简短的问题:
如何设置具有外部目的地和内部目的地的本地和外部DN。
使用的Technologie:
- 网站在IIS本地DNS中托管
- 在Windows Server
- 外部DNS中,通过CPANEL
- 使用Azure应用程序代理内部说明外部的桥梁
:
我制作了一个模式,请参见图像。
- EntrePrisename.com:网站由某人在外部托管。
- site1.entreprisename.com:
包含一些基本网页。 https://entreprisename.com 引用。使用HTML。
url site1.entreprisename.com尚未存在,其托管在
- site2.entreprisename.com:
仅在本地 / VPN可用。与https。
url site2.entreprisename.com尚不存在。当前托管在 https://site2.entreprisename.local.local ,但是HTTPS在抱怨。
它不干净,应在site2.ent2.entreprisename.com
下a>实际上应该是 https://site1.entreprisename.com 。
假设我在Azure中添加了一个自定义域名,并正确配置了应用程序代理。下一步是添加某种DNS ...
当我尝试在本地DNS中添加Foward查找区域“ EntrePrisename.com”。
我们的外部网站“ EntrePrisename.com”在本地没有工作,因为EntrePrisename.com(正常,在Tuged Haha ...)上的所有内容都是
实际的问题
,因此如何确保满足这3个孔子:
-
内部请求到site1.entreprisename.com,但在外部也可以加入(带有AAD App代理连接器)
-
内部请求也可以通往site2.entreprisename.com(仅在本地可行)。
。
-
假设site1加载脚本,例如< script src =“ js/potagy.js”></script>
因为 https://entreprisename.com with Iframe对Site1有参考。
EntrePrisename.com会尝试加载Realtive脚本JS/Potato.js吗?
显然,我们想防止这种情况发生。
Short question:
How to setup a local and external dns that have an external destination and a internal destination.
Technologie used:
- Websites are hosted in IIS
- Local DNS is in Windows server
- External DNS via CPanel
- using Azure Application proxy for the bridge external to internal
Explanation:
I've made a schema, see image.
- entrepriseName.com: website hosted externally somewhere by somebody.
- site1.entrepriseName.com :
Contains some basic webpages. Which are referenced by https://entrepriseName.com. With html .
url site1.entrepriseName.com is not existing yet, and its hosted under https://site1-entrepriseName.msappproxy.net
- site2.entrepriseName.com :
Availaible ONLY locally / vpn. With https.
url site2.entrepriseName.com is not existing yet. currently hosted on https://site2.entrepriseName.local, but https is complaining.
And its not clean, should be under site2.entrepriseName.com
https://site1-entrepriseName.msappproxy.net should in reality be https://site1.entrepriseName.com.
Assuming I added a custom domain name in azure and configure the app proxy correctly. The next step would be to add some sort of dns...
When I tried to add a foward lookup zone "entrepriseName.com" in the LOCAL dns.
Our external website "entrepriseName.com" didn't work locally, as everything with entrepriseName.com (which is normal, after tought haha...)
Actual Question
So how respect make sure that these 3 conditons are met:
-
Internal request route to site1.entrepriseName.com but is also accesible externally (with AAD app proxy connector)
-
Internal request an also route to site2.entrepriseName.com (only avalaible locally).
-
Lets say that site1 load a script like <script src="js/potato.js"></script>
Since https://entrepriseName.com have reference to site1 with iframe.
Will entrepriseName.com attempt to load the realtive script js/potato.js?
Obviously we want to prevent this from happening.
发布评论
评论(1)
•因为您的组织拥有域'Enterprise.com',因此具有内部AD DNS服务器设置为其,对于'site1.enterprisename.com',您将必须在内部DNS服务器中创建“ A”主机记录应用程序“ site1.enterprisename.com”将被重定向到内部以及类似地,'a'DNS主机记录也需要在公共DNS服务器中创建,其中'Enterprisename.com'域已注册了因此,任何外部(通过Internet)请求将正确路由到外部面向应用程序主页。此外,您需要 将有条件的转发配置为域内DNS服务器上托管的域的公共IP地址将其重定向到公开托管的DNS记录,并通过该记录到该应用程序。
•此外,由于 aad应用程序代理连接器是一种同步,请求转发软件要安装在成员服务器上,该软件在Azure中同步该应用程序的数据库以及在本地运行并转发该应用程序的数据库通过它指向Azure的请求, 带有CN' .enterPrisename.com'的通配符证书或带有CN'site1.enterPrisename.com'where site1'的SSL HTTPS证书是使用此子域托管的应用程序的名称应安装在服务器上*在本地环境中运行该应用程序以及在服务器的个人证书存储中安装应用程序代理连接器的成员服务器。通过这种方式,您可以在内部和外部配置应用程序“ site1.enterprisename.com”。
注意: - 安装应用程序代理连接器的成员服务器应是专门的应用程序农场本身的一部分,以便安装在其上的证书授权并将应用程序服务器确定为有效。
•要将内部请求路线配置为'site2.enterprisename.com'仅可用本地,您将需要创建一个'a'a'a''''''''''''''主机DNS DNS记录在内部DNS服务器中,删除在内部DNS服务器中为外部(通过Internet)(通过Internet)配置的条件转发。另外,请删除'a'主机记录 'site2.enterprisename.com'如果在公共DNS服务器中创建了“ internet”路由和重定向完全禁用。这将确保仅在本地Intranet中提供应用程序“ site2”。另外,请注意,如果要管理内部服务器中子域的多种类型的DNS记录,则可以在内部DNS服务器中使用子域(应用程序)的FQDN创建DNS区域>。
注意: - 您可能需要在服务器上编辑和配置'hosts'文件,托管'site2'应用程序以及'site1'应用程序包括应用程序(子域)fqdn ,以便服务器与单个主机名记录一起响应网络请求托管的应用程序。
•如果'Potato.js'脚本被配置为加载'https://enterprisename.com'网站,则该脚本一定会加载,但是如果参考'site1'与'iframe',在引用站点地址时,则'site1'引用“ site1”的fqdn 必须在初始化和启动过程中从网站代码中删除,并替换为网站本身的代码,即https://enterprisename.com'。
• Since, the domain ‘enterprise.com’ is owned by your organization and thus has an internal AD DNS server setup for it, for the ‘site1.enterprisename.com’, you will have to create an ‘A’ host record in the internal DNS server for the requests to the application ‘site1.enterprisename.com’ to be redirected to internally as well as similarly, ‘A’ DNS host record also need to be created in the public DNS server where ‘enterprisename.com’ domain is registered so that any external (over the internet) requests are routed correctly to the externally facing application homepage. Also, you need to configure conditional forwarding to the public IP address of the domain hosted on the public DNS server in the internal DNS server of your domain environment for any internal requests to redirect to the publicly hosted DNS records and through it, to the application.
• Also, since the AAD application proxy connector is a syncing and request forwarding software to be installed on the member server that syncs the database of the application in Azure as well as that running on-premises and forwards the requests directed to Azure through it, a wildcard certificate with the CN ‘.enterprisename.com’ or a SSL HTTPS certificate with the CN ‘site1.enterprisename.com’ where ‘site1’ is the name of the application hosted with this subdomain should be installed on the server* running the application in on-premises environment and on the member server where the app proxy connector is installed in the personal certificate store of the server. In this way, you can configure the application ‘site1.enterprisename.com’ to be accessed internally as well as externally.
Note: - The member server where the app proxy connector is installed should be dedicatedly a part of the application farm itself so that the certificate installed on it authorizes and identifies the application server as valid.
• To configure the internal request route to ‘site2.enterprisename.com’ available only locally, you will need to create an ‘A’ host DNS record in the internal DNS server for it and remove the conditional forwarding configured in the internal DNS server for the externally (over the internet) available website of the application. Also, remove the ‘A’ host record for the ‘site2.enterprisename.com’ if created in the public DNS server for the ‘over the internet’ routing and redirection to disable completely. This will ensure that the application ‘site2’ is available only in the intranet locally. Also, note that, if you want to manage multiple types of DNS records for a subdomain in the internal server, then you can create a DNS zone with the FQDN of the subdomain (application) in the internal DNS server.
Note: - You may want to edit and configure the ‘hosts’ file on the server hosting the ‘site2’ application as well as the ‘site1’ application to include the application (subdomain) FQDN so that the server responds to network requests for the application hosted on it along with individual hostname records.
• If the ‘potato.js’ script is configured to load when the ‘https://enterprisename.com’ website is requested, then that script will surely load up but if the reference ‘site1’ is with ‘iFrame’, when referencing to the site address, then the ‘site1’ referencing to the FQDN of the ‘site1’ have to be removed from the website code during initializing and startup and replaced with that of the website itself, i.e., ‘https://enterprisename.com’.