[SOLVED] Opening part of the WAPT server to the outside

Questions about WAPT Server / Requests and help related to the WAPT server
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
guestben321
Messages: 23
Registration: Nov 30, 2021 - 4:38 p.m.

January 25, 2024 - 3:47 PM

Hello,

I'm looking for a way to securely make the WAPT server accessible from the outside.

Currently, it's only accessible via local network or VPN. I was wondering if it's possible to make it accessible from the outside so I can push packets to machines that aren't connected to my local network.

Is it possible to make part of it accessible from the outside so client machines can update, without exposing, for example, the console to external access?

Has this been done before? What are the best methods? Is it a very bad idea?

Thank you. :)
WAPT Server Enterprise edition, version: 2.6.0.16552
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

January 25, 2024 - 4:30 PM

Hi Benoit,

with version 2.5, the server now requires client certificate authentication on all endpoints except the login/register. If you have enabled Kerberos authentication for the register, you should be able to expose it to the internet without any problems.

If you plan to use a reverse proxy, you must configure it in stream mode (i.e., the reverse proxy only tunnels the connection to the WAPT server) because it is the TLS endpoint that must perform the client certificate authentication.

Regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Locked

Return to "WAPT Server"


  • To go further with WAPT