with a reverse proxy configuration? Is that correct?

 

Finally, where does ProxyPassReverse or ProxyPass work? Is ProxyPass the original Windchill? Or is Windchill with a reverse proxy configuration?

 

 

thank

 

  • First, it need two Windchill for reverse proxy configuration?

 No, only an Apache server in the DMZ. It's the reverse proxy.

 

  • Second, Windchill was configured reverse proxy in DMZ and point it inside the original Windchill?

 I don't understand this question , but the reverse proxy configuration is done ... on the reverse proxy,  in the DMZ.
It does the URL rewrite job, changes the server name between internet and the intranet, and eventually the port number.

  • Third, should you use HTTPS only to allow external access with a reverse proxy configuration? Is that correct?

Yes, it's wiser. Not mandatory but wiser
First, for safety. HTTP is not safe at all...
Second, if you need to access to applets ( admin task) you need to setup RMI tunelling, and HTTPS is a prerequesite to this.

  • Finally, where does ProxyPassReverse or ProxyPass work? Is ProxyPass the original Windchill? Or is Windchill with a reverse proxy configuration?

On the reverse proxy server. 

thank you for answering.
Is "Apache Server" referring to the software you download from Oracle?
Or is it referring to PSI's http server?

The PSI one !

I only need to install an http server from an independent component, right?

Th easiest is to install Apache from PDMLink's installer, no need to download another one

thank you!

i'll try set reverse proxy

hariharan
5-Regular Member
(To:CHASEONHO)

Not able get the end result.

Hi,

 

If you cannot get the same result as a result of configuring a reverse proxy, we recommend configuring a VPN.
Since one additional PC is required for the reverse proxy configuration, we have succeeded in external access using a router that supports VPN.

 

Alternatively, you can accept external access using external IP and port forwarding.
However, if you use an external IP, it is vulnerable to attacks such as ransomware, so please take note of this and work.

 

Regards.

hariharan
5-Regular Member
(To:CHASEONHO)

Hi,

yes of course using vpn, but I need to use with the reverse proxy only, any one can reply on this..

All the configurations are done but if i log in the wc app server automatically host id is changing and getting the Internal server error.

 

regards,

Hariharan.

Announcements