External access: Using port forwarding
With this method you can create and register a domain name that is available for your users from the internet (e.g. https://intranet.yourcompany.com). The DNS entry for this domain name will point to your network's public gateway. Your network administrator can then configure the firewall to forward all requests for that URL directly to your internal ThoughtFarmer server. It is highly recommended that you purchase an SSL certificate for this and redirect all non-SSL requests to the secure https URL.
Advantages
- This is the easiest way for users to access your intranet externally.
- This is the easiest method to configure and does not require any architecural changes to your current server setup.
Disadvantages
- This is the least secure method.
While this is the least secure method from a network standpoint, ThoughtFarmer as an application has been designed and tested against XSS, CSRF, SQL Injection, and other attacks.
Recommended steps for configuring port forwarding
- Get the external IP address for the network that your ThoughtFarmer server is set up on.
- Register a public domain name for your intranet (e.g. yourcompany.com) using the service provider of your choice. If you already have a domain registered skip this step.
- Choose a full URL for your intranet (e.g. intranet.yourcompany.com).
- Purchase an SSL certificate for the chosen URL from the service provider of your choice. You can also purchase a wildcard SSL (e.g. *.yourcompany.com) or use one if already purchased.
- Contact the Administrator for the registered domain name and add an A-record for your chosen intranet URL to point to the IP in step number 1.
- Install the SSL certificate on the ThoughtFarmer server.
- Configure an SSL binding on your ThoughtFarmer instance.
- Set up a redirect for all http traffic to go to https (you can specify a different URL than your internal users).
- Set up port forwarding on the network firewall to point all port 80 (http) and port 443 (https) traffic for the intranet URL to the internal IP of the ThoughtFarmer server.
Comments
0 comments
Please sign in to leave a comment.